diff --git a/bin/hardening/3.1.1_disable_ip_forwarding.sh b/bin/hardening/3.1.1_disable_ip_forwarding.sh index 711f62c..38e7180 100755 --- a/bin/hardening/3.1.1_disable_ip_forwarding.sh +++ b/bin/hardening/3.1.1_disable_ip_forwarding.sh @@ -21,13 +21,16 @@ SYSCTL_EXP_RESULT=0 # This function will be called if the script status is on enabled / audit mode audit () { for SYSCTL_PARAM in $SYSCTL_PARAMS; do - has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT - if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" - elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist -- Typo?" - else - ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + does_sysctl_param_exists "net.ipv6" + if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6 + has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT + if [ $FNRET != 0 ]; then + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" + elif [ $FNRET = 255 ]; then + warn "$SYSCTL_PARAM does not exist -- Typo?" + else + ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + fi fi done } diff --git a/bin/hardening/3.2.1_disable_source_routed_packets.sh b/bin/hardening/3.2.1_disable_source_routed_packets.sh index 2bdb1b9..095d327 100755 --- a/bin/hardening/3.2.1_disable_source_routed_packets.sh +++ b/bin/hardening/3.2.1_disable_source_routed_packets.sh @@ -19,16 +19,19 @@ SYSCTL_PARAMS='' # This function will be called if the script status is on enabled / audit mode audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do - SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) - SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" - has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT - if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" - elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist -- Typo?" - else - ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + does_sysctl_param_exists "net.ipv6" + if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6 + SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) + SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" + has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT + if [ $FNRET != 0 ]; then + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" + elif [ $FNRET = 255 ]; then + warn "$SYSCTL_PARAM does not exist -- Typo?" + else + ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + fi fi done } diff --git a/bin/hardening/3.2.2_disable_icmp_redirect.sh b/bin/hardening/3.2.2_disable_icmp_redirect.sh index c6c889f..b31d41c 100755 --- a/bin/hardening/3.2.2_disable_icmp_redirect.sh +++ b/bin/hardening/3.2.2_disable_icmp_redirect.sh @@ -19,16 +19,20 @@ SYSCTL_PARAMS='' # This function will be called if the script status is on enabled / audit mode audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do - SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) - SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" - has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT - if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" - elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist -- Typo?" - else - ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + does_sysctl_param_exists "net.ipv6" + if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6 + SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) + SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" + + has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT + if [ $FNRET != 0 ]; then + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" + elif [ $FNRET = 255 ]; then + warn "$SYSCTL_PARAM does not exist -- Typo?" + else + ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" + fi fi done }