ADD(1.1.1.7): restrict FAT partitions

2024-11-22 05:27:01 +01:00 · 2020-12-23 11:05:37 +01:00 · 2020-12-23 11:05:37 +01:00 · 520ab63b29
commit 520ab63b29
parent f626201fdd
1 changed files with 16 additions and 3 deletions
--- a/bin/hardening/1.1.1.7_restrict_fat.sh
+++ b/bin/hardening/1.1.1.7_restrict_fat.sh
@ -13,20 +13,33 @@ set -e # One error, it's over
 set -u # One variable unset, it's over

 # shellcheck disable=2034
-HARDENING_LEVEL=2
+HARDENING_LEVEL=5
 # shellcheck disable=2034
 DESCRIPTION="Limit mounting of FAT filesystems."

 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels

+KERNEL_OPTION="CONFIG_VFAT_FS"
+MODULE_FILE="vfat"
+
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    :
+    is_kernel_option_enabled "$KERNEL_OPTION" "$MODULE_FILE"
+    if [ "$FNRET" = 0 ]; then # 0 means true in bash, so it IS activated
+        crit "$KERNEL_OPTION is enabled!"
+    else
+        ok "$KERNEL_OPTION is disabled"
+    fi
 }

 # This function will be called if the script status is on enabled mode
 apply() {
-    :
+    is_kernel_option_enabled "$KERNEL_OPTION"
+    if [ "$FNRET" = 0 ]; then # 0 means true in bash, so it IS activated
+        warn "I cannot fix $KERNEL_OPTION enabled, recompile your kernel please"
+    else
+        ok "$KERNEL_OPTION is disabled, nothing to do"
+    fi
 }

 # This function will check config parameters required