debian-cis/bin/hardening/8.0_enable_auditd_kernel.sh

#!/bin/bash

#
# CIS Debian 7 Hardening
#

#
# 8.0 Ensure CONFIG_AUDIT is enabled in your running kernel
#

set -e # One error, it's over
set -u # One variable unset, it's over

# Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :)

KERNEL_OPTION="CONFIG_AUDIT"


# This function will be called if the script status is on enabled / audit mode
audit () {
    is_kernel_option_enabled "^$KERNEL_OPTION="
    if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
        ok "$KERNEL_OPTION is enabled"
    else
        crit "$KERNEL_OPTION is disabled, auditd will not work"
    fi
    :
}

# This function will be called if the script status is on enabled mode
apply () {
    is_kernel_option_enabled "^$KERNEL_OPTION="
    if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
        ok "$KERNEL_OPTION is enabled"
    else
        warn "I cannot fix $KERNEL_OPTION disabled, to make auditd work, recompile your kernel please"
    fi
    :
}

# This function will check config parameters required
check_config() {
    :
}

# Source Root Dir Parameter
if [ ! -r /etc/default/cis-hardening ]; then
    echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting"
    exit 128
else
    . /etc/default/cis-hardening
    if [ -z ${CIS_ROOT_DIR:-} ]; then
        echo "No CIS_ROOT_DIR variable, aborting"
        exit 128
    fi
fi 

# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
    . $CIS_ROOT_DIR/lib/main.sh
else
    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
    exit 128
fi
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`#!/bin/bash`

			`#`
			`# CIS Debian 7 Hardening`
			`#`

			`#`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00			`# 8.0 Ensure CONFIG_AUDIT is enabled in your running kernel`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`#`

			`set -e # One error, it's over`
			`set -u # One variable unset, it's over`

Rephrase confusing messages 2016-04-21 18:32:36 +02:00			`# Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :)`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00
			`KERNEL_OPTION="CONFIG_AUDIT"`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00

			`# This function will be called if the script status is on enabled / audit mode`
			`audit () {`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00			`is_kernel_option_enabled "^$KERNEL_OPTION="`
			`if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated`
			`ok "$KERNEL_OPTION is enabled"`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`else`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00			`crit "$KERNEL_OPTION is disabled, auditd will not work"`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`fi`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00			`:`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`}`

			`# This function will be called if the script status is on enabled mode`
			`apply () {`
8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00			`is_kernel_option_enabled "^$KERNEL_OPTION="`
			`if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated`
			`ok "$KERNEL_OPTION is enabled"`
			`else`
			`warn "I cannot fix $KERNEL_OPTION disabled, to make auditd work, recompile your kernel please"`
			`fi`
			`:`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`}`

			`# This function will check config parameters required`
			`check_config() {`
			`:`
			`}`

			`# Source Root Dir Parameter`
Corrected default file path 2016-04-18 17:39:14 +02:00			`if [ ! -r /etc/default/cis-hardening ]; then`
			`echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting"`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`exit 128`
			`else`
Corrected default file path 2016-04-18 17:39:14 +02:00			`. /etc/default/cis-hardening`
Fixed default file error handling and quickstart 2016-04-21 23:19:50 +02:00			`if [ -z ${CIS_ROOT_DIR:-} ]; then`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`echo "No CIS_ROOT_DIR variable, aborting"`
Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00			`exit 128`
7.4.1_install_tcp_wrapper.sh 7.4.2_hosts_allow.sh 7.4.3_hosts_allow_permissions.sh 7.4.4_hosts_deny.sh 7.4.5_hosts_deny_permissions.sh 7.5.1_disable_dccp.sh 7.5.2_disable_sctp.sh 7.5.3_disable_rds.sh 7.5.4_disable_tipc.sh 7.6_disable_wireless.sh 7.7_enable_firewall.sh 8.0_install_auditd.sh 8.1.1.1_audit_log_storage.sh 2016-04-13 22:51:18 +02:00			`fi`
			`fi`

			`# Main function, will call the proper functions given the configuration (audit, enabled, disabled)`
Fixed default file error handling and quickstart 2016-04-21 23:19:50 +02:00			`if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then`
			`. $CIS_ROOT_DIR/lib/main.sh`
			`else`
			`echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"`
			`exit 128`
			`fi`