From c81cf79fea89c69df112c19688bf2d7900f406f8 Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Wed, 30 Oct 2019 15:29:11 +0100 Subject: [PATCH] CLEAN(12.x) remove unused checks that were merged with ownsership/perms deleted: 12.4_etc_passwd_ownership.sh deleted: 12.5_etc_shadow_ownership.sh deleted: 12.6_etc_group_ownership.sh --- bin/hardening/12.4_etc_passwd_ownership.sh | 77 ---------------------- bin/hardening/12.5_etc_shadow_ownership.sh | 77 ---------------------- bin/hardening/12.6_etc_group_ownership.sh | 77 ---------------------- 3 files changed, 231 deletions(-) delete mode 100755 bin/hardening/12.4_etc_passwd_ownership.sh delete mode 100755 bin/hardening/12.5_etc_shadow_ownership.sh delete mode 100755 bin/hardening/12.6_etc_group_ownership.sh diff --git a/bin/hardening/12.4_etc_passwd_ownership.sh b/bin/hardening/12.4_etc_passwd_ownership.sh deleted file mode 100755 index 7281642..0000000 --- a/bin/hardening/12.4_etc_passwd_ownership.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# -# CIS Debian Hardening -# - -# -# 12.4 Verify User/Group Ownership on /etc/passwd (Scored) -# - -set -e # One error, it's over -set -u # One variable unset, it's over - -HARDENING_LEVEL=1 -DESCRIPTION="Check user/group to root on /etc/passwd." - -FILE='/etc/passwd' -USER='root' -GROUP='root' - -# This function will be called if the script status is on enabled / audit mode -audit () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - crit "$FILE ownership was not set to $USER:$GROUP" - fi -} - -# This function will be called if the script status is on enabled mode -apply () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - info "fixing $FILE ownership to $USER:$GROUP" - chown $USER:$GROUP $FILE - fi -} - -# This function will check config parameters required -check_config() { - does_user_exist $USER - if [ $FNRET != 0 ]; then - crit "$USER does not exist" - exit 128 - fi - does_group_exist $GROUP - if [ $FNRET != 0 ]; then - crit "$GROUP does not exist" - exit 128 - fi - does_file_exist $FILE - if [ $FNRET != 0 ]; then - crit "$FILE does not exist" - exit 128 - fi -} - -# Source Root Dir Parameter -if [ -r /etc/default/cis-hardening ]; then - . /etc/default/cis-hardening -fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." - exit 128 -fi - -# Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then - . $CIS_ROOT_DIR/lib/main.sh -else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" - exit 128 -fi diff --git a/bin/hardening/12.5_etc_shadow_ownership.sh b/bin/hardening/12.5_etc_shadow_ownership.sh deleted file mode 100755 index 55b0ce5..0000000 --- a/bin/hardening/12.5_etc_shadow_ownership.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# -# CIS Debian Hardening -# - -# -# 12.5 Verify User/Group Ownership on /etc/shadow (Scored) -# - -set -e # One error, it's over -set -u # One variable unset, it's over - -HARDENING_LEVEL=1 -DESCRIPTION="Check user/group to root on etc/shadow." - -FILE='/etc/shadow' -USER='root' -GROUP='shadow' - -# This function will be called if the script status is on enabled / audit mode -audit () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - crit "$FILE ownership was not set to $USER:$GROUP" - fi -} - -# This function will be called if the script status is on enabled mode -apply () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - info "fixing $FILE ownership to $USER:$GROUP" - chown $USER:$GROUP $FILE - fi -} - -# This function will check config parameters required -check_config() { - does_user_exist $USER - if [ $FNRET != 0 ]; then - crit "$USER does not exist" - exit 128 - fi - does_group_exist $GROUP - if [ $FNRET != 0 ]; then - crit "$GROUP does not exist" - exit 128 - fi - does_file_exist $FILE - if [ $FNRET != 0 ]; then - crit "$FILE does not exist" - exit 128 - fi -} - -# Source Root Dir Parameter -if [ -r /etc/default/cis-hardening ]; then - . /etc/default/cis-hardening -fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." - exit 128 -fi - -# Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then - . $CIS_ROOT_DIR/lib/main.sh -else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" - exit 128 -fi diff --git a/bin/hardening/12.6_etc_group_ownership.sh b/bin/hardening/12.6_etc_group_ownership.sh deleted file mode 100755 index 4d50275..0000000 --- a/bin/hardening/12.6_etc_group_ownership.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# -# CIS Debian Hardening -# - -# -# 12.6 Verify User/Group Ownership on /etc/group (Scored) -# - -set -e # One error, it's over -set -u # One variable unset, it's over - -HARDENING_LEVEL=1 -DESCRIPTION="Check user/group to root on /etc/group." - -FILE='/etc/group' -USER='root' -GROUP='root' - -# This function will be called if the script status is on enabled / audit mode -audit () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - crit "$FILE ownership was not set to $USER:$GROUP" - fi -} - -# This function will be called if the script status is on enabled mode -apply () { - has_file_correct_ownership $FILE $USER $GROUP - if [ $FNRET = 0 ]; then - ok "$FILE has correct ownership" - else - info "fixing $FILE ownership to $USER:$GROUP" - chown $USER:$GROUP $FILE - fi -} - -# This function will check config parameters required -check_config() { - does_user_exist $USER - if [ $FNRET != 0 ]; then - crit "$USER does not exist" - exit 128 - fi - does_group_exist $GROUP - if [ $FNRET != 0 ]; then - crit "$GROUP does not exist" - exit 128 - fi - does_file_exist $FILE - if [ $FNRET != 0 ]; then - crit "$FILE does not exist" - exit 128 - fi -} - -# Source Root Dir Parameter -if [ -r /etc/default/cis-hardening ]; then - . /etc/default/cis-hardening -fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." - exit 128 -fi - -# Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then - . $CIS_ROOT_DIR/lib/main.sh -else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" - exit 128 -fi