From 9a5e962cd4a01e3e276d0aff209ab3288ac874f6 Mon Sep 17 00:00:00 2001 From: "thibault.dewailly" Date: Fri, 1 Apr 2016 09:32:17 +0200 Subject: [PATCH] Added basic Configuration files and skeleton scripts --- bin/hardening/1.1_Install_Updates.sh | 21 +++++++++++++ etc/conf.d/README | 2 ++ etc/hardening.cfg | 2 ++ lib/common.sh | 7 +++++ lib/constants.sh | 33 +++++++++++++++++++++ lib/utils.sh | 18 ++++++++++++ src/skel.sh | 44 ++++++++++++++++++++++++++++ 7 files changed, 127 insertions(+) create mode 100644 bin/hardening/1.1_Install_Updates.sh create mode 100644 etc/conf.d/README create mode 100644 etc/hardening.cfg create mode 100644 lib/common.sh create mode 100644 lib/constants.sh create mode 100644 lib/utils.sh create mode 100644 src/skel.sh diff --git a/bin/hardening/1.1_Install_Updates.sh b/bin/hardening/1.1_Install_Updates.sh new file mode 100644 index 0000000..b79db85 --- /dev/null +++ b/bin/hardening/1.1_Install_Updates.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 1.1 Install Updates, Patches and Additional Security Software (Not Scored) +# + +# This function will be called if the script status is ont enabled / audit mode +audit () { + +} + +# This function will be called if the script status is on enabled mode +apply () { + +} + + diff --git a/etc/conf.d/README b/etc/conf.d/README new file mode 100644 index 0000000..9ae0181 --- /dev/null +++ b/etc/conf.d/README @@ -0,0 +1,2 @@ +# Put Here your Custom configuration files +# Name convention : $SCRIPT_NAME.cfg diff --git a/etc/hardening.cfg b/etc/hardening.cfg new file mode 100644 index 0000000..7038654 --- /dev/null +++ b/etc/hardening.cfg @@ -0,0 +1,2 @@ +# CIS Debian 7 Hardening +# Main Configuration File diff --git a/lib/common.sh b/lib/common.sh new file mode 100644 index 0000000..e7d869a --- /dev/null +++ b/lib/common.sh @@ -0,0 +1,7 @@ +# CIS Debian 7 Hardening common functions + +logger() { + test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0) + logger -i -t "$SCRIPT_NAME" -p "user.info" "$(date +%Y.%m.%d-%H:%M:%S) $*" + test -t 1 && echo "$(date +%Z-%Y.%m.%d-%H:%M:%S) $*" +} diff --git a/lib/constants.sh b/lib/constants.sh new file mode 100644 index 0000000..5d2389e --- /dev/null +++ b/lib/constants.sh @@ -0,0 +1,33 @@ +# Defines constants for CIS Debian 7 Hardening + +# + + + + + + + + + + + + + + + + +#### Useful Colot constants settings for loglevels + +# Reset Color (for syslog) +NC='\033[0m' + +# Colors +RED='\033[1;31m' +GREEN='\033[1;32m' +YELLOW='\033[1;33m' + +# Bold +BRED='\033[1;31m' # Red +BGREEN='\033[1;32m' # Green +BYELLOW='\033[1;33m' # Yellow diff --git a/lib/utils.sh b/lib/utils.sh new file mode 100644 index 0000000..de09676 --- /dev/null +++ b/lib/utils.sh @@ -0,0 +1,18 @@ +# CIS Debian 7 Hardening Utility functions + + + +# +# Return if a package is installed +# @param $1 package name +# +is_installed() +{ + PKG_NAME=$1 + if `dpkg -s $PKG_NAME 2> /dev/null | grep -q '^Status: install '` ; then + return 0 + fi + return 1 +} + + diff --git a/src/skel.sh b/src/skel.sh new file mode 100644 index 0000000..0d5b59b --- /dev/null +++ b/src/skel.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + + +# +# Hardening script skeleton replace this line with proper point treated +# + +# This function will be called if the script status is ont enabled / audit mode +audit () { + +} + +# This function will be called if the script status is on enabled mode +apply () { + +} + +# Environment Sanitizing +export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + +# Source Root Dir Parameter + +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +SCRIPT_NAME=$(basename $0) + +# Source general configuration file and Specific configuration file if exist + +[ -r $ROOT_DIR/etc/hardening.cfg ] && . $ROOT_DIR/etc/hardening.cfg +[ -r $ROOT_DIR/etc/hardening/$SCRIPT_NAME ] && . $ROOT_DIR/etc/hardening/$SCRIPT_NAME + +