Test if sudoers.d is include in the main config

This commit is contained in:
Jeremy Gardais 2019-05-28 14:36:14 +02:00
parent c626de49d7
commit 929a6bde98
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
1 changed files with 21 additions and 0 deletions

View File

@ -11,6 +11,9 @@ DEBUG=1
USER_ID=$(id -u) USER_ID=$(id -u)
BACKUP_USER_LIST="backup backuppc" BACKUP_USER_LIST="backup backuppc"
SUDOERS_D_INCLUDE_LINE="#includedir /etc/sudoers.d"
BACKUP_SUDOERS_LINE_REGEXP="backuppc.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync" BACKUP_SUDOERS_LINE_REGEXP="backuppc.*ALL.*=.*(ALL:ALL).*NOEXEC:NOPASSWD:.*/usr/bin/rsync"
BACKUP_SUDOERS_LINE="backup ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync BACKUP_SUDOERS_LINE="backup ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync
backuppc ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync" backuppc ALL=(ALL:ALL) NOEXEC:NOPASSWD: /usr/bin/rsync"
@ -36,6 +39,21 @@ is_backup_user()
exit "${ERROR}" exit "${ERROR}"
} }
## ]]] ## ]]]
## Check if a line is present in main sudoers conf [[[
is_sudoers_line()
{
line_to_check="${1}"
if grep -q -- "${line_to_check}" /etc/sudoers
then
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} line is available in sudo configuration."
return "${SUCCESS}"
else
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG: Function is_sudoers_line() — ${line_to_check} was not found in sudo configuration."
return "${ERROR}"
fi
}
## ]]]
## Check if backup permissions are already set in sudoers.d [[[ ## Check if backup permissions are already set in sudoers.d [[[
is_backup_sudoers_line() is_backup_sudoers_line()
{ {
@ -84,6 +102,9 @@ fi
# Ensure the backup user is available # Ensure the backup user is available
is_backup_user "${BACKUP_USER_LIST}" is_backup_user "${BACKUP_USER_LIST}"
# Ensure sudoers.d is include in the sudoers main configuration
is_sudoers_line "${SUDOERS_D_INCLUDE_LINE}"
# Test if sudoers conf is already set # Test if sudoers conf is already set
if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}" if ! is_backup_sudoers_line "${BACKUP_SUDOERS_LINE_REGEXP}"
then then