4.1_restrict_core_dumps.sh

This commit is contained in:
thibault.dewailly
2016-04-11 14:55:42 +02:00
parent 90e4c32138
commit 1bacb6c2ff
3 changed files with 122 additions and 0 deletions

View File

@ -1,5 +1,40 @@
# CIS Debian 7 Hardening Utility functions
#
# Sysctl Manipulation
#
has_sysctl_param_expected_result() {
local SYSCTL_PARAM=$1
local EXP_RESULT=$2
if [ "$(sysctl $SYSCTL_PARAM 2>/dev/null)" = "$SYSCTL_PARAM = $EXP_RESULT" ]; then
FNRET=0
elif [ $? != 0 ]; then
debug "$SYSCTL_PARAM does not exist"
FNRET=255
else
debug "$SYSCTL_PARAM has not a value of $EXP_RESULT"
FNRET=1
fi
}
set_sysctl_param() {
local SYSCTL_PARAM=$1
local VALUE=$2
debug "Setting $SYSCTL_PARAM to $VALUE"
if [ "$(sysctl -w $SYSCTL_PARAM 2>/dev/null)" = "$SYSCTL_PARAM = $VALUE" ]; then
FNRET=0
elif [ $? != 0 ]; then
debug "$SYSCTL_PARAM does not exist"
FNRET=255
else
warn "$SYSCTL_PARAM Failed !"
FNRET=1
fi
}
#
# File manipulation
#
@ -51,6 +86,16 @@ does_pattern_exists_in_file() {
}
add_end_of_file() {
local FILE=$1
local LINE=$2
debug "Adding $LINE at the end of $FILE"
backup_file "$1"
echo "$2" >> $FILE
}
#
# User manipulation
#