Latest available version: 23.07.18
Overview of the most recent updates to UNIX Health Check for Red Hat Enterprise Linux:
Version: 19.12.28
- Update to check script checkexports.sh to exclude entries in /etc/exports that are commented out.
Version: 19.12.23
- Update to check script checkall.sh to include the BIOS vesion and the BIOS release date in the system configuration section.
- New check script checkbios.sh to display the installed BIOS version and the BIOS release date.
Version: 19.12.21
- Update to check script checktemperature.sh to improve the output generated by the script.
Version: 19.12.20
- New check script checktemperature.sh to check the temperature of the system.
Version: 19.12.19
- Update to check script checkrpmv.sh to no longer report file mode differences on the /sys folder as suggested by rpm -Va.
- Update to check script checkntpdate.sh to account for a different format of output of the ntpdate command on Oracle Linux 6.10.
Version: 19.12.14
- New check script checkcryptoutils.sh to check if the crypto-utils package has been installed.
Version: 19.12.12
- Update to check script checkemcinq.sh to ensure the script doesn't hang when there is a faulty fibre channel adapter.
Version: 19.12.09
- Update to check script checkcrontabcommandsexec.sh to avoid reporting an error if a command within a crontab file starts with a non-alphanumeric character.
Version: 19.11.21
- Update to check script checksplunkthpdisabled.sh to ensure it works correctly in case RHEL versions 7 or higher are used.
Version: 19.11.13
- New check script checkirqbalance.sh to check if the irqbalance RPM is installed.
Version: 19.11.11
- Functionality of UNIX Health Check for RHEL 8.1 validated.
- Update to check script checketchosts.sh to recommend using DNS when there are many entries in /etc/hosts.
Version: 19.11.06
- Update to check script checkrpmqahistory.sh to ensure all entries are printed on individual lines.
- Update to check script checkrpmqa.sh to ensure the output is printed correctly.
Version: 19.10.24
- Update to check script checkrpmv.sh to exclude an additional item for Mozilla Firefox.
Version: 19.10.23
- Update to check script checkcrontabs.sh to improve excluding the root user from the list of users to check.
- Update to check script checksudoersusers.sh to exclude netgroups (starting with a plus sign) in /etc/sudoers.
Version: 19.10.22
- New check script checketchostsnohostname.sh to check for entries in /etc/hosts that only list the IP address, and no hostname.
- New check script checketchostsvsdns.sh to check for entries in /etc/hosts that are also known in DNS.
- New check script checketchostsequiv.sh to check if there are NO entries in /etc/hosts.equiv.
- New check script checketchostsduplicates.sh to check for more than 1 entry in /etc/hosts for the hostname.
- New check script checketchostscharacters.sh to check for any non alpha-numeric characters in /etc/hosts.
- New check script checketchostsdups.sh to list any duplicate entries in the /etc/hosts file.
- New check script checketchostsfile.sh to display the contents of the /etc/hosts file.
Version: 19.10.18
- Update to check script checkrpmqahistory.sh to correctly display the list of installed RPM packages.
- Update to check script checksudoprivilegeescalation.sh to avoid running it on CentOS and RHEL 8, as the script is not designed for these systems.
- Update to the description of check script checksharutils.sh to explain how to enable the PowerTools repo for CentOS 8.0, before installing the sharutils package.
- Update to check script checkyumutils.sh to ensure it works properly for CentOS 8.0.
- Update to the description of check script checkrsyslogforwarding.sh to explain that the rsyslog daemon needs to be restarted after updating the configuration file(s) for rsyslog.
Version: 19.10.13
- Update to check script checkoslevel.sh to recommend version 8.0 of CentOS.
- Update to check script checkneedsrestarting.sh to correct a typo in the dnf command.
- Update to check script checkcleanetcssh.sh to avoid reporting the /etc/ssh_config.d directory.
- Update to check script checkvarlogbtmpperms.sh to adjust the script for CentOS 8.0.
- Update to check script checketchostsallow.sh to adjust the script for CentOS 8.0.
- Update to check script checketchostsallowperms.sh to adjust the script for CentOS 8.0.
- Update to check script checketchostsdeny.sh to adjust the script for CentOS 8.0.
- Update to check script checketchostsdenyperms.sh to adjust the script for CentOS 8.0.
- Update to check script checklastlogperms.sh to adjust the script for CentOS 8.0.
- Update to check script checkl1tf.sh to adjust the script for CentOS 8.0.
Version: 19.10.12
- Update to check script checkvim.sh to print out the recommended version of vim to use.
- Update to check script checkyumconfperms.sh to adjust the script for CentOS 8.0.
Version: 19.09.18
- Update to check script checkoslevel.sh to recommend level 7.7.1908 (Core) of CentOS to be installed.
- Update to check script checkcleanetc.sh to exclude any files with the .rpmnew extension from being reported.
Version: 19.09.05
- Update to check script checkoslevel.sh to recommend version 7.7 of Red Hat Enterprise Linux, Oracle Linux and Scientific Linux.
Version: 19.09.04
- Update to check script checkswapminsize.sh to add a missing word in the output.
Version: 19.08.09
- New check script checkiotop.sh to check if the iotop package has been installed.
- New check script checkcrashkernel.sh to check for the crashkernel entry in /etc/default/grub.
- New check script checkcrash.sh to check for any kernel dumps present on the system.
- New check script checkkdumpctl.sh to check that the kdumpctl status command says that kdump is operational.
- New check script checketckdumpconfperms.sh to check the permissions, owner and group of /etc/kdump.conf.
- New check script checkkdump.sh to check that the kdump daemon is both started and enabled at system boot.
Version: 19.08.01
- Update to check script checkcleansystem.sh to remove checking folder /var/tmp, as that folder is already checked through check script checkvartmp.sh.
Version: 19.07.25
- New check script checkext2.sh to check for any ext2 file systems on the system.
- New check script checklostfoundsize.sh to check the size of the lost+found subfolders for XFS file systems.
Version: 19.07.23
- New check script checkmcelog.sh to check if mcelog reports any machine check exceptions (hardware errors).
- New check script checksystemctllistjobs.sh to check for any systemd unit jobs still running as listed by the systemctl list-jobs command.
- New check script checkgrub2cfg.sh to check if the GRUB2 configuration file /boot/grub2/grub.cfg has valid contents.
- New check script checkaudit.sh to check that the audit daemon is both started and enabled at system boot.
- New check script checkauditrules.sh to check that rules are indeed defined for the audit system.
- New check script checkauditperms.sh to check if the permissions of the /etc/audit folder are correctly set.
Version: 19.07.18
- New check script checkpermitemptypasswords.sh to check if the PermitEmptyPasswords entry in /etc/ssh/sshd_config is either commented out or set to no.
- New check script checksshpubkeyauthentication.sh to check if the PubkeyAuthentication entry in /etc/ssh/sshd_config is either commented out or set to yes.
- New check script checksshhostbasedauthentication.sh to check if the HostBasedAuthentication entry in /etc/ssh/sshd_config is either commented out or set to no.
- New check script checksshignorerhosts.sh to check if the IgnoreRhosts entry in /etc/ssh/sshd_config is either commented out or set to yes.
- New check script checksshmaxauthtries.sh to check if the MaxAuthTries entry in /etc/ssh/sshd_config is either commented out or set within the range 3 to 6.
- Update to check script checkctrlaltdel.sh to also include a check for the Systemd target ctrl-alt-del, to ensure it is disabled.
- Update to check script checkvim.sh to also display the recommended version of Vim to be upgraded to.
Version: 19.07.17
- New check script checketcsecurettyperms.sh to check the permissions of /etc/securetty.
- Update to check script checketcmotdperms.sh to also check the permissions of folder /etc/motd.d on a RHEL 8 system.
- New check script checkcleanetcssh.sh to check for any files in /etc/ssh that can be cleaned up.
- New check script checksshbanner.sh to check the Banner entry in sshd_config.
- New check script checkpuppetconf.sh to check the configuration of the Puppet agent.
- New check script checkpuppetconfperms.sh to check the permissions of /etc/puppet/puppet.conf.
- New check script checkpuppetenabled.sh to check if the Puppet agent is enabled to start at boot.
- New check script checkpuppetactive.sh to check if the Puppet agent is running.
Version: 19.07.16
- New check script checksplunkenabled.sh to check if the Splunk forwarder agent is enabled to start at boot.
- New check script checksplunkactive.sh to check if the Splunk forwarding agent is active.
- Update to check script checketchostsnonnumeric.sh to correct an issue with checking the correct IP address format, as awk acts differently on RHEL 6, compared to RHEL 7 and RHEL 8.
- New check script checkrsyslogforwarding.sh to check if the rsyslog messages are forwarded to a central logging server.
Version: 19.07.15
- New check script checkvim.sh to check for the correct level of vim in regards to RHSA-2019:1619.
- New check script checklibssh2.sh to check for the correct level of libssh2 in regards to RHSA-2019:1652.
- Update to check script checkyumutils.sh to update the command to install the dnf-utils package.
- Update to check script checkneedsrestarting.sh to allow the check script to work correctly on RHEL 8, now that the -r option for needs-restarting has been removed in RHEL 8.
Version: 19.07.14
- Update to check script checkcleansystem.sh to avoid checking folders in use for either Docker or Podman container storage.
Version: 19.07.09
- Update to check script checkrpmv.sh to add the --nomtime option for rpm -Va to reduce the amount of CPU used to verify the RPM file integrity.
- New check script checkrpmdatabase.sh to check for the integrity of the RPM database.
- Update to check script checkall.sh to update the message in case a check script takes too long too run.
- Update to check script checkusershell.sh to avoid messages on a system configured with LDAP authentication.
- Update to check script checkiddsapub.sh to correctly check for the group of file id_dsa.pub.
- Update to check script checkfswrite.sh to check if a mount point is a directory before attempting to create a file in it.
- Update to check script checkfsdirwrite.sh to check if a mount point is a directory before attempting to create a folder in it.
- Update to check script checkexpireduseraccounts.sh to avoid reporting an error if the password_days attribute is not set in /etc/shadow.
- Update to check script checketcshadowused.sh to avoid checking entries in place for LDAP authentication.
- Update to check script checketcnamedconfperms.sh to avoid checking the permissions of /etc/named.conf if it is a link to another file.
- Update to check script checkcleanetc.sh to find several old copies of configuration files in the /etc folder.
Version: 19.07.05
- Update to check script checkadapterlink.sh to avoid generating errors when Docker interfaces are used on the system.
Version: 19.06.06
- New check script checkdevurandom.sh to check if device /dev/urandom exists.
- New check script checkdevurandom.sh to check if the device /dev/urandom exists.
Version: 19.05.28
- Update to check script checkmemoryutilization.sh to correctly calculate the memory usage both on RHEL6 and RHEL7 systems.
Version: 19.05.22
- New check script checkpatrolpukserver.sh to check if there's a process pukserver.xpc active using a large amount of CPU.
- New check script checkpatrolpukremote.sh to check if there's a process pukremotexec.xpc active using a large amount of CPU.
- New check script checkpatrollevel.sh to check the level of the BMC Patrol Agent.
- New check script checkpatrolfilesystem.sh to check if /opt/bmc is set up in a separate file system for BMC's Patrol Agent.
- New check script checkpatrolagent.sh to check if BMC's PatrolAgent is using a lot of CPU.
Version: 19.05.16
- New check script checkemcpowerpathunlicensed.sh to check for any unlicensed paths for EMC PowerPath.
- New check script checkemcpowerpathlicense.sh to check if the powerpath license isn't expired or expring.
- New check script checkemcpowerpathlevel.sh to check the PowerPath level, if installed.
- New check script checkemcpowerpathdeadpaths.sh to check if there are any EMC PowerPath dead/degraded/failed paths.
- New check script checkemcpowermttrespass.sh to check for any EMC PowerPath devices that are trespassed.
- New check script checkemcpowermtpathsvsadapters.sh to check if at least 4 fibre channel adapter ports are used, if available, for EMC PowerPath.
- New check script checkemcpowermtpaths.sh to check the number of paths for each fibre adapter, in use for EMC storage.
- New check script checkemcpowermt.sh to run EMC's PowerPath command powermt, if possible.
- New check script checkemcpowermtafm.sh to check for the array failover mode through powermt.
- New check script checkemcinq.sh to run the inq utility of EMC, if present on the system.
Version: 19.05.14
- Update to check script checkoslevel.sh to update comment for RHEL 8.0.
Version: 19.05.13
- Completed testing of UNIX Health Check for Red Hat Enterprise Linux 8.0.
- Update to check script checkbusydisks.sh to only list disks and not device mapper logical volume devices.
- Update to check script checkyumcron.sh to not have this check script run on RHEL 8.0.
- Update to the description of check script checksharutils.sh to add information on how to install sharutils on RHEL 8.0.
- Update to check script checketcnsswitchconfperms.sh to check the correct nsswitch.conf file on RHEL 8.0.
Version: 19.04.17
- Update to check script checksystemid.sh to avoid generating an error when RPM package bind-utils is not installed on the system.
- Update to check script checkswapusage.sh to alert if no swap space is defined.
- Update to check script checkrootpassword.sh to allow it to work correctly if no password has been set for user root at all.
Version: 19.04.04
- New check script checkpostfixsmtpdbanner.sh to check if a proper smtpd_banner is listed in /etc/postfix/main.cf.
Version: 19.04.03
- New check script checkvarfilesystem.sh to check if /var is a separate file system.
- New check script checketcissueperms.sh to check the permissions of /etc/issue.
Version: 19.04.02
- New check script checketchostsnonnumeric.sh to check for non-numeric entries in /etc/hosts.
Version: 19.03.26
- Update of the package to allow for an RPM build of UNIX Health Check for Red Hat Enterprise Linux.
Version: 19.03.22
- Update to check script checkenvironment.sh to allow the EXTENDED_HISTORY entry in /etc/environment.
Version: 19.03.21
- New check script checkchronyservers.sh to check if the configured servers in /etc/chrony.conf can be used for time synchronization.
- New check script checkntpservers.sh to check if the configured NTP servers can be used for time synchronization.
- New check script checkextendedhistory.sh to check if environment variable EXTENDED_HISTORY is set to ON in /etc/environment.
- New check script checkrsh.sh to check if the rsh RPM is not installed.
- New check script checkrshserver.sh to check if the rsh-server RPM is not installed.
- New check script checketclogindefsduplicates.sh to check for any duplicate entries in /etc/login.defs.
Version: 19.03.14
- Update to check script checkusershell.sh to list users with a non-existing shell underneath each other instead of next to each other.
- Update to check script checkpamunix.sh to recommend changing to the SHA512 algorithm only once, even if it isn't set in both /etc/pam.d/system-auth and in /etc/pam.d/password-auth.
- Update to check script checkdefaultusersettings.sh to correct a typo in the SHA512 recommendation setting.
- Update to check script checkcrontabcommands.sh to allow it to work correctly if a crontab file owned by a user that has a home directory in a file system other than /home.
- Update to check script checkmachineid.sh to correctly display the machine ID for Red Hat Enterprise Linux version 6 (and below) systems.
Version: 19.03.11
- New check script checktree.sh to check if the tree RPM package has been installed on the system.
- Addition of the LICENSE file to the package.
Version: 19.03.07
- Update to check script checksshdirfiles.sh to also allow stricter permissions for ~root/.ssh/known_hosts.
Version: 19.02.25
- New check script checkuserchars.sh to check for user accounts that use special characters in the user name.
Version: 19.02.03
- Update to check script checkpacemakerclusterstatus.sh to avoid writing an empty file called "1", due to an error in acommand redirecting stderr to stdout.
Version: 19.01.29
- Update to check script checkemptyvg.sh to redirect any errors of LVM commands to /dev/null.
- Update to check script checklvunavailable.sh to redirect any errors of LVM commands to /dev/null.
Version: 19.01.28
- New check script checklvmconfbackup.sh to check for the correct backup and archive settings in /etc/lvm/lvm.conf.
Version: 19.01.23
- New check script checkbusydisks.sh to check for any disks that are more than 20% busy on average and currently.
Version: 19.01.18
- New check script checkguestagent.sh to check if the Guest Agent and drivers have been installed on a Red Hat Virtulization hosted Virtual Machine.
Version: 19.01.17
- Update to check script checkvarlogbtmpperms.sh to correctly report the permissions on /var/log/btmp on Red Hat Enterprise Linux version 8.
Version: 19.01.02
- Copyright update of the UNIX Health Check for Red Hat Enterprise Linux package from 2018 to 2019.
- Update to check script checkpostfixmyorigin.sh to avoid alerting if myorigin in the Postfix main.cf configuration file is set to part of the domain name.
- Update to check script checkfswrite.sh to avoid checking CIFS mounted file systems.
- Update to check script checkfsdirwrite.sh to avoid checking CIFS mounted file systems.
- Update to check script checketcfstabfilesystems.sh to avoid reporting a file system, which is actually a file system mounted on top of a LVM snapshot.
- Update to check script checkvarlogbtmpperms.sh to correctly report the permissions on /var/log/btmp on Red Hat Enterprise Linux version 8.
Version: 18.12.30
- Update to check script checkcleansystem.sh to exclude .cache/imsettings/log.bak files in home directories from being reported.
Version: 18.12.23
- Update to check script checketcfstabfilesystems.sh to avoid reporting an error when a file system is NFS mounted through autofs.
- Update to check script checkhomesize.sh to avoid checking the size of the /home file system, if the file system is auto-mounted through NFS.
Version: 18.12.22
- Update to check script checkntpdate.sh to avoid reporting any errors when chronyd is active instead of ntpd.
- Update to check script checkntpoptions.sh to avoid reporting any errors when chronyd is active instead of ntpd.
- Update to check script checkntpslewing.sh to avoid reporting any errors when chronyd is active instead of ntpd.
- Update to check script checkntpsteptickers.sh to avoid reporting any errors when chronyd is active instead of ntpd.
- Update to check script checkntpsynchwclock.sh to avoid reporting any errors when chronyd is active instead of ntpd.
- Update to check script checkfirewallstate.sh to avoid reporting a color coded error, as generated by the firewall-cmd, when the firewalld has an error status.
- New check script checkhomedirperms.sh to check the permissions, owner and group of the home directory of root.
- Update to check script checkroothomedir.sh to exit if the home directory of user root does not exist.
Version: 18.12.21
- Update to check script checkfswrite.sh to avoid alerting on file systems mounted through autofs.
- New check script checkdebugshell.sh to check if the debug-shell service is active and/or enabled.
- New check script checkfirewallpermanent.sh to check the current vs the permanent settings of the firewall daemon.
- New check script checkfirewallzone.sh to display the default zone used bye the firewall daemon.
- New check script checkfirewallstate.sh to check the current state of the firewall daemon.
- New check script checksystemctlgetdefault.sh to display the default target configured on the system.
Version: 18.12.17
- New check script checklsof.sh to check if the lsof tool has been installed on the system.
- New check script checksubscriptionmanagerinstalled.sh to check if the subscription-manager tools are installed.
- Removed check script checkkernel.sh, as it is a duplicate of check script checkkernelrelease.sh.
- New check script checkrsync.sh to check if the rsync tool has been installed on the system.
Version: 18.12.16
- Update to check script checksubscriptionmanager.sh to add additional text to explain the status of the subscription.
Version: 18.12.14
- New check script checkdevconsole.sh to check if /dev/console exists and is not a regular file, and has the correct permissions.
- New check script checkdfhang.sh to check for any hanging df commands.
- New check script checkpoodle.sh to check if this system is vulnerable for the known Poodle vulnerability in SSLv3.
Version: 18.12.13
- New check script checkfirewallenabledentries.sh to display the enabled and added entries in the firewall, if the firewalld daemon is running.
- New check script checkfirewalld.sh to display the the current status of the firewalld daemon.
- New check script checkyumrepolist.sh to display the enabled repositories on the system.
- Update to check script checkfswrite.sh to exclude any Docker overlay file systems from checking.
- Update to check script checketcfstabfilesystems.sh to exclude any Docker overlay file systems from checking.
- Update to check script checkpvunallocatable.sh to include information on how to add a LVM2 type disk to a volume group.
Version: 18.12.12
- New check script checkuid.sh to check if all UIDs are not negative and not greater than 2147483646, in response to CVE-2018-19788.
Version: 18.12.11
- Update to check script checkhighcpu.sh to ensure an error is reported if processes with high CPU usage are detected.
Version: 18.12.10
- New check script checknfsnodename.sh to check if the nodename for any NFS file system can be pinged.
- New check script checknfsconfig.sh to display the NFS configuration (exported and mounted NFS file systems)
- New check script checkemptyvg.sh to check if a volume group is empty.
- New check script checkpsmisc.sh to check if the psmisc RPM package is installed.
- New check script checkhighcpu.sh to check if there are any processes using more than 20% of CPU.
- Update to check script checkpostfix.sh to alert if Postfix is not installed on the system.
- New check script checktar.sh to check if the tar RPM package is installed.