mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 05:27:01 +01:00
FIX(nbsp): remove non breakable spaces that caused Puppet to warn
This commit is contained in:
parent
75f6cce7f5
commit
1bac756dcb
@ -53,7 +53,7 @@ apply () {
|
|||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=audit
|
status=audit
|
||||||
# Put here valid accounts with uid 0 separated by spaces
|
# Put here valid accounts with uid 0 separated by spaces
|
||||||
EXCEPTIONS=""
|
EXCEPTIONS=""
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -14,7 +14,7 @@ set -u # One variable unset, it's over
|
|||||||
HARDENING_LEVEL=2
|
HARDENING_LEVEL=2
|
||||||
DESCRIPTION="Ensure firewall is active (iptables is installed, does not check for its configuration)."
|
DESCRIPTION="Ensure firewall is active (iptables is installed, does not check for its configuration)."
|
||||||
|
|
||||||
# Quick note here : CIS recommends your iptables rules to be persistent.
|
# Quick note here : CIS recommends your iptables rules to be persistent.
|
||||||
# Do as you want, but this script does not handle this
|
# Do as you want, but this script does not handle this
|
||||||
|
|
||||||
PACKAGE='iptables'
|
PACKAGE='iptables'
|
||||||
|
@ -5,15 +5,15 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
# If you followed this CIS hardening, this script follows 8.3.1_install_tripwire.sh
|
# If you followed this CIS hardening, this script follows 8.3.1_install_tripwire.sh
|
||||||
# After installing tripwire, you may want to run those few commented commands to make it fully functionnal
|
# After installing tripwire, you may want to run those few commented commands to make it fully functionnal
|
||||||
|
|
||||||
echo "Generating Site key file..."
|
echo "Generating Site key file..."
|
||||||
twadmin -m G -S /etc/tripwire/site.key # Generates Site key file
|
twadmin -m G -S /etc/tripwire/site.key # Generates Site key file
|
||||||
echo "Generating Local key file..."
|
echo "Generating Local key file..."
|
||||||
twadmin -m G -S /etc/tripwire/$(hostname -f)-local.key # Generate local key file
|
twadmin -m G -S /etc/tripwire/$(hostname -f)-local.key # Generate local key file
|
||||||
echo "Generating encrypted policy..."
|
echo "Generating encrypted policy..."
|
||||||
twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file
|
twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file
|
||||||
echo "Generating Local database with newly created key..."
|
echo "Generating Local database with newly created key..."
|
||||||
/usr/sbin/twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt # Init database with generated local key file
|
/usr/sbin/twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt # Init database with generated local key file
|
||||||
echo "Testing tripwire database update"
|
echo "Testing tripwire database update"
|
||||||
tripwire -m i # Test configuration update
|
tripwire -m i # Test configuration update
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
LONG_SCRIPT_NAME=$(basename $0)
|
LONG_SCRIPT_NAME=$(basename $0)
|
||||||
SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh}
|
SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh}
|
||||||
# Variable initialization, to avoid crash
|
# Variable initialization, to avoid crash
|
||||||
CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed
|
CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed
|
||||||
BATCH_MODE=0
|
BATCH_MODE=0
|
||||||
BATCH_OUTPUT=""
|
BATCH_OUTPUT=""
|
||||||
status=""
|
status=""
|
||||||
@ -103,7 +103,7 @@ case $status in
|
|||||||
;;
|
;;
|
||||||
disabled | false )
|
disabled | false )
|
||||||
info "$SCRIPT_NAME is disabled, ignoring"
|
info "$SCRIPT_NAME is disabled, ignoring"
|
||||||
exit 2 # Means unknown status
|
exit 2 # Means unknown status
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
warn "Wrong value for status : $status. Must be [ enabled | true | audit | disabled | false ]"
|
warn "Wrong value for status : $status. Must be [ enabled | true | audit | disabled | false ]"
|
||||||
@ -117,7 +117,7 @@ if [ $CRITICAL_ERRORS_NUMBER -eq 0 ]; then
|
|||||||
else
|
else
|
||||||
ok "Check Passed"
|
ok "Check Passed"
|
||||||
fi
|
fi
|
||||||
exit 0 # Means ok status
|
exit 0 # Means ok status
|
||||||
else
|
else
|
||||||
if [ $BATCH_MODE -eq 1 ]; then
|
if [ $BATCH_MODE -eq 1 ]; then
|
||||||
BATCH_OUTPUT="KO $SCRIPT_NAME $BATCH_OUTPUT"
|
BATCH_OUTPUT="KO $SCRIPT_NAME $BATCH_OUTPUT"
|
||||||
|
Loading…
Reference in New Issue
Block a user