FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled

This commit is contained in:
Thibault Ayanides 2020-11-02 17:16:11 +01:00
parent c2090b74b3
commit 668dc80bb8
3 changed files with 37 additions and 27 deletions

View File

@ -21,13 +21,16 @@ SYSCTL_EXP_RESULT=0
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
for SYSCTL_PARAM in $SYSCTL_PARAMS; do for SYSCTL_PARAM in $SYSCTL_PARAMS; do
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT does_sysctl_param_exists "net.ipv6"
if [ $FNRET != 0 ]; then if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
elif [ $FNRET = 255 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
else elif [ $FNRET = 255 ]; then
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" warn "$SYSCTL_PARAM does not exist -- Typo?"
else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi
fi fi
done done
} }

View File

@ -19,16 +19,19 @@ SYSCTL_PARAMS=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) does_sysctl_param_exists "net.ipv6"
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
if [ $FNRET != 0 ]; then debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
elif [ $FNRET = 255 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
else elif [ $FNRET = 255 ]; then
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" warn "$SYSCTL_PARAM does not exist -- Typo?"
else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi
fi fi
done done
} }

View File

@ -19,16 +19,20 @@ SYSCTL_PARAMS=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) does_sysctl_param_exists "net.ipv6"
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
if [ $FNRET != 0 ]; then debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
warn "$SYSCTL_PARAM does not exist -- Typo?" if [ $FNRET != 0 ]; then
else crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"
else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi
fi fi
done done
} }