From 756fce8c2e8626343586c4f726c0c3df84991c48 Mon Sep 17 00:00:00 2001 From: "thibault.dewailly" Date: Sun, 17 Apr 2016 23:19:41 +0200 Subject: [PATCH] Fixed disabled features, headers and preparing main script --- bin/hardening.sh | 6 ++++++ bin/hardening/13.19_find_user_forward_files.sh | 2 +- bin/hardening/13.20_shadow_group_empty.sh | 2 +- etc/conf.d/7.5.3_disable_rds.cfg | 2 ++ lib/main.sh | 8 ++++---- 5 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 etc/conf.d/7.5.3_disable_rds.cfg diff --git a/bin/hardening.sh b/bin/hardening.sh index 1445dd0..e76d52d 100644 --- a/bin/hardening.sh +++ b/bin/hardening.sh @@ -14,3 +14,9 @@ # Audit mode # ls | sort -V + +cd /opt/cis-hardening/bin/hardening +for i in $(ls | sort -V); do +echo "$i" +./$i --audit +done diff --git a/bin/hardening/13.19_find_user_forward_files.sh b/bin/hardening/13.19_find_user_forward_files.sh index 920ad49..eff76e3 100755 --- a/bin/hardening/13.19_find_user_forward_files.sh +++ b/bin/hardening/13.19_find_user_forward_files.sh @@ -6,7 +6,7 @@ # # -# 13.18 Check for Presence of User .netrc Files (Scored) +# 13.19 Check for Presence of User .forward Files (Scored) # set -e # One error, it's over diff --git a/bin/hardening/13.20_shadow_group_empty.sh b/bin/hardening/13.20_shadow_group_empty.sh index bc07033..a65e1e8 100755 --- a/bin/hardening/13.20_shadow_group_empty.sh +++ b/bin/hardening/13.20_shadow_group_empty.sh @@ -6,7 +6,7 @@ # # -# 13.18 Check for Presence of User .netrc Files (Scored) +# 13.20 Ensure shadow group is empty (Scored) # set -e # One error, it's over diff --git a/etc/conf.d/7.5.3_disable_rds.cfg b/etc/conf.d/7.5.3_disable_rds.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/7.5.3_disable_rds.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/lib/main.sh b/lib/main.sh index 87c3f26..fd73202 100644 --- a/lib/main.sh +++ b/lib/main.sh @@ -27,7 +27,7 @@ while [[ $# > 0 ]]; do ARG="$1" case $ARG in --audit) - if [ $status != 'disabled' -o $status != 'false' ]; then + if [ $status != 'disabled' -a $status != 'false' ]; then debug "Audit argument detected, setting status to audit" status=audit else @@ -58,17 +58,17 @@ case $status in ;; disabled | false ) info "$SCRIPT_NAME is disabled, ignoring" + exit 2 # Means unknown status ;; *) warn "Wrong value for status : $status. Must be [ enabled | true | audit | disabled | false ]" ;; esac -info "Results : " if [ $CRITICAL_ERRORS_NUMBER = 0 ]; then ok "Check Passed" - exit 0 + exit 0 # Means ok status else crit "Check Failed" - exit 1 + exit 1 # Means critical status fi