Rephrase confusing messages

This commit is contained in:
Frank Denis 2016-04-21 18:32:36 +02:00
parent 8bc3ab43a2
commit ccd40f4369
112 changed files with 221 additions and 221 deletions

View File

@ -19,7 +19,7 @@ FILE='/etc/login.defs'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
fi fi

View File

@ -19,7 +19,7 @@ FILE='/etc/login.defs'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
fi fi

View File

@ -19,7 +19,7 @@ FILE='/etc/login.defs'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
fi fi

View File

@ -33,7 +33,7 @@ audit () {
fi fi
done done
if [ ! -z "$RESULT" ]; then if [ ! -z "$RESULT" ]; then
crit "Some admin accounts have not $SHELL as shell" crit "Some admin accounts don't have $SHELL as shell"
crit "$RESULT" crit "$RESULT"
else else
ok "All admin accounts deactivated" ok "All admin accounts deactivated"
@ -57,7 +57,7 @@ apply () {
fi fi
done done
if [ ! -z "$RESULT" ]; then if [ ! -z "$RESULT" ]; then
warn "Some admin accounts have not $SHELL as shell" warn "Some admin accounts don't have $SHELL as shell"
warn "$RESULT" warn "$RESULT"
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
info "Setting $SHELL to $USER" info "Setting $SHELL to $USER"

View File

@ -19,16 +19,16 @@ audit () {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
ok "Root group has GID $EXPECTED_GID" ok "Root group has GID $EXPECTED_GID"
else else
crit "Root group has not GID $EXPECTED_GID" crit "Root group GID should be $EXPECTED_GID"
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
ok "Root group has GID $EXPECTED_GID" ok "Root group GID is $EXPECTED_GID"
else else
warn "Root group has not GID $EXPECTED_GID" warn "Root group GID is not $EXPECTED_GID"
usermod -g $EXPECTED_GID $USER usermod -g $EXPECTED_GID $USER
fi fi
} }

View File

@ -29,7 +29,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
done done
} }

View File

@ -20,7 +20,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -20,7 +20,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -20,7 +20,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -24,7 +24,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
ERRORS=$((ERRORS+1)) ERRORS=$((ERRORS+1))
fi fi
fi fi
@ -47,7 +47,7 @@ apply () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
warn "$FILE has not $PERMISSIONS permissions set" warn "$FILE permissions were not set to $PERMISSIONS"
chmod 600 $FILE chmod 600 $FILE
fi fi
fi fi

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -29,10 +29,10 @@ audit () {
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
fi fi
fi fi
} }

View File

@ -29,10 +29,10 @@ audit () {
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
fi fi
fi fi
} }

View File

@ -29,10 +29,10 @@ audit () {
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
fi fi
fi fi
} }

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -16,7 +16,7 @@ audit () {
info "Checking if setuid is set on world writable Directories" info "Checking if setuid is set on world writable Directories"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ ! -z "$RESULT" ]; then if [ ! -z "$RESULT" ]; then
crit "Some world writable directories are not on sticky bit mode !" crit "Some world writable directories are not on sticky bit mode!"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ') FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT" crit "$FORMATTED_RESULT"
else else

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="cramfs"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="freevxfs"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="jffs2"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="hfs"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="hfsplus"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="squashfs"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -19,7 +19,7 @@ KERNEL_OPTION="udf"
audit () { audit () {
is_kernel_option_enabled $KERNEL_OPTION is_kernel_option_enabled $KERNEL_OPTION
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
crit "$KERNEL_OPTION is enabled !" crit "$KERNEL_OPTION is enabled!"
else else
ok "$KERNEL_OPTION is disabled" ok "$KERNEL_OPTION is disabled"
fi fi

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -27,10 +27,10 @@ audit () {
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option $PARTITION $OPTION has_mount_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION have no option $OPTION in fstab !" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION have $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option $PARTITION $OPTION has_mounted_option $PARTITION $OPTION
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"

View File

@ -22,7 +22,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -26,9 +26,9 @@ audit () {
fi fi
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -45,10 +45,10 @@ apply () {
fi fi
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=2
audit () { audit () {
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -30,10 +30,10 @@ audit () {
apply () { apply () {
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -17,7 +17,7 @@ PACKAGE='prelink'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -17,7 +17,7 @@ PACKAGE='apparmor'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is absent !" crit "$PACKAGE is absent!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
fi fi

View File

@ -17,7 +17,7 @@ PACKAGE='nis'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -28,7 +28,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled !" crit "$PATTERN exists, $PACKAGE services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -27,7 +27,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled !" crit "$PATTERN exists, $PACKAGE services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -28,7 +28,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled !" crit "$PATTERN exists, $PACKAGE services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -27,7 +27,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, $PACKAGE services are enabled !" crit "$PATTERN exists, $PACKAGE services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -22,7 +22,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled !" crit "$PATTERN exists, chargen services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -22,7 +22,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled !" crit "$PATTERN exists, chargen services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -22,7 +22,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled !" crit "$PATTERN exists, chargen services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -22,7 +22,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled !" crit "$PATTERN exists, chargen services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -22,7 +22,7 @@ audit () {
else else
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PATTERN exists, chargen services are enabled !" crit "$PATTERN exists, chargen services are enabled!"
else else
ok "$PATTERN not present in $FILE" ok "$PATTERN not present in $FILE"
fi fi

View File

@ -19,7 +19,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -19,7 +19,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -19,7 +19,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -21,7 +21,7 @@ NTP_INIT_FILE='/etc/init.d/ntp'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed, checking configuration" ok "$PACKAGE is installed, checking configuration"
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,7 +18,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -19,7 +19,7 @@ audit () {
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is installed !" crit "$PACKAGE is installed!"
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"
fi fi

View File

@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=0
audit () { audit () {
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -30,11 +30,11 @@ audit () {
apply () { apply () {
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -19,12 +19,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -36,14 +36,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist --Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -18,12 +18,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -35,14 +35,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -22,12 +22,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -44,14 +44,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -22,12 +22,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -44,14 +44,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
sysctl -w net.ipv4.route.flush=1 > /dev/null sysctl -w net.ipv4.route.flush=1 > /dev/null
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -22,12 +22,12 @@ audit () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi
@ -44,14 +44,14 @@ apply () {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS" warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS"
elif [ $FNRET = 255 ]; then elif [ $FNRET = 255 ]; then
warn "$SYSCTL_PARAM does not exist, typo ?" warn "$SYSCTL_PARAM does not exist -- Typo?"
else else
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
fi fi

View File

@ -17,7 +17,7 @@ PACKAGE='tcpd'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
fi fi

View File

@ -20,7 +20,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -20,7 +20,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -20,7 +20,7 @@ PACKAGE='iptables'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
fi fi

View File

@ -11,7 +11,7 @@
set -e # One error, it's over set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over
# Note : Not part of the CIS guide, but what's the point configuring a software not compatible with your kernel ? :) # Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :)
KERNEL_OPTION="CONFIG_AUDIT" KERNEL_OPTION="CONFIG_AUDIT"

View File

@ -25,7 +25,7 @@ audit () {
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM must have value $AUDIT_VALUE" debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE" crit "$PATTERN not present in $FILE"
@ -48,7 +48,7 @@ apply () {
for AUDIT_OPTION in $OPTIONS; do for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
debug "$AUDIT_PARAM must have value $AUDIT_VALUE" debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
@ -58,7 +58,7 @@ apply () {
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end" info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE" add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
else else
info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting" info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE" replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
fi fi
else else

View File

@ -25,7 +25,7 @@ audit () {
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM must have value $AUDIT_VALUE" debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE" crit "$PATTERN not present in $FILE"
@ -48,7 +48,7 @@ apply () {
for AUDIT_OPTION in $OPTIONS; do for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
debug "$AUDIT_PARAM must have value $AUDIT_VALUE" debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
@ -58,7 +58,7 @@ apply () {
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end" info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE" add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
else else
info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting" info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE" replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
fi fi
else else

View File

@ -18,7 +18,7 @@ SERVICE_NAME='auditd'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
is_service_enabled $SERVICE_NAME is_service_enabled $SERVICE_NAME

View File

@ -25,7 +25,7 @@ audit () {
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
PATTERN="^$GRUB_PARAM=$GRUB_VALUE" PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
debug "$GRUB_PARAM must have value $GRUB_VALUE" debug "$GRUB_PARAM should be set to $GRUB_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PATTERN not present in $FILE" crit "$PATTERN not present in $FILE"
@ -48,7 +48,7 @@ apply () {
for GRUB_OPTION in $OPTIONS; do for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
debug "$GRUB_PARAM must have value $GRUB_VALUE" debug "$GRUB_PARAM should be set to $GRUB_VALUE"
PATTERN="^$GRUB_PARAM=$GRUB_VALUE" PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
does_pattern_exists_in_file $FILE "$PATTERN" does_pattern_exists_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
@ -58,7 +58,7 @@ apply () {
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end" info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE" add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
else else
info "Parameter $GRUB_PARAM is present but with the wrong value, correcting" info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE" replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
fi fi
else else

View File

@ -18,7 +18,7 @@ PACKAGE='syslog-ng'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
fi fi

View File

@ -33,7 +33,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
fi fi
done done

View File

@ -18,7 +18,7 @@ PACKAGE='tripwire'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
fi fi

View File

@ -18,7 +18,7 @@ SERVICE_NAME="cron"
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
is_service_enabled $SERVICE_NAME is_service_enabled $SERVICE_NAME

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -28,7 +28,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
} }

View File

@ -42,7 +42,7 @@ audit () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
crit "$FILE has not $PERMISSIONS permissions set" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
fi fi
done done
@ -76,7 +76,7 @@ apply () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
warn "$FILE has not $PERMISSIONS permissions set" warn "$FILE permissions were not set to $PERMISSIONS"
chmod 0$PERMISSIONS $FILE chmod 0$PERMISSIONS $FILE
fi fi
done done

View File

@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN

View File

@ -19,7 +19,7 @@ FILE='/etc/pam.d/login'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN

View File

@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
does_pattern_exists_in_file $FILE $PATTERN does_pattern_exists_in_file $FILE $PATTERN

View File

@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload

View File

@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config'
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload

View File

@ -19,7 +19,7 @@ audit () {
OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0" OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0"
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -58,7 +58,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload

View File

@ -19,7 +19,7 @@ audit () {
OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'" OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'"
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed !" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
@ -60,7 +60,7 @@ apply () {
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value, correcting" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload

Some files were not shown because too many files have changed in this diff Show More