mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-23 05:55:38 +01:00
Rephrase confusing messages
This commit is contained in:
parent
8bc3ab43a2
commit
ccd40f4369
@ -19,7 +19,7 @@ FILE='/etc/login.defs'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/login.defs'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/login.defs'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -33,7 +33,7 @@ audit () {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some admin accounts have not $SHELL as shell"
|
crit "Some admin accounts don't have $SHELL as shell"
|
||||||
crit "$RESULT"
|
crit "$RESULT"
|
||||||
else
|
else
|
||||||
ok "All admin accounts deactivated"
|
ok "All admin accounts deactivated"
|
||||||
@ -57,7 +57,7 @@ apply () {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
warn "Some admin accounts have not $SHELL as shell"
|
warn "Some admin accounts don't have $SHELL as shell"
|
||||||
warn "$RESULT"
|
warn "$RESULT"
|
||||||
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
|
for USER in $( echo "$RESULT" | cut -d: -f 1 ); do
|
||||||
info "Setting $SHELL to $USER"
|
info "Setting $SHELL to $USER"
|
||||||
|
@ -19,16 +19,16 @@ audit () {
|
|||||||
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
||||||
ok "Root group has GID $EXPECTED_GID"
|
ok "Root group has GID $EXPECTED_GID"
|
||||||
else
|
else
|
||||||
crit "Root group has not GID $EXPECTED_GID"
|
crit "Root group GID should be $EXPECTED_GID"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
|
||||||
ok "Root group has GID $EXPECTED_GID"
|
ok "Root group GID is $EXPECTED_GID"
|
||||||
else
|
else
|
||||||
warn "Root group has not GID $EXPECTED_GID"
|
warn "Root group GID is not $EXPECTED_GID"
|
||||||
usermod -g $EXPECTED_GID $USER
|
usermod -g $EXPECTED_GID $USER
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -29,7 +29,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
@ -20,7 +20,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
ERRORS=$((ERRORS+1))
|
ERRORS=$((ERRORS+1))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -47,7 +47,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
warn "$FILE has not $PERMISSIONS permissions set"
|
warn "$FILE permissions were not set to $PERMISSIONS"
|
||||||
chmod 600 $FILE
|
chmod 600 $FILE
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -29,10 +29,10 @@ audit () {
|
|||||||
info "detected $PARTITION like"
|
info "detected $PARTITION like"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -29,10 +29,10 @@ audit () {
|
|||||||
info "detected $PARTITION like"
|
info "detected $PARTITION like"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -29,10 +29,10 @@ audit () {
|
|||||||
info "detected $PARTITION like"
|
info "detected $PARTITION like"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -16,7 +16,7 @@ audit () {
|
|||||||
info "Checking if setuid is set on world writable Directories"
|
info "Checking if setuid is set on world writable Directories"
|
||||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
|
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
|
||||||
if [ ! -z "$RESULT" ]; then
|
if [ ! -z "$RESULT" ]; then
|
||||||
crit "Some world writable directories are not on sticky bit mode !"
|
crit "Some world writable directories are not on sticky bit mode!"
|
||||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||||
crit "$FORMATTED_RESULT"
|
crit "$FORMATTED_RESULT"
|
||||||
else
|
else
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="cramfs"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="freevxfs"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="jffs2"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="hfs"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="hfsplus"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="squashfs"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ KERNEL_OPTION="udf"
|
|||||||
audit () {
|
audit () {
|
||||||
is_kernel_option_enabled $KERNEL_OPTION
|
is_kernel_option_enabled $KERNEL_OPTION
|
||||||
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated
|
||||||
crit "$KERNEL_OPTION is enabled !"
|
crit "$KERNEL_OPTION is enabled!"
|
||||||
else
|
else
|
||||||
ok "$KERNEL_OPTION is disabled"
|
ok "$KERNEL_OPTION is disabled"
|
||||||
fi
|
fi
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -27,10 +27,10 @@ audit () {
|
|||||||
ok "$PARTITION is a partition"
|
ok "$PARTITION is a partition"
|
||||||
has_mount_option $PARTITION $OPTION
|
has_mount_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION have no option $OPTION in fstab !"
|
crit "$PARTITION has no option $OPTION in fstab!"
|
||||||
FNRET=1
|
FNRET=1
|
||||||
else
|
else
|
||||||
ok "$PARTITION have $OPTION in fstab"
|
ok "$PARTITION has $OPTION in fstab"
|
||||||
has_mounted_option $PARTITION $OPTION
|
has_mounted_option $PARTITION $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -26,9 +26,9 @@ audit () {
|
|||||||
fi
|
fi
|
||||||
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
|
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -45,10 +45,10 @@ apply () {
|
|||||||
fi
|
fi
|
||||||
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
|
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=2
|
|||||||
audit () {
|
audit () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -30,10 +30,10 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -17,7 +17,7 @@ PACKAGE='prelink'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -17,7 +17,7 @@ PACKAGE='apparmor'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is absent !"
|
crit "$PACKAGE is absent!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
fi
|
fi
|
||||||
|
@ -17,7 +17,7 @@ PACKAGE='nis'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled !"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled !"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled !"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -27,7 +27,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, $PACKAGE services are enabled !"
|
crit "$PATTERN exists, $PACKAGE services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled !"
|
crit "$PATTERN exists, chargen services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled !"
|
crit "$PATTERN exists, chargen services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled !"
|
crit "$PATTERN exists, chargen services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled !"
|
crit "$PATTERN exists, chargen services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -22,7 +22,7 @@ audit () {
|
|||||||
else
|
else
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PATTERN exists, chargen services are enabled !"
|
crit "$PATTERN exists, chargen services are enabled!"
|
||||||
else
|
else
|
||||||
ok "$PATTERN not present in $FILE"
|
ok "$PATTERN not present in $FILE"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -21,7 +21,7 @@ NTP_INIT_FILE='/etc/init.d/ntp'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed, checking configuration"
|
ok "$PACKAGE is installed, checking configuration"
|
||||||
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
crit "$PACKAGE is installed !"
|
crit "$PACKAGE is installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=0
|
|||||||
audit () {
|
audit () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -30,11 +30,11 @@ audit () {
|
|||||||
apply () {
|
apply () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -19,12 +19,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -36,14 +36,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist --Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -18,12 +18,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -35,14 +35,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -22,12 +22,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -44,14 +44,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -22,12 +22,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -44,14 +44,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -22,12 +22,12 @@ audit () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
@ -44,14 +44,14 @@ apply () {
|
|||||||
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
|
||||||
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
|
||||||
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
|
||||||
debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT"
|
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS"
|
warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS"
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist, typo ?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
@ -17,7 +17,7 @@ PACKAGE='tcpd'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
fi
|
fi
|
||||||
|
@ -20,7 +20,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ PACKAGE='iptables'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
fi
|
fi
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
set -u # One variable unset, it's over
|
set -u # One variable unset, it's over
|
||||||
|
|
||||||
# Note : Not part of the CIS guide, but what's the point configuring a software not compatible with your kernel ? :)
|
# Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :)
|
||||||
|
|
||||||
KERNEL_OPTION="CONFIG_AUDIT"
|
KERNEL_OPTION="CONFIG_AUDIT"
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ audit () {
|
|||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
debug "$AUDIT_PARAM must have value $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN not present in $FILE"
|
||||||
@ -48,7 +48,7 @@ apply () {
|
|||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
debug "$AUDIT_PARAM must have value $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting"
|
info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -25,7 +25,7 @@ audit () {
|
|||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
debug "$AUDIT_PARAM must have value $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN not present in $FILE"
|
||||||
@ -48,7 +48,7 @@ apply () {
|
|||||||
for AUDIT_OPTION in $OPTIONS; do
|
for AUDIT_OPTION in $OPTIONS; do
|
||||||
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
|
||||||
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
|
||||||
debug "$AUDIT_PARAM must have value $AUDIT_VALUE"
|
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
|
||||||
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting"
|
info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -18,7 +18,7 @@ SERVICE_NAME='auditd'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
is_service_enabled $SERVICE_NAME
|
is_service_enabled $SERVICE_NAME
|
||||||
|
@ -25,7 +25,7 @@ audit () {
|
|||||||
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
||||||
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
||||||
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
||||||
debug "$GRUB_PARAM must have value $GRUB_VALUE"
|
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PATTERN not present in $FILE"
|
crit "$PATTERN not present in $FILE"
|
||||||
@ -48,7 +48,7 @@ apply () {
|
|||||||
for GRUB_OPTION in $OPTIONS; do
|
for GRUB_OPTION in $OPTIONS; do
|
||||||
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
|
||||||
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
|
||||||
debug "$GRUB_PARAM must have value $GRUB_VALUE"
|
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
|
||||||
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
|
||||||
does_pattern_exists_in_file $FILE "$PATTERN"
|
does_pattern_exists_in_file $FILE "$PATTERN"
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
|
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
|
||||||
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
|
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $GRUB_PARAM is present but with the wrong value, correcting"
|
info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
|
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -18,7 +18,7 @@ PACKAGE='syslog-ng'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
fi
|
fi
|
||||||
|
@ -33,7 +33,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -18,7 +18,7 @@ PACKAGE='tripwire'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
fi
|
fi
|
||||||
|
@ -18,7 +18,7 @@ SERVICE_NAME="cron"
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
is_service_enabled $SERVICE_NAME
|
is_service_enabled $SERVICE_NAME
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ audit () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
crit "$FILE has not $PERMISSIONS permissions set"
|
crit "$FILE permissions were not set to $PERMISSIONS"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -76,7 +76,7 @@ apply () {
|
|||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
warn "$FILE has not $PERMISSIONS permissions set"
|
warn "$FILE permissions were not set to $PERMISSIONS"
|
||||||
chmod 0$PERMISSIONS $FILE
|
chmod 0$PERMISSIONS $FILE
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/pam.d/login'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
does_pattern_exists_in_file $FILE $PATTERN
|
does_pattern_exists_in_file $FILE $PATTERN
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config'
|
|||||||
audit () {
|
audit () {
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0"
|
OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0"
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -58,7 +58,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
@ -19,7 +19,7 @@ audit () {
|
|||||||
OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'"
|
OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'"
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$PACKAGE is not installed !"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
for SSH_OPTION in $OPTIONS; do
|
for SSH_OPTION in $OPTIONS; do
|
||||||
@ -60,7 +60,7 @@ apply () {
|
|||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
|
||||||
else
|
else
|
||||||
info "Parameter $SSH_PARAM is present but with the wrong value, correcting"
|
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||||
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||||
fi
|
fi
|
||||||
/etc/init.d/ssh reload
|
/etc/init.d/ssh reload
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user