Merge pull request #5 in IAAS/cis-hardening from dev/thibault.dewailly/fixedLicense to master

* commit 'a7f418d8a2d5b90a7257542b1dd16fd4238721ca':
  Corrected script names, added License, Completed README and corrected bug with too long logger messages
This commit is contained in:
Thibault Dewailly 2016-04-19 13:53:08 +02:00
commit df10deb2b4
8 changed files with 41 additions and 8 deletions

25
LICENSE Normal file
View File

@ -0,0 +1,25 @@
Copyright (c) 2016, OVH SAS.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of OVH SAS nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL OVH SAS AND CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

16
README
View File

@ -5,9 +5,17 @@
# Hardening scripts : # Hardening scripts :
# bin/hardening : Every script has a .cfg associated, status must be defined here # bin/hardening : Every script has a .cfg associated, status must be defined here
# Main script :
# bin/hardening.sh : Will execute hardening according to configuration
# Configuration # Configuration
# etc/hardening.cfg : Global variables defined such as backup directory, or log level # etc/hardening.cfg : Global variables defined such as backup directory, or log level
# etc/conf.d : Folder with all .cfg associated to hardenign scripts # etc/conf.d : Folder with all .cfg associated to hardening scripts
# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
# Enabled will perform audit and most of the time correct your system accordingly.
# There is exceptions as it is difficult to know how you want to correct that.
# Main script :
# bin/hardening.sh : Will execute hardening according to configuration
# Options are :
# --apply : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
# --audit : Will audit hardening when scripts have status enabled or audit (RO)
# --audit-all : Apply audit (RO) on all scripts

View File

@ -22,7 +22,7 @@ audit () {
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ') FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT" crit "$FORMATTED_RESULT"
else else
ok "No world writable files found" ok "No unowned files found"
fi fi
} }
@ -33,7 +33,7 @@ apply () {
warn "chmowing all unowned files in the system" warn "chmowing all unowned files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
else else
ok "No world writable files found, nothing to apply" ok "No unowned files found, nothing to apply"
fi fi
} }

View File

@ -46,14 +46,14 @@ _logger() {
COLOR=$1 COLOR=$1
shift shift
test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0) test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0)
/usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info" "$*" builtin echo "$*" | /usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info"
test -t 1 && cecho $COLOR "$SCRIPT_NAME $*" test -t 1 && cecho $COLOR "$SCRIPT_NAME $*"
} }
cecho () { cecho () {
COLOR=$1 COLOR=$1
shift shift
echo -e "${COLOR}$*${NC}" builtin echo -e "${COLOR}$*${NC}"
} }
crit () { crit () {