From a54abb24969956055637e247d5a208e3ed63b1fc Mon Sep 17 00:00:00 2001 From: "thibault.dewailly" Date: Tue, 12 Apr 2016 11:21:36 +0200 Subject: [PATCH] 6.2_disable_avahi_server.sh 6.3_disable_print_server.sh 6.4_disable_dhcp.sh 6.5_configure_ntp.sh 6.6_diable_ldap.sh 6.7_disable_nfs_rpc.sh 6.8_disable_dns_server.sh --- bin/hardening/4.4_disable_prelink.sh | 1 + bin/hardening/5.1.1_disable_nis.sh | 1 + bin/hardening/5.1.2_disable_rsh.sh | 1 + bin/hardening/5.1.3_disable_rsh_client.sh | 1 + bin/hardening/5.1.4_disable_talk.sh | 1 + bin/hardening/5.1.5_disable_talk_client.sh | 1 + bin/hardening/5.1.6_disable_telnet_server.sh | 1 + bin/hardening/5.1.7_disable_tftp_server.sh | 1 + bin/hardening/5.1.8_disable_inetd.sh | 1 + bin/hardening/6.1_disable_xwindow_system.sh | 1 + bin/hardening/6.2_disable_avahi_server.sh | 59 +++++++++++++ bin/hardening/6.3_disable_print_server.sh | 59 +++++++++++++ bin/hardening/6.4_disable_dhcp.sh | 59 +++++++++++++ bin/hardening/6.5_configure_ntp.sh | 87 ++++++++++++++++++++ bin/hardening/6.6_diable_ldap.sh | 59 +++++++++++++ bin/hardening/6.7_disable_nfs_rpc.sh | 59 +++++++++++++ bin/hardening/6.8_disable_dns_server.sh | 59 +++++++++++++ etc/conf.d/6.2_disable_avahi_server.cfg | 2 + etc/conf.d/6.3_disable_print_server.cfg | 2 + etc/conf.d/6.4_disable_dhcp.cfg | 2 + etc/conf.d/6.5_configure_ntp.cfg | 2 + etc/conf.d/6.6_diable_ldap.cfg | 2 + etc/conf.d/6.7_disable_nfs_rpc.cfg | 2 + etc/conf.d/6.8_disable_dns_server.cfg | 2 + lib/utils.sh | 19 ++++- 25 files changed, 483 insertions(+), 1 deletion(-) create mode 100755 bin/hardening/6.2_disable_avahi_server.sh create mode 100755 bin/hardening/6.3_disable_print_server.sh create mode 100755 bin/hardening/6.4_disable_dhcp.sh create mode 100755 bin/hardening/6.5_configure_ntp.sh create mode 100755 bin/hardening/6.6_diable_ldap.sh create mode 100755 bin/hardening/6.7_disable_nfs_rpc.sh create mode 100755 bin/hardening/6.8_disable_dns_server.sh create mode 100644 etc/conf.d/6.2_disable_avahi_server.cfg create mode 100644 etc/conf.d/6.3_disable_print_server.cfg create mode 100644 etc/conf.d/6.4_disable_dhcp.cfg create mode 100644 etc/conf.d/6.5_configure_ntp.cfg create mode 100644 etc/conf.d/6.6_diable_ldap.cfg create mode 100644 etc/conf.d/6.7_disable_nfs_rpc.cfg create mode 100644 etc/conf.d/6.8_disable_dns_server.cfg diff --git a/bin/hardening/4.4_disable_prelink.sh b/bin/hardening/4.4_disable_prelink.sh index 52693da..3770a6b 100755 --- a/bin/hardening/4.4_disable_prelink.sh +++ b/bin/hardening/4.4_disable_prelink.sh @@ -31,6 +31,7 @@ apply () { crit "$PACKAGE is installed, purging it" /usr/sbin/prelink -ua apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.1_disable_nis.sh b/bin/hardening/5.1.1_disable_nis.sh index afe81f5..ddabc5b 100755 --- a/bin/hardening/5.1.1_disable_nis.sh +++ b/bin/hardening/5.1.1_disable_nis.sh @@ -30,6 +30,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.2_disable_rsh.sh b/bin/hardening/5.1.2_disable_rsh.sh index d86a588..0abc6b6 100755 --- a/bin/hardening/5.1.2_disable_rsh.sh +++ b/bin/hardening/5.1.2_disable_rsh.sh @@ -45,6 +45,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.3_disable_rsh_client.sh b/bin/hardening/5.1.3_disable_rsh_client.sh index 72fcfa9..5104dfc 100755 --- a/bin/hardening/5.1.3_disable_rsh_client.sh +++ b/bin/hardening/5.1.3_disable_rsh_client.sh @@ -32,6 +32,7 @@ apply () { if [ $FNRET = 0 ]; then warn "$PACKAGE is installed, purging" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.4_disable_talk.sh b/bin/hardening/5.1.4_disable_talk.sh index 1f5e83a..ffd320b 100755 --- a/bin/hardening/5.1.4_disable_talk.sh +++ b/bin/hardening/5.1.4_disable_talk.sh @@ -45,6 +45,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.5_disable_talk_client.sh b/bin/hardening/5.1.5_disable_talk_client.sh index 7bb9a5f..3e5c927 100755 --- a/bin/hardening/5.1.5_disable_talk_client.sh +++ b/bin/hardening/5.1.5_disable_talk_client.sh @@ -32,6 +32,7 @@ apply () { if [ $FNRET = 0 ]; then warn "$PACKAGE is installed, purging" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.6_disable_telnet_server.sh b/bin/hardening/5.1.6_disable_telnet_server.sh index cd89e14..6329d72 100755 --- a/bin/hardening/5.1.6_disable_telnet_server.sh +++ b/bin/hardening/5.1.6_disable_telnet_server.sh @@ -45,6 +45,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.7_disable_tftp_server.sh b/bin/hardening/5.1.7_disable_tftp_server.sh index 8f9c2e9..0c39f26 100755 --- a/bin/hardening/5.1.7_disable_tftp_server.sh +++ b/bin/hardening/5.1.7_disable_tftp_server.sh @@ -45,6 +45,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.8_disable_inetd.sh b/bin/hardening/5.1.8_disable_inetd.sh index f290e68..bad5b8c 100755 --- a/bin/hardening/5.1.8_disable_inetd.sh +++ b/bin/hardening/5.1.8_disable_inetd.sh @@ -32,6 +32,7 @@ apply () { if [ $FNRET = 0 ]; then warn "$PACKAGE is installed, purging" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.1_disable_xwindow_system.sh b/bin/hardening/6.1_disable_xwindow_system.sh index e95ff77..c50b597 100755 --- a/bin/hardening/6.1_disable_xwindow_system.sh +++ b/bin/hardening/6.1_disable_xwindow_system.sh @@ -32,6 +32,7 @@ apply () { if [ $FNRET = 0 ]; then crit "$PACKAGE is installed, purging it" apt-get purge $PACKAGE -y + apt-get autoremove else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.2_disable_avahi_server.sh b/bin/hardening/6.2_disable_avahi_server.sh new file mode 100755 index 0000000..9d24d83 --- /dev/null +++ b/bin/hardening/6.2_disable_avahi_server.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.2 Ensure Avahi Server is not enabled (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.3_disable_print_server.sh b/bin/hardening/6.3_disable_print_server.sh new file mode 100755 index 0000000..f430c7e --- /dev/null +++ b/bin/hardening/6.3_disable_print_server.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.3 Ensure print server is not enabled (Not Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.4_disable_dhcp.sh b/bin/hardening/6.4_disable_dhcp.sh new file mode 100755 index 0000000..8c1504a --- /dev/null +++ b/bin/hardening/6.4_disable_dhcp.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.4 Ensure DHCP Server is not enabled (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='udhcpd isc-dhcp-server' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.5_configure_ntp.sh b/bin/hardening/6.5_configure_ntp.sh new file mode 100755 index 0000000..df3c861 --- /dev/null +++ b/bin/hardening/6.5_configure_ntp.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.5 Configure Network Time Protocol (NTP) (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGE='ntp' +NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)' +NTP_CONF_FILE='/etc/ntp.conf' +NTP_INIT_PATTERN='RUNASUSER=ntp' +NTP_INIT_FILE='/etc/init.d/ntp' + +# This function will be called if the script status is on enabled / audit mode +audit () { + is_pkg_installed $PACKAGE + if [ $FNRET != 0 ]; then + crit "$PACKAGE is not installed !" + else + ok "$PACKAGE is installed, checking configuration" + does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN + if [ $FNRET != 0 ]; then + crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE" + else + ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE" + fi + does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN" + if [ $FNRET != 0 ]; then + crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE" + else + ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE" + fi + fi +} + +# This function will be called if the script status is on enabled mode +apply () { + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + ok "$PACKAGE is installed" + else + crit "$PACKAGE is absent, installing it" + apt_install $PACKAGE + info "Checking $PACKAGE configuration" + fi + does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN + if [ $FNRET != 0 ]; then + warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it" + backup_file $NTP_CONF_FILE + add_end_of_file $NTP_CONF_FILE "restrict -4 default kod notrap nomodify nopeer noquery" + else + ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE" + fi + does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN" + if [ $FNRET != 0 ]; then + warn "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE, adding it" + backup_file $NTP_INIT_FILE + add_line_file_before_pattern $NTP_INIT_FILE $NTP_INIT_PATTERN "^UGID" + else + ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE" + fi +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.6_diable_ldap.sh b/bin/hardening/6.6_diable_ldap.sh new file mode 100755 index 0000000..1126ec9 --- /dev/null +++ b/bin/hardening/6.6_diable_ldap.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.6 Ensure LDAP is not enabled (Not Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='slapd' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.7_disable_nfs_rpc.sh b/bin/hardening/6.7_disable_nfs_rpc.sh new file mode 100755 index 0000000..40244dd --- /dev/null +++ b/bin/hardening/6.7_disable_nfs_rpc.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.7 Ensure NFS and RPC are not enabled (Not Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='rpcbind nfs-kernel-server' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.8_disable_dns_server.sh b/bin/hardening/6.8_disable_dns_server.sh new file mode 100755 index 0000000..b3ecb69 --- /dev/null +++ b/bin/hardening/6.8_disable_dns_server.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# + +# +# 6.8 Ensure DNS Server is not enabled (Not Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGES='bind9 unbound' + +# This function will be called if the script status is on enabled / audit mode +audit () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed !" + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will be called if the script status is on enabled mode +apply () { + for PACKAGE in $PACKAGES; do + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + crit "$PACKAGE is installed, purging it" + apt-get purge $PACKAGE -y +apt-get autoremove + else + ok "$PACKAGE is absent" + fi + done +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/etc/conf.d/6.2_disable_avahi_server.cfg b/etc/conf.d/6.2_disable_avahi_server.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.2_disable_avahi_server.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.3_disable_print_server.cfg b/etc/conf.d/6.3_disable_print_server.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.3_disable_print_server.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.4_disable_dhcp.cfg b/etc/conf.d/6.4_disable_dhcp.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.4_disable_dhcp.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.5_configure_ntp.cfg b/etc/conf.d/6.5_configure_ntp.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.5_configure_ntp.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.6_diable_ldap.cfg b/etc/conf.d/6.6_diable_ldap.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.6_diable_ldap.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.7_disable_nfs_rpc.cfg b/etc/conf.d/6.7_disable_nfs_rpc.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.7_disable_nfs_rpc.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/etc/conf.d/6.8_disable_dns_server.cfg b/etc/conf.d/6.8_disable_dns_server.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.8_disable_dns_server.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/lib/utils.sh b/lib/utils.sh index 594eb70..50a750d 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -107,7 +107,16 @@ add_end_of_file() { echo "$2" >> $FILE } +add_line_file_before_pattern() { + local FILE=$1 + local LINE=$2 + local PATTERN=$3 + debug "Inserting $LINE before $PATTERN in $FILE" + debug "sed -i '/$PATTERN/i $LINE' $FILE" + sed -i "/$PATTERN/i $LINE" $FILE + FNRET=0 +} # # User manipulation # @@ -242,7 +251,7 @@ remount_partition() { } # -# Helper functions to work with apt +# APT manipulation # apt_update_if_needed() @@ -279,6 +288,14 @@ apt_check_updates() rm $DETAILS } +apt_install() +{ + local PACKAGE=$1 + DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install $PACKAGE -y + FNRET=0 +} + + # # Returns if a package is installed #