mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-24 11:34:35 +02:00
Check that package are installed before launching check (#69)
* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed * FIX(2.2.15): check package install * FIX(4.2.x): check package install * FIX(5.1.x): check crontab files exist * FIX(5.2.1): check package install * FIX(99.3.3.x): check conf file exist * Remove useless SUDO_CMD * Deal with non existant /run/shm * Replace exit code 128 by exit code 2 fix #65 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:

committed by
GitHub

parent
f8ac58700d
commit
1c51e4cec4
@ -21,39 +21,50 @@ HARDENING_EXCEPTION=mail
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit() {
|
||||
info "Checking netport ports opened"
|
||||
RESULT=$($SUDO_CMD netstat -an | grep LIST | grep ":25[[:space:]]") || :
|
||||
RESULT=${RESULT:-}
|
||||
debug "Result is $RESULT"
|
||||
if [ -z "$RESULT" ]; then
|
||||
ok "Nothing listens on 25 port, probably unix socket configured"
|
||||
is_pkg_installed net-tools
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
warn "netsat not installed, cannot execute check"
|
||||
exit 2
|
||||
else
|
||||
info "Checking $RESULT"
|
||||
if grep -q "127.0.0.1" <<<"$RESULT"; then
|
||||
ok "MTA is configured to localhost only"
|
||||
info "Checking netport ports opened"
|
||||
RESULT=$($SUDO_CMD netstat -an | grep LIST | grep ":25[[:space:]]") || :
|
||||
RESULT=${RESULT:-}
|
||||
debug "Result is $RESULT"
|
||||
if [ -z "$RESULT" ]; then
|
||||
ok "Nothing listens on 25 port, probably unix socket configured"
|
||||
else
|
||||
crit "MTA listens worldwide"
|
||||
info "Checking $RESULT"
|
||||
if grep -q "127.0.0.1" <<<"$RESULT"; then
|
||||
ok "MTA is configured to localhost only"
|
||||
else
|
||||
crit "MTA listens worldwide"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
info "Checking netport ports opened"
|
||||
RESULT=$(netstat -an | grep LIST | grep ":25[[:space:]]") || :
|
||||
RESULT=${RESULT:-}
|
||||
debug "Result is $RESULT"
|
||||
if [ -z "$RESULT" ]; then
|
||||
ok "Nothing listens on 25 port, probably unix socket configured"
|
||||
is_pkg_installed net-tools
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
warn "netsat not installed, cannot execute check"
|
||||
exit 2
|
||||
else
|
||||
info "Checking $RESULT"
|
||||
if grep -q "127.0.0.1" <<<"$RESULT"; then
|
||||
ok "MTA is configured to localhost only"
|
||||
info "Checking netport ports opened"
|
||||
RESULT=$(netstat -an | grep LIST | grep ":25[[:space:]]") || :
|
||||
RESULT=${RESULT:-}
|
||||
debug "Result is $RESULT"
|
||||
if [ -z "$RESULT" ]; then
|
||||
ok "Nothing listens on 25 port, probably unix socket configured"
|
||||
else
|
||||
warn "MTA listens worldwide, correct this considering your MTA"
|
||||
info "Checking $RESULT"
|
||||
if grep -q "127.0.0.1" <<<"$RESULT"; then
|
||||
ok "MTA is configured to localhost only"
|
||||
else
|
||||
warn "MTA listens worldwide, correct this considering your MTA"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
:
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
|
Reference in New Issue
Block a user