Foundation for a scoped sudoers: route every genuine system-admin command (systemctl/ufw/ufw-docker/nft/apt/apt-get/pacman/sysctl/useradd/usermod/ service/wg/wg-quick/cscli/loginctl) through runSystem instead of raw sudo across 28 active scripts. runSystem is 'sudo "$@"' so this is byte-identical in every mode (safe on live installs) — it just collects all real-root use at one chokepoint that will define the eventual /etc/sudoers.d allowlist. Also: revert a crowdsec advice message the sweep wrongly rewrote (the admin types sudo, not runSystem), and give crontab_check_processor.sh the same startup bootstrap as the task processor — it runs standalone via cron and already used runFileOp/runFileWrite (undefined there), so it was silently broken; now it sources the helpers + docker-type config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
32 lines
1.1 KiB
Bash
Executable File
32 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
installDockerRootedCheck()
|
|
{
|
|
##########################################
|
|
#### Test if Docker Service is Running ###
|
|
##########################################
|
|
if [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
|
|
ISACT=$( (runSystem systemctl is-active docker ) 2>&1 )
|
|
if [[ "$ISACT" != "active" ]]; then
|
|
isNotice "Checking Docker service status. Waiting if not found."
|
|
while [[ "$ISACT" != "active" ]] && [[ $X -le 10 ]]; do
|
|
runSystem systemctl start docker | sudo tee -a "$logs_dir/$docker_log_file" 2>&1
|
|
sleep 10s &
|
|
pid=$! # Process Id of the previous running command
|
|
spin='-\|/'
|
|
i=0
|
|
while kill -0 $pid 2>/dev/null
|
|
do
|
|
i=$(( (i+1) %4 ))
|
|
printf "\r${spin:$i:1}"
|
|
sleep .1
|
|
done
|
|
printf "\r"
|
|
ISACT=`runSystem systemctl is-active docker`
|
|
let X=X+1
|
|
echo "$X"
|
|
done
|
|
fi
|
|
fi
|
|
}
|