Add missing HARDENING_LEVEL (#44)

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2024-11-21 21:17:00 +01:00 · 2021-02-17 11:51:51 +01:00 · 2021-02-17 11:51:51 +01:00 · 40fb536d4e
commit 40fb536d4e
parent d1b371f410
8 changed files with 20 additions and 3 deletions
--- a/bin/hardening/99.1.1.23_disable_usb_devices.sh
+++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh
@ -13,6 +13,9 @@ set -e # One error, it's over
 set -u # One variable unset, it's over

 USER='root'
+
+# shellcheck disable=2034
+HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="USB devices are disabled."

--- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh
+++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh
@ -12,6 +12,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
+HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Checks there are no carte-blanche authorization in sudoers file(s)."

--- a/bin/hardening/99.5.2.3_ssh_disable_features.sh
+++ b/bin/hardening/99.5.2.3_ssh_disable_features.sh
@ -13,6 +13,7 @@ set -e # One error, it's over
 set -u # One variable unset, it's over

 # shellcheck disable=2034
+HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Check all special features in sshd_config are disabled"

--- a/bin/hardening/99.5.2.4_ssh_keys_from.sh
+++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh
@ -12,6 +12,8 @@
 set -e # One error, it is over
 set -u # One variable unset, it is over

+# shellcheck disable=2034
+HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Check <from> field in ssh authorized keys files for users with login shell, and allowed IP if available."

--- a/bin/hardening/99.5.2.5_ssh_strict_modes.sh
+++ b/bin/hardening/99.5.2.5_ssh_strict_modes.sh
@ -13,7 +13,9 @@ set -e # One error, it's over
 set -u # One variable unset, it's over

 # shellcheck disable=2034
-DESCRIPTION="Ensure home directory and ssh sensitive files are verified (not publicly readable)  before connecting."
+HARDENING_LEVEL=2
+# shellcheck disable=2034
+DESCRIPTION="Ensure home directory and ssh sensitive files are verified (not publicly readable) before connecting."

 PACKAGE='openssh-server'
 OPTIONS='StrictModes=yes'
--- a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh
+++ b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh
@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
+HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Ensure that legacy services rlogin, rlogind and rcp are disabled and not installed"
+
 # shellcheck disable=2034
 SERVICES="rlogin rlogind rcp"

--- a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
+++ b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh
@ -6,14 +6,16 @@
 #

 #
-# 99.5.4.5.1 Check that any password that may exist in /etc/shadow is SHA512 hashed and salted
+# 99.5.4.5.1 Check that any password that will be created will be SHA512 hashed and salted
 #

 set -e # One error, it's over
 set -u # One variable unset, it's over

 # shellcheck disable=2034
-DESCRIPTION="Check that any password that may exist in /etc/shadow is SHA512 hashed and salted"
+HARDENING_LEVEL=2
+# shellcheck disable=2034
+DESCRIPTION="Check that any password that will be created will be SHA512 hashed and salted"

 CONF_FILE="/etc/login.defs"
 CONF_LINE="ENCRYPT_METHOD SHA512"
--- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
+++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh
@ -12,6 +12,8 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over

+# shellcheck disable=2034
+HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Check that any password that may exist in /etc/shadow is SHA512 hashed and salted"
 FILE="/etc/shadow"