Check that package are installed before launching check (#69)

* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed * FIX(2.2.15): check package install * FIX(4.2.x): check package install * FIX(5.1.x): check crontab files exist * FIX(5.2.1): check package install * FIX(99.3.3.x): check conf file exist * Remove useless SUDO_CMD * Deal with non existant /run/shm * Replace exit code 128 by exit code 2 fix #65 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2025-06-24 11:34:35 +02:00 · 2021-03-25 14:01:57 +01:00
parent f8ac58700d
commit 1c51e4cec4
24 changed files with 561 additions and 409 deletions
--- a/bin/hardening/4.2.1.2_enable_syslog-ng.sh
+++ b/bin/hardening/4.2.1.2_enable_syslog-ng.sh
@ -17,29 +17,40 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Ensure syslog-ng service is activated."

+PACKAGE='syslog-ng'
 SERVICE_NAME="syslog-ng"

 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    info "Checking if $SERVICE_NAME is enabled"
-    is_service_enabled "$SERVICE_NAME"
-    if [ "$FNRET" = 0 ]; then
-        ok "$SERVICE_NAME is enabled"
+    is_pkg_installed "$PACKAGE"
+    if [ "$FNRET" != 0 ]; then
+        crit "$PACKAGE is not installed!"
    else
-        crit "$SERVICE_NAME is disabled"
+        info "Checking if $SERVICE_NAME is enabled"
+        is_service_enabled "$SERVICE_NAME"
+        if [ "$FNRET" = 0 ]; then
+            ok "$SERVICE_NAME is enabled"
+        else
+            crit "$SERVICE_NAME is disabled"
+        fi
    fi
 }

 # This function will be called if the script status is on enabled mode
 apply() {
-    info "Checking if $SERVICE_NAME is enabled"
-    is_service_enabled "$SERVICE_NAME"
+    is_pkg_installed "$PACKAGE"
    if [ "$FNRET" != 0 ]; then
-        info "Enabling $SERVICE_NAME"
-        update-rc.d "$SERVICE_NAME" remove >/dev/null 2>&1
-        update-rc.d "$SERVICE_NAME" defaults >/dev/null 2>&1
+        crit "$PACKAGE is not installed!"
    else
-        ok "$SERVICE_NAME is enabled"
+        info "Checking if $SERVICE_NAME is enabled"
+        is_service_enabled "$SERVICE_NAME"
+        if [ "$FNRET" != 0 ]; then
+            info "Enabling $SERVICE_NAME"
+            update-rc.d "$SERVICE_NAME" remove >/dev/null 2>&1
+            update-rc.d "$SERVICE_NAME" defaults >/dev/null 2>&1
+        else
+            ok "$SERVICE_NAME is enabled"
+        fi
    fi
 }