Merge pull request #6 from bechampion/flightchecks

NOJ - Initial flight checks

.github/workflows/ci.yml

@@ -26,6 +26,6 @@ jobs:
         with:
           go-version: '1.22'
 
-      - name: Build
+      - name: Test
         run: |
-          GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build
+          make test

.github/workflows/release.yml

@@ -25,7 +25,7 @@ jobs:
 
       - name: Build
         run: |
-          GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -o gohip-${{ matrix.goos }}-${{ matrix.goarch }}
+          GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} make build
           RELEASE_VERSION=$(echo ${{ github.ref }} | tr -d 'refs/tags/v')
           echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
 

Makefile

@@ -14,9 +14,12 @@ push_tag:
 
 .PHONY: all delete_latest_tag recreate_tag push_tag
 
-build:
+build: test
 	go build -o gohip-$(GOOS)-$(GOARCH)
 
+test:
+	go test -v ./systemd ./others ./osdata ./types .
+
 install: build
 	mkdir -p $(DESTDIR)/usr/bin
 	cp gohip-$(GOOS)-$(GOARCH) $(DESTDIR)/usr/bin/gohip

build-aux/arch/gohip-bin/PKGBUILD

@@ -7,7 +7,7 @@ arch=('x86_64')
 url="https://github.com/bechampion/$_deb_pkgname"
 license=('GPLv3')
 groups=()
-depends=('iproute2')
+depends=('iproute2' 'clamav')
 makedepends=()
 checkdepends=()
 optdepends=()

build-aux/debian/control

@@ -2,6 +2,6 @@ Package: gohip
 Section: network
 Priority: optional
 Architecture: amd64
-Depends: iproute2
+Depends: iproute2,clamav-daemon,clamav-freshclam
 Maintainer: romain_gallet_at_gmail_com
 Description: gohip global protect vpn HIP script

checks.go

@@ -0,0 +1,12 @@
+package main
+
+import (
+	"errors"
+	systemd "github.com/bechampion/gohip/systemd"
+)
+
+func RunPreflightChecks() error {
+	clamavError := systemd.DefaultDbAgeCheck()
+
+	return errors.Join(clamavError)
+}

main.go

@@ -17,6 +17,11 @@ import (
 
 func logCommandAndArgs() {
 	command := os.Args[0]
+
+	if err := RunPreflightChecks(); err != nil {
+		log.Fatalf("%v", err)
+	}
+
 	args := strings.Join(os.Args[1:], " ")
 	file, err := os.OpenFile("command.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {

systemd/checks.go

@@ -0,0 +1,99 @@
+package systemd
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+)
+
+var clamavDbFile ClamavDbFile
+
+func init() {
+	clamavDbFile = ClamavDbFile{path: "/var/lib/clamav/daily.cld"}
+}
+
+type ClamavDbFile struct {
+	path string
+}
+
+func DefaultDbAgeCheck() error {
+	details, clamavError := GetClamConfDetails()
+
+	if clamavError != nil {
+		return clamavError
+	}
+
+	return DbConfigAgeCheck(details)
+}
+
+func DbFileAgeCheck(clamavDbFile ClamavDbFile) error {
+	hoursInWeek := 24 * 7
+
+	fi, err := os.Stat(clamavDbFile.path)
+
+	if err != nil {
+		return err
+	}
+
+	mtime := fi.ModTime()
+
+	hoursSince := int(time.Since(mtime).Hours())
+
+	if hoursSince > hoursInWeek {
+		return errors.New(fmt.Sprintf("virus definition is too old: %s is more than %d hours old (> 7 days)", clamavDbFile.path, hoursSince))
+	} else {
+		return nil
+	}
+}
+
+func DbConfigAgeCheck(details ClamConfDetails) error {
+	weekAgo := time.Now().Add(-time.Hour * 24 * 7)
+
+	tooOld := details.DailyCld.Before(weekAgo)
+
+	if tooOld {
+		return errors.New(fmt.Sprintf("virus definition is more than 7 days old: %s", details.DailyCld.String()))
+	}
+
+	return nil
+}
+
+type ClamConfDetails struct {
+	version  string
+	sigs     string
+	DailyCld time.Time
+}
+
+func GetClamConfDetails() (ClamConfDetails, error) {
+	cmd := exec.Command("clamconf")
+	var out bytes.Buffer
+	cmd.Stdout = &out
+	err := cmd.Run()
+	if err != nil {
+		return ClamConfDetails{}, errors.New(fmt.Sprintf("%v", err))
+	}
+
+	const layout = "Mon Jan 02 15:04:05 2006"
+	lines := strings.Split(out.String(), "\n")
+	re := regexp.MustCompile(`^daily.c[l|v]d: version (.*), sigs: (.*), built on (.*)`)
+
+	for i := range lines {
+		line := lines[i]
+		finds := re.FindStringSubmatch(line)
+
+		if len(finds) > 0 {
+			cd := ClamConfDetails{}
+			cd.DailyCld, _ = time.Parse(layout, finds[3])
+			cd.version = finds[1]
+			cd.sigs = finds[2]
+			return cd, nil
+		}
+	}
+
+	return ClamConfDetails{}, errors.New(fmt.Sprintf("Could not determine timestamp for daily.cld in clamconf output"))
+}

systemd/checks_test.go

@@ -0,0 +1,72 @@
+package systemd
+
+import (
+	"os"
+	"testing"
+	"time"
+)
+
+func TestFileIs7DaysOld(t *testing.T) {
+	clamavError := fileErrorCheck(t, time.Now().Add(-time.Hour*24*7))
+
+	if clamavError != nil {
+		t.Errorf("should not be old enough: \n\t%v", clamavError)
+	}
+}
+
+func TestDbConfigIsAlmost7DaysOld(t *testing.T) {
+	weekAgo := time.Now().Add(-time.Hour*24*7 + time.Hour)
+	details := ClamConfDetails{version: "1.0", sigs: "2.0", DailyCld: weekAgo}
+
+	err := DbConfigAgeCheck(details)
+
+	if err != nil {
+		t.Errorf("DailyCld should have been recent enough: \n%v", err)
+	}
+}
+
+func TestDbConfigIsOver7DaysOld(t *testing.T) {
+	weekAgo := time.Now().Add(-time.Hour*24*7 - time.Hour)
+	details := ClamConfDetails{version: "1.0", sigs: "2.0", DailyCld: weekAgo}
+
+	err := DbConfigAgeCheck(details)
+
+	if err == nil {
+		t.Errorf("DailyCld should have been too old")
+	}
+}
+
+func TestFileIsAlmost7DaysOld(t *testing.T) {
+	clamavError := fileErrorCheck(t, time.Now().Add(-time.Hour*24*7+time.Hour))
+
+	if clamavError != nil {
+		t.Errorf("should not be old enough: \n\t%v", clamavError)
+	}
+}
+
+func TestFileIsMoreThan7DaysOld(t *testing.T) {
+	clamavError := fileErrorCheck(t, time.Now().Add(-time.Hour*24*7-time.Hour))
+
+	if clamavError == nil {
+		t.Errorf("should not be old enough: \n\t%v", clamavError)
+	}
+}
+
+func fileErrorCheck(t *testing.T, when time.Time) error {
+	nowFilePath := "/tmp/now"
+
+	t.Cleanup(func() {
+		os.Remove(nowFilePath)
+	})
+
+	_, err := os.Create(nowFilePath)
+	if err != nil {
+		t.Errorf("%v", err)
+	}
+
+	os.Chtimes(nowFilePath, when, when)
+
+	clamavDbFile := ClamavDbFile{path: nowFilePath}
+
+	return DbFileAgeCheck(clamavDbFile)
+}

systemd/systemd.go

@@ -49,6 +49,7 @@ func GetClamDetails() (ClamDetails, error) {
 	cd.Year = strings.Split(cleanout, " ")[5][:4]
 	return cd, nil
 }
+
 func FindClamdProcess() ctypes.Prod {
 	cmd := exec.Command("ps", "aux")
 	var out bytes.Buffer