elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX(1.7.1.4): don't abort script in case of unconfined processes (#130)

Browse Source
This commit is contained in:
Sebastien BLAISOT 2021-10-20 13:14:36 +02:00 committed by GitHub
parent 6e2fb1570c
commit 3d2d97a727
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/hardening/1.7.1.4_enforcing_apparmor.sh
View File

@ -32,8 +32,8 @@ audit() {
fi fi
done done
if [ "$ERROR" = 0 ]; then if [ "$ERROR" = 0 ]; then
RESULT_UNCONFINED=$($SUDO_CMD apparmor_status | grep "^0 processes are unconfined but have a profile defined") RESULT_UNCONFINED=$($SUDO_CMD apparmor_status | grep "^0 processes are unconfined but have a profile defined" || true)
RESULT_COMPLAIN=$($SUDO_CMD apparmor_status | grep "^0 profiles are in complain mode.") RESULT_COMPLAIN=$($SUDO_CMD apparmor_status | grep "^0 profiles are in complain mode." || true)
if [ -n "$RESULT_UNCONFINED" ]; then if [ -n "$RESULT_UNCONFINED" ]; then
ok "No profiles are unconfined" ok "No profiles are unconfined"
@ -61,8 +61,8 @@ apply() {
fi fi
done done
RESULT_UNCONFINED=$(apparmor_status | grep "^0 processes are unconfined but have a profile defined") RESULT_UNCONFINED=$(apparmor_status | grep "^0 processes are unconfined but have a profile defined" || true)
RESULT_COMPLAIN=$(apparmor_status | grep "^0 profiles are in complain mode.") RESULT_COMPLAIN=$(apparmor_status | grep "^0 profiles are in complain mode." || true)
if [ -n "$RESULT_UNCONFINED" ]; then if [ -n "$RESULT_UNCONFINED" ]; then
ok "No profiles are unconfined" ok "No profiles are unconfined"