#!/bin/bash function version_is_supported() { # # Check if the version is supported # https://endoflife.date/ubuntu # today=$(date +"%Y-%m-%d") os_version=$(lsb_release -r | awk '{print $2}') case $os_version in 18.04) expiration_date="2023-05-31" ;; 20.04) expiration_date="2025-04-02" ;; 22.04) expiration_date="2027-04-01" ;; 22.10) expiration_date="2027-06-20" ;; *) expiration_date="2000-04" logger INFO "The version $os_version is not supported." res=1 ;; esac if [[ $expiration_date > $today ]]; then # The version supported res=0 else # The version not supported res=1 fi logger INFO "Version supported? $res" return $res } function system_is_up_to_date() { # # Check if the system is up to date # logger INFO "Checking if the system is up to date..." MAX_DAYS=30 APT_LOGS=/var/log/apt/history.log today=$(date +"%s") # Get the date of the last update from the apt history log file and convert it to seconds since 1970-01-01 00:00:00 UTC (epoch) last_update=$(date -d "$(grep Start-Date $APT_LOGS | tail -1 | cut -f 2 -d ' ' | sed -e 's/-//g')" +"%s") days_since_last_update=$(( (today - last_update) / 86400 )) if [[ $days_since_last_update -gt $MAX_DAYS ]]; then # The system is not up to date res=1 else # The system is up to date res=0 fi logger INFO "Days since last update: $days_since_last_update, Updated? $res" return $res } function firewall_is_enabled() { # # Check if the firewall is enabled # firewall_status=$(ufw status | grep Status | awk '{print $2}') if [[ $firewall_status == "active" ]]; then # The firewall is enabled res=0 else # The firewall is not enabled res=1 fi logger INFO "Firewall status: $firewall_status" return $res } function globalprotect_installed() { # # Check if the GlobalProtect client is installed # if [[ -f /opt/paloaltonetworks/globalprotect/globalprotect ]]; then # The GlobalProtect client is installed res=0 else # The GlobalProtect client is not installed res=1 fi logger INFO "GlobalProtect installed? $res" return $res } function check_full_disk_encryption_enabled() { # # Check if the full disk encryption is enabled # # if VIRTUAL is set to "virtual" then we are running in a virtual machine if [[ -n "$VIRTUAL" ]]; then # We are running in a virtual machine res=0 logger INFO "Running in a virtual machine. Full disk encryption bypassed." return $res else if [[ -f /etc/crypttab ]]; then # The full disk encryption is enabled res=0 else # The full disk encryption is not enabled res=1 fi logger INFO "Full disk encryption enabled? $res" return $res fi } function check_all() { version_is_supported \ && system_is_up_to_date \ && firewall_is_enabled \ && globalprotect_installed \ && check_full_disk_encryption_enabled return $? }