Merge pull request #5 in IAAS/cis-hardening from dev/thibault.dewailly/fixedLicense to master

* commit 'a7f418d8a2d5b90a7257542b1dd16fd4238721ca':
  Corrected script names, added License, Completed README and corrected bug with too long logger messages

LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2016, OVH SAS.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+  * Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+  * Neither the name of OVH SAS nor the
+    names of its contributors may be used to endorse or promote products
+    derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL OVH SAS AND CONTRIBUTORS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README

@@ -5,9 +5,17 @@
 # Hardening scripts :
 # bin/hardening : Every script has a .cfg associated, status must be defined here
 
-# Main script : 
-# bin/hardening.sh : Will execute hardening according to configuration
-
 # Configuration
 # etc/hardening.cfg : Global variables defined such as backup directory, or log level
-# etc/conf.d        : Folder with all .cfg associated to hardenign scripts
+# etc/conf.d        : Folder with all .cfg associated to hardening scripts
+
+# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
+# Enabled will perform audit and most of the time correct your system accordingly. 
+# There is exceptions as it is difficult to know how you want to correct that.
+
+# Main script : 
+# bin/hardening.sh : Will execute hardening according to configuration
+# Options are :
+# --apply     : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
+# --audit     : Will audit hardening when scripts have status enabled or audit (RO) 
+# --audit-all : Apply audit (RO) on all scripts

bin/hardening/12.8_find_unowned_files.sh

@@ -22,7 +22,7 @@ audit () {
         FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
         crit "$FORMATTED_RESULT"
     else
-        ok "No world writable files found"
+        ok "No unowned files found"
     fi
 }
 
@@ -33,7 +33,7 @@ apply () {
         warn "chmowing all unowned files in the system"
         df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER 
     else
-        ok "No world writable files found, nothing to apply"
+        ok "No unowned files found, nothing to apply"
     fi
 }
 

lib/common.sh

@@ -46,14 +46,14 @@ _logger() {
     COLOR=$1
     shift
     test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0)
-    /usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info" "$*"
+    builtin echo "$*" | /usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info"
     test -t 1 && cecho $COLOR "$SCRIPT_NAME $*"
 }
 
 cecho () {
     COLOR=$1
     shift
-    echo -e "${COLOR}$*${NC}"
+    builtin echo -e "${COLOR}$*${NC}"
 }
 
 crit () {