elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 05:27:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Dissociate iptables pkg name from command (#137)

Browse Source 
Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>

Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
This commit is contained in:
Tarik Megzari 2021-12-27 15:40:55 +01:00 committed by GitHub
parent f1c1517bd2
commit 17d272420a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
View File

@ -20,6 +20,7 @@ DESCRIPTION="Check iptables firewall default policy for DROP on INPUT and FORWAR
PACKAGE="iptables" PACKAGE="iptables"
FW_CHAINS="INPUT FORWARD" FW_CHAINS="INPUT FORWARD"
FW_POLICY="DROP" FW_POLICY="DROP"
FW_CMD="iptables"
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
@ -27,9 +28,9 @@ audit() {
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
else else
ipt=$($SUDO_CMD "$PACKAGE" -nL 2>/dev/null || true) ipt=$($SUDO_CMD "$FW_CMD" -nL 2>/dev/null || true)
if [[ -z "$ipt" ]]; then if [[ -z "$ipt" ]]; then
crit "Empty return from $PACKAGE command. Aborting..." crit "Empty return from $FW_CMD command. Aborting..."
return return
fi fi
for chain in $FW_CHAINS; do for chain in $FW_CHAINS; do