Check that package are installed before launching check (#69)

* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed * FIX(2.2.15): check package install * FIX(4.2.x): check package install * FIX(5.1.x): check crontab files exist * FIX(5.2.1): check package install * FIX(99.3.3.x): check conf file exist * Remove useless SUDO_CMD * Deal with non existant /run/shm * Replace exit code 128 by exit code 2 fix #65 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2025-06-25 03:54:33 +02:00 · 2021-03-25 14:01:57 +01:00
parent f8ac58700d
commit 1c51e4cec4
24 changed files with 561 additions and 409 deletions
--- a/bin/hardening/1.6.1_enable_nx_support.sh
+++ b/bin/hardening/1.6.1_enable_nx_support.sh
@ -35,31 +35,39 @@ nx_supported_and_enabled() {

 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    does_pattern_exist_in_dmesg "$PATTERN"
-    if [ "$FNRET" != 0 ]; then
-        nx_supported_and_enabled
-        if [ "$FNRET" != 0 ]; then
-            crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
-        else
-            ok "NX is supported and enabled"
-        fi
+    if [ "$IS_CONTAINER" -eq 1 ]; then
+        ok "Container detected, cannot read dmesg!"
    else
-        ok "$PATTERN is present in dmesg"
+        does_pattern_exist_in_dmesg "$PATTERN"
+        if [ "$FNRET" != 0 ]; then
+            nx_supported_and_enabled
+            if [ "$FNRET" != 0 ]; then
+                crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
+            else
+                ok "NX is supported and enabled"
+            fi
+        else
+            ok "$PATTERN is present in dmesg"
+        fi
    fi
 }

 # This function will be called if the script status is on enabled mode
 apply() {
-    does_pattern_exist_in_dmesg "$PATTERN"
-    if [ "$FNRET" != 0 ]; then
-        nx_supported_and_enabled
-        if [ "$FNRET" != 0 ]; then
-            crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
-        else
-            ok "NX is supported and enabled"
-        fi
+    if [ "$IS_CONTAINER" -eq 1 ]; then
+        ok "Container detected, cannot read dmesg!"
    else
-        ok "$PATTERN is present in dmesg"
+        does_pattern_exist_in_dmesg "$PATTERN"
+        if [ "$FNRET" != 0 ]; then
+            nx_supported_and_enabled
+            if [ "$FNRET" != 0 ]; then
+                crit "$PATTERN is not present in dmesg and NX seems unsupported or disabled"
+            else
+                ok "NX is supported and enabled"
+            fi
+        else
+            ok "$PATTERN is present in dmesg"
+        fi
    fi
 }