Merge pull request #20 in IAAS/cis-hardening from dev/kevin.tanguy/rephrasingAllOver to master

* commit '8bbac84f7b0023cbcf9150cc18023ba5a219501c':
  debian dependencies fix, rephrasing, revision bump 1.0-8.
This commit is contained in:
Thibault Dewailly 2016-04-26 14:57:54 +02:00
commit a986f3b340
94 changed files with 395 additions and 389 deletions

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -17,7 +17,7 @@ RESULT=''
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if admin accounts have login different from $SHELL"
info "Checking if admin accounts have a login shell different than $SHELL"
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
for LINE in $RESULT; do
debug "line : $LINE"
@ -29,11 +29,11 @@ audit () {
debug "$ACCOUNT is confirmed as an exception"
RESULT=$(sed "s!$LINE!!" <<< "$RESULT")
else
debug "$ACCOUNT not found in exceptions"
debug "$ACCOUNT not found in exceptions"
fi
done
if [ ! -z "$RESULT" ]; then
crit "Some admin accounts don't have $SHELL as shell"
crit "Some admin accounts don't have $SHELL as their login shell"
crit "$RESULT"
else
ok "All admin accounts deactivated"
@ -57,11 +57,11 @@ apply () {
fi
done
if [ ! -z "$RESULT" ]; then
warn "Some admin accounts don't have $SHELL as shell"
warn "Some admin accounts don't have $SHELL as their login shell -- Fixing"
warn "$RESULT"
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
info "Setting $SHELL to $USER"
usermod -s $SHELL $USER
info "Setting $SHELL as $USER login shell"
usermod -s $SHELL $USER
done
else
ok "All admin accounts deactivated, nothing to apply"

View File

@ -28,7 +28,7 @@ apply () {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
ok "Root group GID is $EXPECTED_GID"
else
warn "Root group GID is not $EXPECTED_GID"
warn "Root group GID is not $EXPECTED_GID -- Fixing"
usermod -g $EXPECTED_GID $USER
fi
}

View File

@ -18,24 +18,24 @@ FILE='/etc/profile.d/CIS_10.4_umask.sh'
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES_TO_SEARCH"
crit "$PATTERN is not present in $FILES_TO_SEARCH"
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILES_TO_SEARCH"
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
add_end_of_file $FILE "$PATTERN"
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}

View File

@ -23,7 +23,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -46,7 +46,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -17,7 +17,7 @@ PATTERN='(\\v|\\r|\\m|\\s)'
# This function will be called if the script status is on enabled / audit mode
audit () {
for FILE in $FILES; do
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
crit "$PATTERN is present in $FILE"
else
@ -29,7 +29,7 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
for FILE in $FILES; do
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
warn "$PATTERN is present in $FILE"
delete_line_in_file $FILE $PATTERN

View File

@ -13,7 +13,7 @@ set -u # One variable unset, it's over
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there is suid files"
info "Checking if there are suid files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 -print)
for BINARY in $RESULT; do
if grep -q $BINARY <<< "$EXCEPTIONS"; then

View File

@ -13,7 +13,7 @@ set -u # One variable unset, it's over
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there is sgid files"
info "Checking if there are sgid files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 -print)
for BINARY in $RESULT; do
if grep -q $BINARY <<< "$EXCEPTIONS"; then

View File

@ -21,7 +21,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}

View File

@ -21,7 +21,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}

View File

@ -21,7 +21,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}

View File

@ -13,10 +13,10 @@ set -u # One variable unset, it's over
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there is world writable files"
info "Checking if there are world writable files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
if [ ! -z "$RESULT" ]; then
crit "Some world writable file are present"
crit "Some world writable files are present"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT"
else

View File

@ -15,10 +15,10 @@ USER='root'
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there is unowned files"
info "Checking if there are unowned files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null)
if [ ! -z "$RESULT" ]; then
crit "Some world writable file are present"
crit "Some unowned files are present"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT"
else
@ -30,8 +30,8 @@ audit () {
apply () {
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
if [ ! -z "$RESULT" ]; then
warn "chmowing all unowned files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
warn "Applying chown on all unowned files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
else
ok "No unowned files found, nothing to apply"
fi

View File

@ -15,14 +15,14 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there is unowned files"
info "Checking if there are ungrouped files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null)
if [ ! -z "$RESULT" ]; then
crit "Some world writable file are present"
crit "Some ungrouped files are present"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT"
else
ok "No world writable files found"
ok "No ungrouped files found"
fi
}
@ -30,10 +30,10 @@ audit () {
apply () {
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
if [ ! -z "$RESULT" ]; then
warn "chmowing all ungrouped files in the system"
warn "Applying chgrp on all ungrouped files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
else
ok "No world writable files found, nothing to apply"
ok "No ungrouped files found, nothing to apply"
fi
}

View File

@ -27,7 +27,7 @@ audit () {
done
if [ $ERRORS = 0 ]; then
ok "No $FILENAME present in users files"
ok "No $FILENAME present in users home directory"
fi
}

View File

@ -27,7 +27,7 @@ audit () {
done
if [ $ERRORS = 0 ]; then
ok "No $FILENAME present in users files"
ok "No $FILENAME present in users home directory"
fi
}

View File

@ -27,7 +27,7 @@ audit () {
done
if [ $ERRORS = 0 ]; then
ok "No $FILENAME present in users files"
ok "No $FILENAME present in users home directory"
fi
}

View File

@ -15,10 +15,10 @@ FILE='/etc/shadow'
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if accounts have empty passwords"
info "Checking if accounts have an empty password"
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
if [ ! -z "$RESULT" ]; then
crit "Some accounts have empty passwords"
crit "Some accounts have an empty password"
crit $RESULT
else
ok "All accounts have a password"
@ -29,8 +29,8 @@ audit () {
apply () {
RESULT=$(cat $FILE | awk -F: '($2 == "" ) { print $1 }')
if [ ! -z "$RESULT" ]; then
warn "Some accounts have empty passwords"
for ACCOUNT in $RESULT; do
warn "Some accounts have an empty password"
for ACCOUNT in $RESULT; do
info "Locking $ACCOUNT"
passwd -l $ACCOUNT >/dev/null 2>&1
done

View File

@ -17,24 +17,24 @@ PATTERN='^shadow:x:[[:digit:]]+:'
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file $FILEGROUP $PATTERN
does_pattern_exist_in_file $FILEGROUP $PATTERN
if [ $FNRET = 0 ]; then
info "shadow group exists"
RESULT=$(grep -E "$PATTERN" $FILEGROUP | cut -d: -f4)
GROUPID=$(getent group shadow | cut -d: -f3)
debug "$RESULT $GROUPID"
if [ ! -z "$RESULT" ]; then
crit "Some user belong to shadow group : $RESULT"
crit "Some users belong to shadow group: $RESULT"
else
ok "No one belongs to shadow group"
ok "No user belongs to shadow group"
fi
info "Checking if a user has $GROUPID as primary group"
RESULT=$(awk -F: '($4 == shadowid) { print $1 }' shadowid=$GROUPID /etc/passwd)
if [ ! -z "$RESULT" ]; then
crit "Some user have shadow id to their primary group : $RESULT"
crit "Some users have shadow id as their primary group: $RESULT"
else
ok "No one have shadow id to their primary group"
ok "No user has shadow id as their primary group"
fi
else
crit "shadow group doesn't exist"
@ -43,7 +43,7 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
info "If the audit returns something, please check with the user why he has this file"
info "Editing automatically users/groups may seriously harm your system, report only here"
}
# This function will check config parameters required

View File

@ -16,10 +16,10 @@ RESULT=''
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if accounts have empty passwords"
info "Checking if accounts have a legacy password entry"
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
crit "Some accounts have legacy password entry"
crit "Some accounts have a legacy password entry"
crit $RESULT
else
ok "All accounts have a valid password entry format"
@ -30,7 +30,7 @@ audit () {
apply () {
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
warn "Some accounts have legacy password entry"
warn "Some accounts have a legacy password entry"
for LINE in $RESULT; do
info "Removing $LINE from $FILE"
delete_line_in_file $FILE $LINE

View File

@ -16,10 +16,10 @@ RESULT=''
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if accounts have empty passwords"
info "Checking if accounts have a legacy password entry"
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
crit "Some accounts have legacy password entry"
crit "Some accounts have a legacy password entry"
crit $RESULT
else
ok "All accounts have a valid password entry format"
@ -30,7 +30,7 @@ audit () {
apply () {
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
warn "Some accounts have legacy password entry"
warn "Some accounts have a legacy password entry"
for LINE in $RESULT; do
info "Removing $LINE from $FILE"
delete_line_in_file $FILE $LINE

View File

@ -16,13 +16,13 @@ RESULT=''
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if accounts have empty passwords"
info "Checking if accounts have a legacy group entry"
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
crit "Some accounts have legacy password entry"
crit "Some accounts have a legacy group entry"
crit $RESULT
else
ok "All accounts have a valid password entry format"
ok "All accounts have a valid group entry format"
fi
}
@ -30,13 +30,13 @@ audit () {
apply () {
if grep '^+:' $FILE -q; then
RESULT=$(grep '^+:' $FILE)
warn "Some accounts have legacy password entry"
warn "Some accounts have a legacy group entry"
for LINE in $RESULT; do
info "Removing $LINE from $FILE"
delete_line_in_file $FILE $LINE
done
else
ok "All accounts have a valid password entry format"
ok "All accounts have a valid group entry format"
fi
}

View File

@ -33,7 +33,7 @@ audit () {
crit "Some accounts have uid 0"
crit $RESULT
else
ok "No account with suid 0 apart root"
ok "No account with uid 0 apart root"
fi
}

View File

@ -23,7 +23,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}

View File

@ -17,13 +17,13 @@ PWD_PATTERN="^password_pbkdf2"
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file $FILE "$USER_PATTERN"
does_pattern_exist_in_file $FILE "$USER_PATTERN"
if [ $FNRET != 0 ]; then
crit "$USER_PATTERN not present in $FILE"
else
ok "$USER_PATTERN is present in $FILE"
fi
does_pattern_exists_in_file $FILE "$PWD_PATTERN"
does_pattern_exist_in_file $FILE "$PWD_PATTERN"
if [ $FNRET != 0 ]; then
crit "$PWD_PATTERN not present in $FILE"
else
@ -33,13 +33,13 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file $FILE "$USER_PATTERN"
does_pattern_exist_in_file $FILE "$USER_PATTERN"
if [ $FNRET != 0 ]; then
warn "$USER_PATTERN not present in $FILE, please configure password for grub"
else
ok "$USER_PATTERN is present in $FILE"
fi
does_pattern_exists_in_file $FILE "$PWD_PATTERN"
does_pattern_exist_in_file $FILE "$PWD_PATTERN"
if [ $FNRET != 0 ]; then
warn "$PWD_PATTERN not present in $FILE, please configure password for grub"
else

View File

@ -16,21 +16,21 @@ PATTERN="^root:[*\!]:"
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET != 1 ]; then
crit "$PATTERN present in $FILE"
crit "$PATTERN is present in $FILE"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET != 1 ]; then
warn "$PATTERN present in $FILE, please put a root password"
warn "$PATTERN is present in $FILE, please put a root password"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
:
}

View File

@ -18,7 +18,7 @@ SYSCTL_EXP_RESULT=0
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file $LIMIT_FILE $LIMIT_PATTERN
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
if [ $FNRET != 0 ]; then
crit "$LIMIT_PATTERN not present in $LIMIT_FILE"
else
@ -36,9 +36,9 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file $LIMIT_FILE $LIMIT_PATTERN
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
if [ $FNRET != 0 ]; then
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, addning at the end of $LIMIT_FILE"
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of $LIMIT_FILE"
add_end_of_file $LIMIT_FILE "* hard core 0"
else
ok "$LIMIT_PATTERN present in $LIMIT_FILE"

View File

@ -15,21 +15,21 @@ PATTERN='NX[[:space:]]\(Execute[[:space:]]Disable\)[[:space:]]protection:[[:spac
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_dmesg $PATTERN
does_pattern_exist_in_dmesg $PATTERN
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in dmesg"
crit "$PATTERN is not present in dmesg"
else
ok "$PATTERN present in dmesg"
ok "$PATTERN is present in dmesg"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_dmesg $PATTERN
does_pattern_exist_in_dmesg $PATTERN
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in dmesg, please go to the bios to activate this option or change for CPU compatible"
crit "$PATTERN is not present in dmesg, please go to the bios to activate this option or change for CPU compatible"
else
ok "$PATTERN present in dmesg"
ok "$PATTERN is present in dmesg"
fi
}

View File

@ -26,11 +26,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
else
@ -55,14 +55,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
done

View File

@ -25,11 +25,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
else
@ -54,14 +54,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
done

View File

@ -26,11 +26,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
else
@ -55,14 +55,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
done

View File

@ -25,11 +25,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
else
@ -54,15 +54,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
echo "coucou"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
done

View File

@ -20,11 +20,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled!"
crit "$PATTERN exists, chargen service is enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}
@ -36,14 +36,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}

View File

@ -20,11 +20,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled!"
crit "$PATTERN exists, daytime service is enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}
@ -36,14 +36,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}

View File

@ -20,11 +20,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled!"
crit "$PATTERN exists, echo service is enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}
@ -36,14 +36,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}

View File

@ -20,11 +20,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled!"
crit "$PATTERN exists, discard service is enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}
@ -36,14 +36,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}

View File

@ -20,11 +20,11 @@ audit () {
if [ $FNRET != 0 ]; then
ok "$FILE does not exist"
else
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled!"
crit "$PATTERN exists, time service is enabled!"
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}
@ -36,14 +36,14 @@ apply () {
ok "$FILE does not exist"
else
info "$FILE exists, checking patterns"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
warn "$PATTERN present in $FILE, purging it"
warn "$PATTERN is present in $FILE, purging it"
backup_file $FILE
ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN)
sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE
else
ok "$PATTERN not present in $FILE"
ok "$PATTERN is not present in $FILE"
fi
fi
}

View File

@ -23,7 +23,7 @@ audit () {
ok "$PACKAGE is not installed"
else
ok "$PACKAGE is installed, checking configuration"
does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
does_pattern_exist_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
if [ $FNRET != 0 ]; then
crit "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE"
else
@ -39,7 +39,7 @@ apply () {
ok "$PACKAGE is not installed"
else
ok "$PACKAGE is installed, checking configuration"
does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
does_pattern_exist_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN"
if [ $FNRET != 0 ]; then
warn "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE, adding it"
backup_file $RSYNC_DEFAULT_FILE

View File

@ -24,13 +24,13 @@ audit () {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed, checking configuration"
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
if [ $FNRET != 0 ]; then
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
else
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
fi
does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
if [ $FNRET != 0 ]; then
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
else
@ -49,7 +49,7 @@ apply () {
apt_install $PACKAGE
info "Checking $PACKAGE configuration"
fi
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
if [ $FNRET != 0 ]; then
warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it"
backup_file $NTP_CONF_FILE
@ -57,7 +57,7 @@ apply () {
else
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
fi
does_pattern_exists_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
if [ $FNRET != 0 ]; then
warn "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE, adding it"
backup_file $NTP_INIT_FILE

View File

@ -20,12 +20,12 @@ audit () {
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
else
ok "$FILE exist, checking configuration"
does_pattern_exists_in_file $FILE "$PATTERN"
ok "$FILE exists, checking configuration"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE, we have to deny everything"
crit "$PATTERN is not present in $FILE, we have to deny everything"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
fi
}
@ -37,15 +37,15 @@ apply () {
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exist"
ok "$FILE exists"
fi
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE, we have to deny everything"
crit "$PATTERN is not present in $FILE, we have to deny everything"
add_end_of_file $FILE "$PATTERN"
warn "YOU MAY HAVE CUT YOUR ACCESS, CHECK BEFORE DISCONNECTING"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
}

View File

@ -21,12 +21,12 @@ audit () {
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
else
ok "$FILE exist, checking configuration"
does_pattern_exists_in_file $FILE "^$PATTERN[[:space:]]"
ok "$FILE exists, checking configuration"
does_pattern_exist_in_file $FILE "^$PATTERN[[:space:]]"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE"
crit "$PATTERN is not present in $FILE"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
fi
}
@ -38,14 +38,14 @@ apply () {
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exist"
ok "$FILE exists"
fi
does_pattern_exists_in_file $FILE "^$PATTERN[[:space:]]"
does_pattern_exist_in_file $FILE "^$PATTERN[[:space:]]"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILE, adding it"
warn "$PATTERN is not present in $FILE, adding it"
add_end_of_file $FILE "$PATTERN = $VALUE"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
}

View File

@ -20,17 +20,17 @@ audit () {
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
else
ok "$FILE exist, checking configuration"
ok "$FILE exists, checking configuration"
for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE"
crit "$PATTERN is not present in $FILE"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
fi
@ -43,17 +43,17 @@ apply () {
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exist"
ok "$FILE exists"
fi
for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$AUDIT_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$AUDIT_PARAM"
if [ $FNRET != 0 ]; then
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
@ -62,7 +62,7 @@ apply () {
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
fi
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
}

View File

@ -20,17 +20,17 @@ audit () {
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
else
ok "$FILE exist, checking configuration"
ok "$FILE exists, checking configuration"
for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE"
crit "$PATTERN is not present in $FILE"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
fi
@ -43,17 +43,17 @@ apply () {
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exist"
ok "$FILE exists"
fi
for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$AUDIT_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$AUDIT_PARAM"
if [ $FNRET != 0 ]; then
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
@ -62,7 +62,7 @@ apply () {
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
fi
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
}

View File

@ -23,12 +23,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -37,14 +37,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -35,14 +35,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -35,14 +35,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -33,14 +33,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -33,14 +33,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -19,12 +19,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -33,14 +33,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -32,14 +32,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -21,12 +21,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -35,14 +35,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -32,14 +32,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -20,17 +20,17 @@ audit () {
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
else
ok "$FILE exist, checking configuration"
ok "$FILE exists, checking configuration"
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE"
crit "$PATTERN is not present in $FILE"
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
fi
@ -43,17 +43,17 @@ apply () {
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exist"
ok "$FILE exists"
fi
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$GRUB_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$GRUB_PARAM"
if [ $FNRET != 0 ]; then
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
@ -62,7 +62,7 @@ apply () {
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
fi
else
ok "$PATTERN present in $FILE"
ok "$PATTERN is present in $FILE"
fi
done
}

View File

@ -22,12 +22,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -36,14 +36,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -22,12 +22,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -36,14 +36,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -23,12 +23,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -37,14 +37,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -18,12 +18,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -32,14 +32,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -20,12 +20,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -34,14 +34,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -20,12 +20,12 @@ FILE='/etc/audit/audit.rules'
audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}
@ -34,14 +34,14 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE must be in file $FILE"
does_pattern_exists_in_file $FILE $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE $AUDIT_VALUE
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
eval $(pkill -HUP -P 1 auditd)
else
ok "$AUDIT_VALUE present in $FILE"
ok "$AUDIT_VALUE is present in $FILE"
fi
done
}

View File

@ -27,7 +27,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -51,7 +51,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -16,22 +16,22 @@ PATTERN='^destination.*(tcp|udp)[[:space:]]*\([[:space:]]*\".*\"[[:space:]]*\)'
# This function will be called if the script status is on enabled / audit mode
audit () {
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
does_pattern_exists_in_file "$FILES" "$PATTERN"
does_pattern_exist_in_file "$FILES" "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES"
crit "$PATTERN is not present in $FILES"
else
ok "$PATTERN present in $FILES"
ok "$PATTERN is present in $FILES"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*"
does_pattern_exists_in_file "$FILES" "$PATTERN"
does_pattern_exist_in_file "$FILES" "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES, please set a remote host to send your logs"
crit "$PATTERN is not present in $FILES, please set a remote host to send your logs"
else
ok "$PATTERN present in $FILES"
ok "$PATTERN is present in $FILES"
fi
}

View File

@ -16,28 +16,28 @@ PATTERN='tripwire --check'
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file "$FILES" "$PATTERN"
does_pattern_exist_in_file "$FILES" "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES"
crit "$PATTERN is not present in $FILES"
else
ok "$PATTERN present in $FILES"
fi
ok "$PATTERN is present in $FILES"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file "$FILES" "$PATTERN"
does_pattern_exist_in_file "$FILES" "$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILES, setting tripwire cron"
echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
warn "$PATTERN is not present in $FILES, setting tripwire cron"
echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
else
ok "$PATTERN present in $FILES"
ok "$PATTERN is present in $FILES"
fi
}
# This function will check config parameters required
check_config() {
:
:
}
# Source Root Dir Parameter
@ -50,7 +50,7 @@ else
echo "No CIS_ROOT_DIR variable, aborting"
exit 128
fi
fi
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -36,7 +36,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -69,7 +69,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -22,7 +22,7 @@ audit () {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -40,7 +40,7 @@ apply () {
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
fi
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else

View File

@ -22,7 +22,7 @@ audit () {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -40,7 +40,7 @@ apply () {
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
fi
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else

View File

@ -22,7 +22,7 @@ audit () {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -40,7 +40,7 @@ apply () {
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
fi
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -27,7 +27,7 @@ audit () {
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -51,12 +51,12 @@ apply () {
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<< $SSH_VALUE)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -25,7 +25,7 @@ audit () {
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
PATTERN="^$SSH_PARAM[[:space:]]*"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -48,12 +48,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE is not $USER:$GROUP ownership set"
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
@ -43,7 +43,7 @@ apply () {
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "$FILE is not $USER:$GROUP ownership set"
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -26,7 +26,7 @@ audit () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,12 +49,12 @@ apply () {
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN not present in $FILE, adding it"
does_pattern_exists_in_file $FILE "^$SSH_PARAM"
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else

View File

@ -22,7 +22,7 @@ audit () {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -40,7 +40,7 @@ apply () {
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
fi
does_pattern_exists_in_file $FILE $PATTERN
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else

View File

@ -19,26 +19,26 @@ FILE='/etc/profile.d/CIS_99.1_timeout.sh'
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES_TO_SEARCH"
crit "$PATTERN is not present in $FILES_TO_SEARCH"
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILES_TO_SEARCH"
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
add_end_of_file $FILE "$PATTERN$VALUE"
add_end_of_file $FILE "readonly TMOUT"
add_end_of_file $FILE "export TMOUT"
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}

View File

@ -18,19 +18,19 @@ FILE='/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh'
# This function will be called if the script status is on enabled / audit mode
audit () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILES_TO_SEARCH"
crit "$PATTERN is not present in $FILES_TO_SEARCH"
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_pattern_exists_in_file "$FILES_TO_SEARCH" "^$PATTERN"
does_pattern_exist_in_file "$FILES_TO_SEARCH" "^$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN not present in $FILES_TO_SEARCH"
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
add_end_of_file $FILE '
@ -47,7 +47,7 @@ ACTION=="add", ATTR{product}=="*[Kk]eyboard*", TEST=="authorized", ATTR{authoriz
ACTION=="add", ATTR{product}=="*Thinnet TM*", TEST=="authorized", ATTR{authorized}="1"
'
else
ok "$PATTERN present in $FILES_TO_SEARCH"
ok "$PATTERN is present in $FILES_TO_SEARCH"
fi
}

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
cis-hardening (1.0-8) wheezy; urgency=low
* phrasing reworked all over the place
* added debian dependencies bash and bc
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 26 Apr 2016 10:26:18 +0200
cis-hardening (1.0-7) wheezy; urgency=low
* Fixed 6.15 netstat analysis

2
debian/control vendored
View File

@ -10,7 +10,7 @@ Vcs-Browser: https://github.com/ovh/debian-cis/
Package: cis-hardening
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}
Depends: ${shlibs:Depends}, ${misc:Depends}, bash, bc
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
Modular Debian 7 security hardening scripts based on cisecurity.org
⟨cisecurity.org⟩ recommendations. We use it at OVH ⟨https://ovh.com⟩ to

View File

@ -48,7 +48,7 @@ set_sysctl_param() {
# Dmesg
#
does_pattern_exists_in_dmesg() {
does_pattern_exist_in_dmesg() {
local PATTERN=$1
if $(dmesg | grep -qE "$PATTERN"); then
FNRET=0
@ -95,7 +95,7 @@ has_file_correct_permissions() {
fi
}
does_pattern_exists_in_file() {
does_pattern_exist_in_file() {
local FILE=$1
local PATTERN=$2