mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-25 06:54:29 +01:00
debian dependencies fix, rephrasing, revision bump 1.0-8.
This commit is contained in:
parent
2ebfee70ed
commit
1479332870
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -17,7 +17,7 @@ RESULT=''
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if admin accounts have login different from $SHELL"
|
info "Checking if admin accounts have a login shell different than $SHELL"
|
||||||
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
|
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
debug "line : $LINE"
|
debug "line : $LINE"
|
||||||
@ -29,11 +29,11 @@ audit () {
|
|||||||
debug "$ACCOUNT is confirmed as an exception"
|
debug "$ACCOUNT is confirmed as an exception"
|
||||||
RESULT=$(sed "s!$LINE!!" <<< "$RESULT")
|
RESULT=$(sed "s!$LINE!!" <<< "$RESULT")
|
||||||
else
|
else
|
||||||
debug "$ACCOUNT not found in exceptions"
|
debug "$ACCOUNT not found in exceptions"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some admin accounts don't have $SHELL as shell"
|
crit "Some admin accounts don't have $SHELL as their login shell"
|
||||||
crit "$RESULT"
|
crit "$RESULT"
|
||||||
else
|
else
|
||||||
ok "All admin accounts deactivated"
|
ok "All admin accounts deactivated"
|
||||||
@ -57,11 +57,11 @@ apply () {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
warn "Some admin accounts don't have $SHELL as shell"
|
warn "Some admin accounts don't have $SHELL as their login shell -- Fixing"
|
||||||
warn "$RESULT"
|
warn "$RESULT"
|
||||||
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
|
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
|
||||||
info "Setting $SHELL to $USER"
|
info "Setting $SHELL as $USER login shell"
|
||||||
usermod -s $SHELL $USER
|
usermod -s $SHELL $USER
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
ok "All admin accounts deactivated, nothing to apply"
|
ok "All admin accounts deactivated, nothing to apply"
|
||||||
|
@ -28,7 +28,7 @@ apply () {
|
|||||||
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
||||||
ok "Root group GID is $EXPECTED_GID"
|
ok "Root group GID is $EXPECTED_GID"
|
||||||
else
|
else
|
||||||
warn "Root group GID is not $EXPECTED_GID"
|
warn "Root group GID is not $EXPECTED_GID -- Fixing"
|
||||||
usermod -g $EXPECTED_GID $USER
|
usermod -g $EXPECTED_GID $USER
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -18,24 +18,24 @@ FILE='/etc/profile.d/CIS_10.4_umask.sh'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES_TO_SEARCH"
|
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILES_TO_SEARCH"
|
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
chmod 644 $FILE
|
chmod 644 $FILE
|
||||||
add_end_of_file $FILE "$PATTERN"
|
add_end_of_file $FILE "$PATTERN"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -46,7 +46,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -17,7 +17,7 @@ PATTERN='(\\v|\\r|\\m|\\s)'
|
|||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
for FILE in $FILES; do
|
for FILE in $FILES; do
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN is present in $FILE"
|
crit "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -29,7 +29,7 @@ audit () {
|
|||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
for FILE in $FILES; do
|
for FILE in $FILES; do
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN is present in $FILE"
|
warn "$PATTERN is present in $FILE"
|
||||||
delete_line_in_file $FILE $PATTERN
|
delete_line_in_file $FILE $PATTERN
|
||||||
|
@ -13,7 +13,7 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if there is suid files"
|
info "Checking if there are suid files"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 -print)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 -print)
|
||||||
for BINARY in $RESULT; do
|
for BINARY in $RESULT; do
|
||||||
if grep -q $BINARY <<< "$EXCEPTIONS"; then
|
if grep -q $BINARY <<< "$EXCEPTIONS"; then
|
||||||
|
@ -13,7 +13,7 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if there is sgid files"
|
info "Checking if there are sgid files"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 -print)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 -print)
|
||||||
for BINARY in $RESULT; do
|
for BINARY in $RESULT; do
|
||||||
if grep -q $BINARY <<< "$EXCEPTIONS"; then
|
if grep -q $BINARY <<< "$EXCEPTIONS"; then
|
||||||
|
@ -21,7 +21,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,10 +13,10 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if there is world writable files"
|
info "Checking if there are world writable files"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some world writable file are present"
|
crit "Some world writable files are present"
|
||||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||||
crit "$FORMATTED_RESULT"
|
crit "$FORMATTED_RESULT"
|
||||||
else
|
else
|
||||||
|
@ -15,10 +15,10 @@ USER='root'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if there is unowned files"
|
info "Checking if there are unowned files"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some world writable file are present"
|
crit "Some unowned files are present"
|
||||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||||
crit "$FORMATTED_RESULT"
|
crit "$FORMATTED_RESULT"
|
||||||
else
|
else
|
||||||
@ -30,8 +30,8 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
warn "chmowing all unowned files in the system"
|
warn "Applying chown on all unowned files in the system"
|
||||||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
|
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
|
||||||
else
|
else
|
||||||
ok "No unowned files found, nothing to apply"
|
ok "No unowned files found, nothing to apply"
|
||||||
fi
|
fi
|
||||||
|
@ -15,14 +15,14 @@ GROUP='root'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if there is unowned files"
|
info "Checking if there are ungrouped files"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some world writable file are present"
|
crit "Some ungrouped files are present"
|
||||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||||
crit "$FORMATTED_RESULT"
|
crit "$FORMATTED_RESULT"
|
||||||
else
|
else
|
||||||
ok "No world writable files found"
|
ok "No ungrouped files found"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,10 +30,10 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
warn "chmowing all ungrouped files in the system"
|
warn "Applying chgrp on all ungrouped files in the system"
|
||||||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
|
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
|
||||||
else
|
else
|
||||||
ok "No world writable files found, nothing to apply"
|
ok "No ungrouped files found, nothing to apply"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $ERRORS = 0 ]; then
|
if [ $ERRORS = 0 ]; then
|
||||||
ok "No $FILENAME present in users files"
|
ok "No $FILENAME present in users home directory"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $ERRORS = 0 ]; then
|
if [ $ERRORS = 0 ]; then
|
||||||
ok "No $FILENAME present in users files"
|
ok "No $FILENAME present in users home directory"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $ERRORS = 0 ]; then
|
if [ $ERRORS = 0 ]; then
|
||||||
ok "No $FILENAME present in users files"
|
ok "No $FILENAME present in users home directory"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,10 +15,10 @@ FILE='/etc/shadow'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if accounts have empty passwords"
|
info "Checking if accounts have an empty password"
|
||||||
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
|
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some accounts have empty passwords"
|
crit "Some accounts have an empty password"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
ok "All accounts have a password"
|
ok "All accounts have a password"
|
||||||
@ -29,8 +29,8 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
|
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
warn "Some accounts have empty passwords"
|
warn "Some accounts have an empty password"
|
||||||
for ACCOUNT in $RESULT; do
|
for ACCOUNT in $RESULT; do
|
||||||
info "Locking $ACCOUNT"
|
info "Locking $ACCOUNT"
|
||||||
passwd -l $ACCOUNT >/dev/null 2>&1
|
passwd -l $ACCOUNT >/dev/null 2>&1
|
||||||
done
|
done
|
||||||
|
@ -17,24 +17,24 @@ PATTERN='^shadow:x:[[:digit:]]+:'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file $FILEGROUP $PATTERN
|
does_pattern_exist_in_file $FILEGROUP $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
info "shadow group exists"
|
info "shadow group exists"
|
||||||
RESULT=$(grep -E "$PATTERN" $FILEGROUP | cut -d: -f4)
|
RESULT=$(grep -E "$PATTERN" $FILEGROUP | cut -d: -f4)
|
||||||
GROUPID=$(getent group shadow | cut -d: -f3)
|
GROUPID=$(getent group shadow | cut -d: -f3)
|
||||||
debug "$RESULT $GROUPID"
|
debug "$RESULT $GROUPID"
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some user belong to shadow group : $RESULT"
|
crit "Some users belong to shadow group: $RESULT"
|
||||||
else
|
else
|
||||||
ok "No one belongs to shadow group"
|
ok "No user belongs to shadow group"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
info "Checking if a user has $GROUPID as primary group"
|
info "Checking if a user has $GROUPID as primary group"
|
||||||
RESULT=$(awk -F: '($4 == shadowid) { print $1 }' shadowid=$GROUPID /etc/passwd)
|
RESULT=$(awk -F: '($4 == shadowid) { print $1 }' shadowid=$GROUPID /etc/passwd)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some user have shadow id to their primary group : $RESULT"
|
crit "Some users have shadow id as their primary group: $RESULT"
|
||||||
else
|
else
|
||||||
ok "No one have shadow id to their primary group"
|
ok "No user has shadow id as their primary group"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
crit "shadow group doesn't exist"
|
crit "shadow group doesn't exist"
|
||||||
@ -43,7 +43,7 @@ audit () {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
info "If the audit returns something, please check with the user why he has this file"
|
info "Editing automatically users/groups may seriously harm your system, report only here"
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -16,10 +16,10 @@ RESULT=''
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if accounts have empty passwords"
|
info "Checking if accounts have a legacy password entry"
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
crit "Some accounts have legacy password entry"
|
crit "Some accounts have a legacy password entry"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
ok "All accounts have a valid password entry format"
|
ok "All accounts have a valid password entry format"
|
||||||
@ -30,7 +30,7 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
warn "Some accounts have legacy password entry"
|
warn "Some accounts have a legacy password entry"
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
info "Removing $LINE from $FILE"
|
info "Removing $LINE from $FILE"
|
||||||
delete_line_in_file $FILE $LINE
|
delete_line_in_file $FILE $LINE
|
||||||
|
@ -16,10 +16,10 @@ RESULT=''
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if accounts have empty passwords"
|
info "Checking if accounts have a legacy password entry"
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
crit "Some accounts have legacy password entry"
|
crit "Some accounts have a legacy password entry"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
ok "All accounts have a valid password entry format"
|
ok "All accounts have a valid password entry format"
|
||||||
@ -30,7 +30,7 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
warn "Some accounts have legacy password entry"
|
warn "Some accounts have a legacy password entry"
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
info "Removing $LINE from $FILE"
|
info "Removing $LINE from $FILE"
|
||||||
delete_line_in_file $FILE $LINE
|
delete_line_in_file $FILE $LINE
|
||||||
|
@ -16,13 +16,13 @@ RESULT=''
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
info "Checking if accounts have empty passwords"
|
info "Checking if accounts have a legacy group entry"
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
crit "Some accounts have legacy password entry"
|
crit "Some accounts have a legacy group entry"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
ok "All accounts have a valid password entry format"
|
ok "All accounts have a valid group entry format"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,13 +30,13 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
if grep '^+:' $FILE -q; then
|
if grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$(grep '^+:' $FILE)
|
||||||
warn "Some accounts have legacy password entry"
|
warn "Some accounts have a legacy group entry"
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
info "Removing $LINE from $FILE"
|
info "Removing $LINE from $FILE"
|
||||||
delete_line_in_file $FILE $LINE
|
delete_line_in_file $FILE $LINE
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
ok "All accounts have a valid password entry format"
|
ok "All accounts have a valid group entry format"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@ audit () {
|
|||||||
crit "Some accounts have uid 0"
|
crit "Some accounts have uid 0"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
ok "No account with suid 0 apart root"
|
ok "No account with uid 0 apart root"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -17,13 +17,13 @@ PWD_PATTERN="^password_pbkdf2"
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file $FILE "$USER_PATTERN"
|
does_pattern_exist_in_file $FILE "$USER_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$USER_PATTERN not present in $FILE"
|
crit "$USER_PATTERN not present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$USER_PATTERN is present in $FILE"
|
ok "$USER_PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE "$PWD_PATTERN"
|
does_pattern_exist_in_file $FILE "$PWD_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PWD_PATTERN not present in $FILE"
|
crit "$PWD_PATTERN not present in $FILE"
|
||||||
else
|
else
|
||||||
@ -33,13 +33,13 @@ audit () {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file $FILE "$USER_PATTERN"
|
does_pattern_exist_in_file $FILE "$USER_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$USER_PATTERN not present in $FILE, please configure password for grub"
|
warn "$USER_PATTERN not present in $FILE, please configure password for grub"
|
||||||
else
|
else
|
||||||
ok "$USER_PATTERN is present in $FILE"
|
ok "$USER_PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE "$PWD_PATTERN"
|
does_pattern_exist_in_file $FILE "$PWD_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PWD_PATTERN not present in $FILE, please configure password for grub"
|
warn "$PWD_PATTERN not present in $FILE, please configure password for grub"
|
||||||
else
|
else
|
||||||
|
@ -16,21 +16,21 @@ PATTERN="^root:[*\!]:"
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET != 1 ]; then
|
if [ $FNRET != 1 ]; then
|
||||||
crit "$PATTERN present in $FILE"
|
crit "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET != 1 ]; then
|
if [ $FNRET != 1 ]; then
|
||||||
warn "$PATTERN present in $FILE, please put a root password"
|
warn "$PATTERN is present in $FILE, please put a root password"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
:
|
:
|
||||||
}
|
}
|
||||||
|
@ -18,7 +18,7 @@ SYSCTL_EXP_RESULT=0
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file $LIMIT_FILE $LIMIT_PATTERN
|
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$LIMIT_PATTERN not present in $LIMIT_FILE"
|
crit "$LIMIT_PATTERN not present in $LIMIT_FILE"
|
||||||
else
|
else
|
||||||
@ -36,9 +36,9 @@ audit () {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file $LIMIT_FILE $LIMIT_PATTERN
|
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, addning at the end of $LIMIT_FILE"
|
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of $LIMIT_FILE"
|
||||||
add_end_of_file $LIMIT_FILE "* hard core 0"
|
add_end_of_file $LIMIT_FILE "* hard core 0"
|
||||||
else
|
else
|
||||||
ok "$LIMIT_PATTERN present in $LIMIT_FILE"
|
ok "$LIMIT_PATTERN present in $LIMIT_FILE"
|
||||||
|
@ -15,21 +15,21 @@ PATTERN='NX[[:space:]]\(Execute[[:space:]]Disable\)[[:space:]]protection:[[:spac
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_dmesg $PATTERN
|
does_pattern_exist_in_dmesg $PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in dmesg"
|
crit "$PATTERN is not present in dmesg"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in dmesg"
|
ok "$PATTERN is present in dmesg"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_dmesg $PATTERN
|
does_pattern_exist_in_dmesg $PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in dmesg, please go to the bios to activate this option or change for CPU compatible"
|
crit "$PATTERN is not present in dmesg, please go to the bios to activate this option or change for CPU compatible"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in dmesg"
|
ok "$PATTERN is present in dmesg"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,11 +26,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -55,14 +55,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -25,11 +25,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -54,14 +54,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -26,11 +26,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -55,14 +55,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -25,11 +25,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -54,15 +54,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
echo "coucou"
|
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -20,11 +20,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled!"
|
crit "$PATTERN exists, chargen service is enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -20,11 +20,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled!"
|
crit "$PATTERN exists, daytime service is enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -20,11 +20,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled!"
|
crit "$PATTERN exists, echo service is enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -20,11 +20,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled!"
|
crit "$PATTERN exists, discard service is enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -20,11 +20,11 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled!"
|
crit "$PATTERN exists, time service is enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
info "$FILE exists, checking patterns"
|
info "$FILE exists, checking patterns"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
warn "$PATTERN present in $FILE, purging it"
|
warn "$PATTERN is present in $FILE, purging it"
|
||||||
backup_file $FILE
|
backup_file $FILE
|
||||||
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
|
||||||
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN is not present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -23,7 +23,7 @@ audit () {
|
|||||||
ok "$PACKAGE is not installed"
|
ok "$PACKAGE is not installed"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed, checking configuration"
|
ok "$PACKAGE is installed, checking configuration"
|
||||||
does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
|
does_pattern_exist_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE"
|
crit "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE"
|
||||||
else
|
else
|
||||||
@ -39,7 +39,7 @@ apply () {
|
|||||||
ok "$PACKAGE is not installed"
|
ok "$PACKAGE is not installed"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed, checking configuration"
|
ok "$PACKAGE is installed, checking configuration"
|
||||||
does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
|
does_pattern_exist_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE, adding it"
|
warn "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE, adding it"
|
||||||
backup_file $RSYNC_DEFAULT_FILE
|
backup_file $RSYNC_DEFAULT_FILE
|
||||||
|
@ -24,13 +24,13 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed, checking configuration"
|
ok "$PACKAGE is installed, checking configuration"
|
||||||
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
|
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
|
||||||
else
|
else
|
||||||
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
|
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
|
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
|
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
|
||||||
else
|
else
|
||||||
@ -49,7 +49,7 @@ apply () {
|
|||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
info "Checking $PACKAGE configuration"
|
info "Checking $PACKAGE configuration"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it"
|
warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it"
|
||||||
backup_file $NTP_CONF_FILE
|
backup_file $NTP_CONF_FILE
|
||||||
@ -57,7 +57,7 @@ apply () {
|
|||||||
else
|
else
|
||||||
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
|
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
|
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE, adding it"
|
warn "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE, adding it"
|
||||||
backup_file $NTP_INIT_FILE
|
backup_file $NTP_INIT_FILE
|
||||||
|
@ -20,12 +20,12 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$FILE does not exist"
|
crit "$FILE does not exist"
|
||||||
else
|
else
|
||||||
ok "$FILE exist, checking configuration"
|
ok "$FILE exists, checking configuration"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE, we have to deny everything"
|
crit "$PATTERN is not present in $FILE, we have to deny everything"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -37,15 +37,15 @@ apply () {
|
|||||||
warn "$FILE does not exist, creating it"
|
warn "$FILE does not exist, creating it"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
else
|
else
|
||||||
ok "$FILE exist"
|
ok "$FILE exists"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE, we have to deny everything"
|
crit "$PATTERN is not present in $FILE, we have to deny everything"
|
||||||
add_end_of_file $FILE "$PATTERN"
|
add_end_of_file $FILE "$PATTERN"
|
||||||
warn "YOU MAY HAVE CUT YOUR ACCESS, CHECK BEFORE DISCONNECTING"
|
warn "YOU MAY HAVE CUT YOUR ACCESS, CHECK BEFORE DISCONNECTING"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,12 +21,12 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$FILE does not exist"
|
crit "$FILE does not exist"
|
||||||
else
|
else
|
||||||
ok "$FILE exist, checking configuration"
|
ok "$FILE exists, checking configuration"
|
||||||
does_pattern_exists_in_file $FILE "^$PATTERN[[:space:]]"
|
does_pattern_exist_in_file $FILE "^$PATTERN[[:space:]]"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN is not present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -38,14 +38,14 @@ apply () {
|
|||||||
warn "$FILE does not exist, creating it"
|
warn "$FILE does not exist, creating it"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
else
|
else
|
||||||
ok "$FILE exist"
|
ok "$FILE exists"
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE "^$PATTERN[[:space:]]"
|
does_pattern_exist_in_file $FILE "^$PATTERN[[:space:]]"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
add_end_of_file $FILE "$PATTERN = $VALUE"
|
add_end_of_file $FILE "$PATTERN = $VALUE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,17 +20,17 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$FILE does not exist"
|
crit "$FILE does not exist"
|
||||||
else
|
else
|
||||||
ok "$FILE exist, checking configuration"
|
ok "$FILE exists, checking configuration"
|
||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN is not present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
@ -43,17 +43,17 @@ apply () {
|
|||||||
warn "$FILE does not exist, creating it"
|
warn "$FILE does not exist, creating it"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
else
|
else
|
||||||
ok "$FILE exist"
|
ok "$FILE exists"
|
||||||
fi
|
fi
|
||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$AUDIT_PARAM"
|
does_pattern_exist_in_file $FILE "^$AUDIT_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
@ -62,7 +62,7 @@ apply () {
|
|||||||
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -20,17 +20,17 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$FILE does not exist"
|
crit "$FILE does not exist"
|
||||||
else
|
else
|
||||||
ok "$FILE exist, checking configuration"
|
ok "$FILE exists, checking configuration"
|
||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN is not present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
@ -43,17 +43,17 @@ apply () {
|
|||||||
warn "$FILE does not exist, creating it"
|
warn "$FILE does not exist, creating it"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
else
|
else
|
||||||
ok "$FILE exist"
|
ok "$FILE exists"
|
||||||
fi
|
fi
|
||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$AUDIT_PARAM"
|
does_pattern_exist_in_file $FILE "^$AUDIT_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
@ -62,7 +62,7 @@ apply () {
|
|||||||
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -23,12 +23,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -37,14 +37,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -35,14 +35,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -35,14 +35,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -33,14 +33,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -33,14 +33,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -33,14 +33,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -32,14 +32,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -35,14 +35,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -32,14 +32,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -20,17 +20,17 @@ audit () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$FILE does not exist"
|
crit "$FILE does not exist"
|
||||||
else
|
else
|
||||||
ok "$FILE exist, checking configuration"
|
ok "$FILE exists, checking configuration"
|
||||||
for GRUB_OPTION in $OPTIONS; do
|
for GRUB_OPTION in $OPTIONS; do
|
||||||
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
||||||
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
||||||
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
||||||
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN is not present in $FILE"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
@ -43,17 +43,17 @@ apply () {
|
|||||||
warn "$FILE does not exist, creating it"
|
warn "$FILE does not exist, creating it"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
else
|
else
|
||||||
ok "$FILE exist"
|
ok "$FILE exists"
|
||||||
fi
|
fi
|
||||||
for GRUB_OPTION in $OPTIONS; do
|
for GRUB_OPTION in $OPTIONS; do
|
||||||
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
||||||
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
||||||
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
||||||
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$GRUB_PARAM"
|
does_pattern_exist_in_file $FILE "^$GRUB_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
|
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
|
||||||
@ -62,7 +62,7 @@ apply () {
|
|||||||
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
|
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -22,12 +22,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -22,12 +22,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -36,14 +36,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -23,12 +23,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -37,14 +37,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -32,14 +32,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -20,12 +20,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -34,14 +34,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -20,12 +20,12 @@ FILE='/etc/audit/audit.rules'
|
|||||||
audit () {
|
audit () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$AUDIT_VALUE is not in file $FILE"
|
crit "$AUDIT_VALUE is not in file $FILE"
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
@ -34,14 +34,14 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||||
debug "$AUDIT_VALUE must be in file $FILE"
|
debug "$AUDIT_VALUE should be in file $FILE"
|
||||||
does_pattern_exists_in_file $FILE $AUDIT_VALUE
|
does_pattern_exist_in_file $FILE $AUDIT_VALUE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
warn "$AUDIT_VALUE is not in file $FILE, adding it"
|
||||||
add_end_of_file $FILE $AUDIT_VALUE
|
add_end_of_file $FILE $AUDIT_VALUE
|
||||||
eval $(pkill -HUP -P 1 auditd)
|
eval $(pkill -HUP -P 1 auditd)
|
||||||
else
|
else
|
||||||
ok "$AUDIT_VALUE present in $FILE"
|
ok "$AUDIT_VALUE is present in $FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -51,7 +51,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -16,22 +16,22 @@ PATTERN='^destination.*(tcp|udp)[[:space:]]*\([[:space:]]*\".*\"[[:space:]]*\)'
|
|||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
|
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
|
||||||
does_pattern_exists_in_file "$FILES" "$PATTERN"
|
does_pattern_exist_in_file "$FILES" "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES"
|
crit "$PATTERN is not present in $FILES"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES"
|
ok "$PATTERN is present in $FILES"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
|
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
|
||||||
does_pattern_exists_in_file "$FILES" "$PATTERN"
|
does_pattern_exist_in_file "$FILES" "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES, please set a remote host to send your logs"
|
crit "$PATTERN is not present in $FILES, please set a remote host to send your logs"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES"
|
ok "$PATTERN is present in $FILES"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,28 +16,28 @@ PATTERN='tripwire --check'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file "$FILES" "$PATTERN"
|
does_pattern_exist_in_file "$FILES" "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES"
|
crit "$PATTERN is not present in $FILES"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES"
|
ok "$PATTERN is present in $FILES"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file "$FILES" "$PATTERN"
|
does_pattern_exist_in_file "$FILES" "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILES, setting tripwire cron"
|
warn "$PATTERN is not present in $FILES, setting tripwire cron"
|
||||||
echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
|
echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES"
|
ok "$PATTERN is present in $FILES"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
}
|
}
|
||||||
|
|
||||||
# Source Root Dir Parameter
|
# Source Root Dir Parameter
|
||||||
@ -50,7 +50,7 @@ else
|
|||||||
echo "No CIS_ROOT_DIR variable, aborting"
|
echo "No CIS_ROOT_DIR variable, aborting"
|
||||||
exit 128
|
exit 128
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
||||||
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
|
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -36,7 +36,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -69,7 +69,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -40,7 +40,7 @@ apply () {
|
|||||||
crit "$PACKAGE is absent, installing it"
|
crit "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -40,7 +40,7 @@ apply () {
|
|||||||
crit "$PACKAGE is absent, installing it"
|
crit "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -40,7 +40,7 @@ apply () {
|
|||||||
crit "$PACKAGE is absent, installing it"
|
crit "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
|
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -51,12 +51,12 @@ apply () {
|
|||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
|
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -25,7 +25,7 @@ audit () {
|
|||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*"
|
PATTERN="^$SSH_PARAM[[:space:]]*"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -48,12 +48,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
crit "$FILE is not $USER:$GROUP ownership set"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
@ -43,7 +43,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct ownership"
|
ok "$FILE has correct ownership"
|
||||||
else
|
else
|
||||||
warn "$FILE is not $USER:$GROUP ownership set"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown $USER:$GROUP $FILE
|
chown $USER:$GROUP $FILE
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions $FILE $PERMISSIONS
|
has_file_correct_permissions $FILE $PERMISSIONS
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -26,7 +26,7 @@ audit () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -49,12 +49,12 @@ apply () {
|
|||||||
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
|
||||||
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exist_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
warn "$PATTERN not present in $FILE, adding it"
|
warn "$PATTERN is not present in $FILE, adding it"
|
||||||
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
|
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
@ -40,7 +40,7 @@ apply () {
|
|||||||
crit "$PACKAGE is absent, installing it"
|
crit "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
fi
|
fi
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exist_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
else
|
else
|
||||||
|
@ -19,26 +19,26 @@ FILE='/etc/profile.d/CIS_99.1_timeout.sh'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES_TO_SEARCH"
|
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILES_TO_SEARCH"
|
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
chmod 644 $FILE
|
chmod 644 $FILE
|
||||||
add_end_of_file $FILE "$PATTERN$VALUE"
|
add_end_of_file $FILE "$PATTERN$VALUE"
|
||||||
add_end_of_file $FILE "readonly TMOUT"
|
add_end_of_file $FILE "readonly TMOUT"
|
||||||
add_end_of_file $FILE "export TMOUT"
|
add_end_of_file $FILE "export TMOUT"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,19 +18,19 @@ FILE='/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILES_TO_SEARCH"
|
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$PATTERN not present in $FILES_TO_SEARCH"
|
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||||
touch $FILE
|
touch $FILE
|
||||||
chmod 644 $FILE
|
chmod 644 $FILE
|
||||||
add_end_of_file $FILE '
|
add_end_of_file $FILE '
|
||||||
@ -47,7 +47,7 @@ ACTION=="add", ATTR{product}=="*[Kk]eyboard*", TEST=="authorized", ATTR{authoriz
|
|||||||
ACTION=="add", ATTR{product}=="*Thinnet TM*", TEST=="authorized", ATTR{authorized}="1"
|
ACTION=="add", ATTR{product}=="*Thinnet TM*", TEST=="authorized", ATTR{authorized}="1"
|
||||||
'
|
'
|
||||||
else
|
else
|
||||||
ok "$PATTERN present in $FILES_TO_SEARCH"
|
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
7
debian/changelog
vendored
7
debian/changelog
vendored
@ -1,3 +1,10 @@
|
|||||||
|
cis-hardening (1.0-8) wheezy; urgency=low
|
||||||
|
|
||||||
|
* phrasing reworked all over the place
|
||||||
|
* added debian dependencies bash and bc
|
||||||
|
|
||||||
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 26 Apr 2016 10:26:18 +0200
|
||||||
|
|
||||||
cis-hardening (1.0-7) wheezy; urgency=low
|
cis-hardening (1.0-7) wheezy; urgency=low
|
||||||
|
|
||||||
* Fixed 6.15 netstat analysis
|
* Fixed 6.15 netstat analysis
|
||||||
|
2
debian/control
vendored
2
debian/control
vendored
@ -10,7 +10,7 @@ Vcs-Browser: https://github.com/ovh/debian-cis/
|
|||||||
|
|
||||||
Package: cis-hardening
|
Package: cis-hardening
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
Depends: ${shlibs:Depends}, ${misc:Depends}, bash, bc
|
||||||
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
|
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
|
||||||
Modular Debian 7 security hardening scripts based on cisecurity.org
|
Modular Debian 7 security hardening scripts based on cisecurity.org
|
||||||
⟨cisecurity.org⟩ recommendations. We use it at OVH ⟨https://ovh.com⟩ to
|
⟨cisecurity.org⟩ recommendations. We use it at OVH ⟨https://ovh.com⟩ to
|
||||||
|
@ -48,7 +48,7 @@ set_sysctl_param() {
|
|||||||
# Dmesg
|
# Dmesg
|
||||||
#
|
#
|
||||||
|
|
||||||
does_pattern_exists_in_dmesg() {
|
does_pattern_exist_in_dmesg() {
|
||||||
local PATTERN=$1
|
local PATTERN=$1
|
||||||
if $(dmesg | grep -qE "$PATTERN"); then
|
if $(dmesg | grep -qE "$PATTERN"); then
|
||||||
FNRET=0
|
FNRET=0
|
||||||
@ -95,7 +95,7 @@ has_file_correct_permissions() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
does_pattern_exists_in_file() {
|
does_pattern_exist_in_file() {
|
||||||
local FILE=$1
|
local FILE=$1
|
||||||
local PATTERN=$2
|
local PATTERN=$2
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user