From 68f2c640b19fa227486bd44e61469b25b31738c8 Mon Sep 17 00:00:00 2001
From: "thibault.dewailly" <thibault.dewailly@corp.ovh.com>
Date: Tue, 24 Dec 2024 09:34:10 +0000
Subject: [PATCH] feat: enhance NIS check

---
 bin/hardening/2.2.17_disable_nis.sh |  2 +-
 bin/hardening/2.3.1_disable_nis.sh  | 35 ++++++++++++++++-------------
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/bin/hardening/2.2.17_disable_nis.sh b/bin/hardening/2.2.17_disable_nis.sh
index e90f762..4699f07 100755
--- a/bin/hardening/2.2.17_disable_nis.sh
+++ b/bin/hardening/2.2.17_disable_nis.sh
@@ -17,7 +17,7 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Disable NIS Server."
 
-PACKAGES='nis'
+PACKAGES='nis ypserv'
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
diff --git a/bin/hardening/2.3.1_disable_nis.sh b/bin/hardening/2.3.1_disable_nis.sh
index 10b5f90..42f73b3 100755
--- a/bin/hardening/2.3.1_disable_nis.sh
+++ b/bin/hardening/2.3.1_disable_nis.sh
@@ -17,29 +17,32 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Ensure that Network Information Service is not installed. Recommended alternative : LDAP."
 
-PACKAGE='nis'
+PACKAGES='nis ypbind-mt'
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    is_pkg_installed "$PACKAGE"
-    if [ "$FNRET" = 0 ]; then
-        crit "$PACKAGE is installed!"
-    else
-        ok "$PACKAGE is absent"
-    fi
-    :
+    for PACKAGE in $PACKAGES; do
+        is_pkg_installed "$PACKAGE"
+        if [ "$FNRET" = 0 ]; then
+            crit "$PACKAGE is installed!"
+        else
+            ok "$PACKAGE is absent"
+        fi
+    done
 }
 
 # This function will be called if the script status is on enabled mode
 apply() {
-    is_pkg_installed "$PACKAGE"
-    if [ "$FNRET" = 0 ]; then
-        crit "$PACKAGE is installed, purging it"
-        apt-get purge "$PACKAGE" -y
-        apt-get autoremove -y
-    else
-        ok "$PACKAGE is absent"
-    fi
+    for PACKAGE in $PACKAGES; do
+        is_pkg_installed "$PACKAGE"
+        if [ "$FNRET" = 0 ]; then
+            crit "$PACKAGE is installed, purging it"
+            apt-get purge "$PACKAGE" -y
+            apt-get autoremove -y
+        else
+            ok "$PACKAGE is absent"
+        fi
+    done
 }
 
 # This function will check config parameters required