diff --git a/bin/hardening/10.1.1_set_password_exp_days.sh b/bin/hardening/10.1.1_set_password_exp_days.sh index 107637b..9d1b191 100755 --- a/bin/hardening/10.1.1_set_password_exp_days.sh +++ b/bin/hardening/10.1.1_set_password_exp_days.sh @@ -19,7 +19,7 @@ FILE='/etc/login.defs' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi fi diff --git a/bin/hardening/10.1.2_set_password_min_days_change.sh b/bin/hardening/10.1.2_set_password_min_days_change.sh index 3465301..83e3a0a 100755 --- a/bin/hardening/10.1.2_set_password_min_days_change.sh +++ b/bin/hardening/10.1.2_set_password_min_days_change.sh @@ -19,7 +19,7 @@ FILE='/etc/login.defs' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi fi diff --git a/bin/hardening/10.1.3_set_password_exp_warning_days.sh b/bin/hardening/10.1.3_set_password_exp_warning_days.sh index b81a2c9..66bca4e 100755 --- a/bin/hardening/10.1.3_set_password_exp_warning_days.sh +++ b/bin/hardening/10.1.3_set_password_exp_warning_days.sh @@ -19,7 +19,7 @@ FILE='/etc/login.defs' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi fi diff --git a/bin/hardening/10.2_disable_system_accounts.sh b/bin/hardening/10.2_disable_system_accounts.sh index 472ef58..b57eef6 100755 --- a/bin/hardening/10.2_disable_system_accounts.sh +++ b/bin/hardening/10.2_disable_system_accounts.sh @@ -33,7 +33,7 @@ audit () { fi done if [ ! -z "$RESULT" ]; then - crit "Some admin accounts have not $SHELL as shell" + crit "Some admin accounts don't have $SHELL as shell" crit "$RESULT" else ok "All admin accounts deactivated" @@ -57,7 +57,7 @@ apply () { fi done if [ ! -z "$RESULT" ]; then - warn "Some admin accounts have not $SHELL as shell" + warn "Some admin accounts don't have $SHELL as shell" warn "$RESULT" for USER in $( echo "$RESULT" | cut -d: -f 1 ); do info "Setting $SHELL to $USER" diff --git a/bin/hardening/10.3_default_root_group.sh b/bin/hardening/10.3_default_root_group.sh index e6aa07f..ec5d083 100755 --- a/bin/hardening/10.3_default_root_group.sh +++ b/bin/hardening/10.3_default_root_group.sh @@ -19,16 +19,16 @@ audit () { if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then ok "Root group has GID $EXPECTED_GID" else - crit "Root group has not GID $EXPECTED_GID" + crit "Root group GID should be $EXPECTED_GID" fi } # This function will be called if the script status is on enabled mode apply () { if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then - ok "Root group has GID $EXPECTED_GID" + ok "Root group GID is $EXPECTED_GID" else - warn "Root group has not GID $EXPECTED_GID" + warn "Root group GID is not $EXPECTED_GID" usermod -g $EXPECTED_GID $USER fi } diff --git a/bin/hardening/11.1_warning_banners.sh b/bin/hardening/11.1_warning_banners.sh index eae7e8b..5138bec 100755 --- a/bin/hardening/11.1_warning_banners.sh +++ b/bin/hardening/11.1_warning_banners.sh @@ -29,7 +29,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi done } diff --git a/bin/hardening/12.1_etc_passwd_permissions.sh b/bin/hardening/12.1_etc_passwd_permissions.sh index 6de6c9a..4bef238 100755 --- a/bin/hardening/12.1_etc_passwd_permissions.sh +++ b/bin/hardening/12.1_etc_passwd_permissions.sh @@ -20,7 +20,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/12.2_etc_shadow_permissions.sh b/bin/hardening/12.2_etc_shadow_permissions.sh index a290691..2e592ce 100755 --- a/bin/hardening/12.2_etc_shadow_permissions.sh +++ b/bin/hardening/12.2_etc_shadow_permissions.sh @@ -20,7 +20,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/12.3_etc_group_permissions.sh b/bin/hardening/12.3_etc_group_permissions.sh index baafaa4..edd09bf 100755 --- a/bin/hardening/12.3_etc_group_permissions.sh +++ b/bin/hardening/12.3_etc_group_permissions.sh @@ -20,7 +20,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/13.9_set_perm_on_user_netrc.sh b/bin/hardening/13.9_set_perm_on_user_netrc.sh index 8c05416..4a03bfc 100755 --- a/bin/hardening/13.9_set_perm_on_user_netrc.sh +++ b/bin/hardening/13.9_set_perm_on_user_netrc.sh @@ -24,7 +24,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" ERRORS=$((ERRORS+1)) fi fi @@ -47,7 +47,7 @@ apply () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - warn "$FILE has not $PERMISSIONS permissions set" + warn "$FILE permissions were not set to $PERMISSIONS" chmod 600 $FILE fi fi diff --git a/bin/hardening/2.10_home_nodev.sh b/bin/hardening/2.10_home_nodev.sh index 5459d3f..32cbf75 100755 --- a/bin/hardening/2.10_home_nodev.sh +++ b/bin/hardening/2.10_home_nodev.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.11_removable_device_nodev.sh b/bin/hardening/2.11_removable_device_nodev.sh index 0057d89..e2ed51b 100755 --- a/bin/hardening/2.11_removable_device_nodev.sh +++ b/bin/hardening/2.11_removable_device_nodev.sh @@ -29,10 +29,10 @@ audit () { info "detected $PARTITION like" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" fi fi } diff --git a/bin/hardening/2.12_removable_device_noexec.sh b/bin/hardening/2.12_removable_device_noexec.sh index 91a69d5..858ebd7 100755 --- a/bin/hardening/2.12_removable_device_noexec.sh +++ b/bin/hardening/2.12_removable_device_noexec.sh @@ -29,10 +29,10 @@ audit () { info "detected $PARTITION like" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" fi fi } diff --git a/bin/hardening/2.13_removable_device_nosuid.sh b/bin/hardening/2.13_removable_device_nosuid.sh index 541904b..a21d719 100755 --- a/bin/hardening/2.13_removable_device_nosuid.sh +++ b/bin/hardening/2.13_removable_device_nosuid.sh @@ -29,10 +29,10 @@ audit () { info "detected $PARTITION like" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" fi fi } diff --git a/bin/hardening/2.14_run_shm_nodev.sh b/bin/hardening/2.14_run_shm_nodev.sh index 7d1ad62..df045fe 100755 --- a/bin/hardening/2.14_run_shm_nodev.sh +++ b/bin/hardening/2.14_run_shm_nodev.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.15_run_shm_nosuid.sh b/bin/hardening/2.15_run_shm_nosuid.sh index 5d91ae7..b6ed27d 100755 --- a/bin/hardening/2.15_run_shm_nosuid.sh +++ b/bin/hardening/2.15_run_shm_nosuid.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.16_run_shm_noexec.sh b/bin/hardening/2.16_run_shm_noexec.sh index 2e2b3cb..ad773fe 100755 --- a/bin/hardening/2.16_run_shm_noexec.sh +++ b/bin/hardening/2.16_run_shm_noexec.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh index 2785ae5..da20e0d 100755 --- a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh @@ -16,7 +16,7 @@ audit () { info "Checking if setuid is set on world writable Directories" RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) if [ ! -z "$RESULT" ]; then - crit "Some world writable directories are not on sticky bit mode !" + crit "Some world writable directories are not on sticky bit mode!" FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ') crit "$FORMATTED_RESULT" else diff --git a/bin/hardening/2.18_disable_cramfs.sh b/bin/hardening/2.18_disable_cramfs.sh index a18f109..502438e 100755 --- a/bin/hardening/2.18_disable_cramfs.sh +++ b/bin/hardening/2.18_disable_cramfs.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="cramfs" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.19_disable_freevxfs.sh b/bin/hardening/2.19_disable_freevxfs.sh index a3d222a..d75dd4c 100755 --- a/bin/hardening/2.19_disable_freevxfs.sh +++ b/bin/hardening/2.19_disable_freevxfs.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="freevxfs" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.20_disable_jffs2.sh b/bin/hardening/2.20_disable_jffs2.sh index 98fb2d5..9626578 100755 --- a/bin/hardening/2.20_disable_jffs2.sh +++ b/bin/hardening/2.20_disable_jffs2.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="jffs2" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.21_disable_hfs.sh b/bin/hardening/2.21_disable_hfs.sh index abedc00..07daec4 100755 --- a/bin/hardening/2.21_disable_hfs.sh +++ b/bin/hardening/2.21_disable_hfs.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="hfs" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.22_disable_hfsplus.sh b/bin/hardening/2.22_disable_hfsplus.sh index 9d04eb5..045b7b0 100755 --- a/bin/hardening/2.22_disable_hfsplus.sh +++ b/bin/hardening/2.22_disable_hfsplus.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="hfsplus" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.23_disable_squashfs.sh b/bin/hardening/2.23_disable_squashfs.sh index f6444f4..87e690e 100755 --- a/bin/hardening/2.23_disable_squashfs.sh +++ b/bin/hardening/2.23_disable_squashfs.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="squashfs" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.24_disable_udf.sh b/bin/hardening/2.24_disable_udf.sh index 605430b..fb7be79 100755 --- a/bin/hardening/2.24_disable_udf.sh +++ b/bin/hardening/2.24_disable_udf.sh @@ -19,7 +19,7 @@ KERNEL_OPTION="udf" audit () { is_kernel_option_enabled $KERNEL_OPTION if [ $FNRET = 0 ]; then # 0 means true in bash, so it IS activated - crit "$KERNEL_OPTION is enabled !" + crit "$KERNEL_OPTION is enabled!" else ok "$KERNEL_OPTION is disabled" fi diff --git a/bin/hardening/2.2_tmp_nodev.sh b/bin/hardening/2.2_tmp_nodev.sh index 7a7fc90..df9cb29 100755 --- a/bin/hardening/2.2_tmp_nodev.sh +++ b/bin/hardening/2.2_tmp_nodev.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.3_tmp_nosuid.sh b/bin/hardening/2.3_tmp_nosuid.sh index 4e5bc4e..362358e 100755 --- a/bin/hardening/2.3_tmp_nosuid.sh +++ b/bin/hardening/2.3_tmp_nosuid.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.4_tmp_noexec.sh b/bin/hardening/2.4_tmp_noexec.sh index 7b2cc65..5b54887 100755 --- a/bin/hardening/2.4_tmp_noexec.sh +++ b/bin/hardening/2.4_tmp_noexec.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.6.2_var_tmp_nodev.sh b/bin/hardening/2.6.2_var_tmp_nodev.sh index 41d0aca..fd57968 100755 --- a/bin/hardening/2.6.2_var_tmp_nodev.sh +++ b/bin/hardening/2.6.2_var_tmp_nodev.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.6.3_var_tmp_nosuid.sh b/bin/hardening/2.6.3_var_tmp_nosuid.sh index e9a8132..7e930b7 100755 --- a/bin/hardening/2.6.3_var_tmp_nosuid.sh +++ b/bin/hardening/2.6.3_var_tmp_nosuid.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/2.6.4_var_tmp_noexec.sh b/bin/hardening/2.6.4_var_tmp_noexec.sh index 6cde5aa..1fdf1d4 100755 --- a/bin/hardening/2.6.4_var_tmp_noexec.sh +++ b/bin/hardening/2.6.4_var_tmp_noexec.sh @@ -27,10 +27,10 @@ audit () { ok "$PARTITION is a partition" has_mount_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then - crit "$PARTITION have no option $OPTION in fstab !" + crit "$PARTITION has no option $OPTION in fstab!" FNRET=1 else - ok "$PARTITION have $OPTION in fstab" + ok "$PARTITION has $OPTION in fstab" has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" diff --git a/bin/hardening/3.2_bootloader_permissions.sh b/bin/hardening/3.2_bootloader_permissions.sh index 6504242..adbcd6c 100755 --- a/bin/hardening/3.2_bootloader_permissions.sh +++ b/bin/hardening/3.2_bootloader_permissions.sh @@ -22,7 +22,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/4.1_restrict_core_dumps.sh b/bin/hardening/4.1_restrict_core_dumps.sh index 5975f54..5399ebd 100755 --- a/bin/hardening/4.1_restrict_core_dumps.sh +++ b/bin/hardening/4.1_restrict_core_dumps.sh @@ -26,9 +26,9 @@ audit () { fi has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -45,10 +45,10 @@ apply () { fi has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/4.3_enable_randomized_vm_placement.sh b/bin/hardening/4.3_enable_randomized_vm_placement.sh index 4a373c9..b31bb92 100755 --- a/bin/hardening/4.3_enable_randomized_vm_placement.sh +++ b/bin/hardening/4.3_enable_randomized_vm_placement.sh @@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=2 audit () { has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -30,10 +30,10 @@ audit () { apply () { has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/4.4_disable_prelink.sh b/bin/hardening/4.4_disable_prelink.sh index c8eb21a..41ad6a6 100755 --- a/bin/hardening/4.4_disable_prelink.sh +++ b/bin/hardening/4.4_disable_prelink.sh @@ -17,7 +17,7 @@ PACKAGE='prelink' audit () { is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/4.5_enable_apparmor.sh b/bin/hardening/4.5_enable_apparmor.sh index f735392..0a11767 100755 --- a/bin/hardening/4.5_enable_apparmor.sh +++ b/bin/hardening/4.5_enable_apparmor.sh @@ -17,7 +17,7 @@ PACKAGE='apparmor' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is absent !" + crit "$PACKAGE is absent!" else ok "$PACKAGE is installed" fi diff --git a/bin/hardening/5.1.1_disable_nis.sh b/bin/hardening/5.1.1_disable_nis.sh index bddf22d..aebd024 100755 --- a/bin/hardening/5.1.1_disable_nis.sh +++ b/bin/hardening/5.1.1_disable_nis.sh @@ -17,7 +17,7 @@ PACKAGE='nis' audit () { is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/5.1.2_disable_rsh.sh b/bin/hardening/5.1.2_disable_rsh.sh index bd7a380..574880e 100755 --- a/bin/hardening/5.1.2_disable_rsh.sh +++ b/bin/hardening/5.1.2_disable_rsh.sh @@ -28,7 +28,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, $PACKAGE services are enabled !" + crit "$PATTERN exists, $PACKAGE services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.1.4_disable_talk.sh b/bin/hardening/5.1.4_disable_talk.sh index 3a91b67..fea545f 100755 --- a/bin/hardening/5.1.4_disable_talk.sh +++ b/bin/hardening/5.1.4_disable_talk.sh @@ -27,7 +27,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, $PACKAGE services are enabled !" + crit "$PATTERN exists, $PACKAGE services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.1.6_disable_telnet_server.sh b/bin/hardening/5.1.6_disable_telnet_server.sh index 9289a98..52d3c6f 100755 --- a/bin/hardening/5.1.6_disable_telnet_server.sh +++ b/bin/hardening/5.1.6_disable_telnet_server.sh @@ -28,7 +28,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, $PACKAGE services are enabled !" + crit "$PATTERN exists, $PACKAGE services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.1.7_disable_tftp_server.sh b/bin/hardening/5.1.7_disable_tftp_server.sh index 26932eb..b33961f 100755 --- a/bin/hardening/5.1.7_disable_tftp_server.sh +++ b/bin/hardening/5.1.7_disable_tftp_server.sh @@ -27,7 +27,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, $PACKAGE services are enabled !" + crit "$PATTERN exists, $PACKAGE services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.2_disable_chargen.sh b/bin/hardening/5.2_disable_chargen.sh index 7408d6c..780b526 100755 --- a/bin/hardening/5.2_disable_chargen.sh +++ b/bin/hardening/5.2_disable_chargen.sh @@ -22,7 +22,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, chargen services are enabled !" + crit "$PATTERN exists, chargen services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.3_disable_daytime.sh b/bin/hardening/5.3_disable_daytime.sh index 77821ee..2e6eec7 100755 --- a/bin/hardening/5.3_disable_daytime.sh +++ b/bin/hardening/5.3_disable_daytime.sh @@ -22,7 +22,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, chargen services are enabled !" + crit "$PATTERN exists, chargen services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.4_disable_echo.sh b/bin/hardening/5.4_disable_echo.sh index e38b4cf..56f890a 100755 --- a/bin/hardening/5.4_disable_echo.sh +++ b/bin/hardening/5.4_disable_echo.sh @@ -22,7 +22,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, chargen services are enabled !" + crit "$PATTERN exists, chargen services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.5_disable_discard.sh b/bin/hardening/5.5_disable_discard.sh index 8807aba..b4e9321 100755 --- a/bin/hardening/5.5_disable_discard.sh +++ b/bin/hardening/5.5_disable_discard.sh @@ -22,7 +22,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, chargen services are enabled !" + crit "$PATTERN exists, chargen services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/5.6_disable_time.sh b/bin/hardening/5.6_disable_time.sh index aa7be28..03f6605 100755 --- a/bin/hardening/5.6_disable_time.sh +++ b/bin/hardening/5.6_disable_time.sh @@ -22,7 +22,7 @@ audit () { else does_pattern_exists_in_file $FILE $PATTERN if [ $FNRET = 0 ]; then - crit "$PATTERN exists, chargen services are enabled !" + crit "$PATTERN exists, chargen services are enabled!" else ok "$PATTERN not present in $FILE" fi diff --git a/bin/hardening/6.10_disable_http_server.sh b/bin/hardening/6.10_disable_http_server.sh index c9f1cc9..6a38895 100755 --- a/bin/hardening/6.10_disable_http_server.sh +++ b/bin/hardening/6.10_disable_http_server.sh @@ -19,7 +19,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.11_disable_imap_pop.sh b/bin/hardening/6.11_disable_imap_pop.sh index 414283a..68a3b86 100755 --- a/bin/hardening/6.11_disable_imap_pop.sh +++ b/bin/hardening/6.11_disable_imap_pop.sh @@ -19,7 +19,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.12_disable_samba.sh b/bin/hardening/6.12_disable_samba.sh index c89793b..1532189 100755 --- a/bin/hardening/6.12_disable_samba.sh +++ b/bin/hardening/6.12_disable_samba.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.13_disable_http_proxy.sh b/bin/hardening/6.13_disable_http_proxy.sh index b7c00cc..bb63735 100755 --- a/bin/hardening/6.13_disable_http_proxy.sh +++ b/bin/hardening/6.13_disable_http_proxy.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.14_disable_snmp_server.sh b/bin/hardening/6.14_disable_snmp_server.sh index fa6a144..a9ce138 100755 --- a/bin/hardening/6.14_disable_snmp_server.sh +++ b/bin/hardening/6.14_disable_snmp_server.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.1_disable_xwindow_system.sh b/bin/hardening/6.1_disable_xwindow_system.sh index 3bec993..1e8499f 100755 --- a/bin/hardening/6.1_disable_xwindow_system.sh +++ b/bin/hardening/6.1_disable_xwindow_system.sh @@ -19,7 +19,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.2_disable_avahi_server.sh b/bin/hardening/6.2_disable_avahi_server.sh index 232a0f1..bc2dd81 100755 --- a/bin/hardening/6.2_disable_avahi_server.sh +++ b/bin/hardening/6.2_disable_avahi_server.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.3_disable_print_server.sh b/bin/hardening/6.3_disable_print_server.sh index 0d55e7f..8e58ab8 100755 --- a/bin/hardening/6.3_disable_print_server.sh +++ b/bin/hardening/6.3_disable_print_server.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.4_disable_dhcp.sh b/bin/hardening/6.4_disable_dhcp.sh index 848df33..506edf5 100755 --- a/bin/hardening/6.4_disable_dhcp.sh +++ b/bin/hardening/6.4_disable_dhcp.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.5_configure_ntp.sh b/bin/hardening/6.5_configure_ntp.sh index 67bed3d..08ae94e 100755 --- a/bin/hardening/6.5_configure_ntp.sh +++ b/bin/hardening/6.5_configure_ntp.sh @@ -21,7 +21,7 @@ NTP_INIT_FILE='/etc/init.d/ntp' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed, checking configuration" does_pattern_exists_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN diff --git a/bin/hardening/6.6_disable_ldap.sh b/bin/hardening/6.6_disable_ldap.sh index c2a337d..dce2b20 100755 --- a/bin/hardening/6.6_disable_ldap.sh +++ b/bin/hardening/6.6_disable_ldap.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.7_disable_nfs_rpc.sh b/bin/hardening/6.7_disable_nfs_rpc.sh index a318aa8..b26811e 100755 --- a/bin/hardening/6.7_disable_nfs_rpc.sh +++ b/bin/hardening/6.7_disable_nfs_rpc.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.8_disable_dns_server.sh b/bin/hardening/6.8_disable_dns_server.sh index 2acdbd9..2590be0 100755 --- a/bin/hardening/6.8_disable_dns_server.sh +++ b/bin/hardening/6.8_disable_dns_server.sh @@ -18,7 +18,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/6.9_disable_ftp.sh b/bin/hardening/6.9_disable_ftp.sh index c9ea292..7914ed8 100755 --- a/bin/hardening/6.9_disable_ftp.sh +++ b/bin/hardening/6.9_disable_ftp.sh @@ -19,7 +19,7 @@ audit () { for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed !" + crit "$PACKAGE is installed!" else ok "$PACKAGE is absent" fi diff --git a/bin/hardening/7.1.1_disable_ip_forwarding.sh b/bin/hardening/7.1.1_disable_ip_forwarding.sh index 48611f9..e99b9bb 100755 --- a/bin/hardening/7.1.1_disable_ip_forwarding.sh +++ b/bin/hardening/7.1.1_disable_ip_forwarding.sh @@ -18,9 +18,9 @@ SYSCTL_EXP_RESULT=0 audit () { has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -30,11 +30,11 @@ audit () { apply () { has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.1.2_disable_send_packet_redirects.sh b/bin/hardening/7.1.2_disable_send_packet_redirects.sh index 54364a1..f765262 100755 --- a/bin/hardening/7.1.2_disable_send_packet_redirects.sh +++ b/bin/hardening/7.1.2_disable_send_packet_redirects.sh @@ -19,12 +19,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -36,14 +36,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.1_disable_source_routed_packets.sh b/bin/hardening/7.2.1_disable_source_routed_packets.sh index b057a2c..47626b5 100755 --- a/bin/hardening/7.2.1_disable_source_routed_packets.sh +++ b/bin/hardening/7.2.1_disable_source_routed_packets.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.2_disable_icmp_redirect.sh b/bin/hardening/7.2.2_disable_icmp_redirect.sh index 1a8a193..d76ec49 100755 --- a/bin/hardening/7.2.2_disable_icmp_redirect.sh +++ b/bin/hardening/7.2.2_disable_icmp_redirect.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh b/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh index 5ce550f..2760bd4 100755 --- a/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh +++ b/bin/hardening/7.2.3_disable_secure_icmp_redirect.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.4_log_martian_packets.sh b/bin/hardening/7.2.4_log_martian_packets.sh index 4f56bb8..f4fcfe9 100755 --- a/bin/hardening/7.2.4_log_martian_packets.sh +++ b/bin/hardening/7.2.4_log_martian_packets.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.5_ignore_broadcast_requests.sh b/bin/hardening/7.2.5_ignore_broadcast_requests.sh index 2dbf1dd..558073f 100755 --- a/bin/hardening/7.2.5_ignore_broadcast_requests.sh +++ b/bin/hardening/7.2.5_ignore_broadcast_requests.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist --Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.6_enable_bad_error_message_protection.sh b/bin/hardening/7.2.6_enable_bad_error_message_protection.sh index f03bec1..5b10836 100755 --- a/bin/hardening/7.2.6_enable_bad_error_message_protection.sh +++ b/bin/hardening/7.2.6_enable_bad_error_message_protection.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.7_enable_source_route_validation.sh b/bin/hardening/7.2.7_enable_source_route_validation.sh index 5c80650..75fac06 100755 --- a/bin/hardening/7.2.7_enable_source_route_validation.sh +++ b/bin/hardening/7.2.7_enable_source_route_validation.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh b/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh index 1e3c13b..06cb7b0 100755 --- a/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh +++ b/bin/hardening/7.2.8_enable_tcp_syn_cookies.sh @@ -18,12 +18,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -35,14 +35,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh b/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh index 63e5a04..3852f2f 100755 --- a/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh +++ b/bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh @@ -22,12 +22,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -44,14 +44,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.3.2_disable_ipv6_redirect.sh b/bin/hardening/7.3.2_disable_ipv6_redirect.sh index 16cc84b..377b1d3 100755 --- a/bin/hardening/7.3.2_disable_ipv6_redirect.sh +++ b/bin/hardening/7.3.2_disable_ipv6_redirect.sh @@ -22,12 +22,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -44,14 +44,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT sysctl -w net.ipv4.route.flush=1 > /dev/null elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.3.3_disable_ipv6.sh b/bin/hardening/7.3.3_disable_ipv6.sh index 86c823b..21c6721 100755 --- a/bin/hardening/7.3.3_disable_ipv6.sh +++ b/bin/hardening/7.3.3_disable_ipv6.sh @@ -22,12 +22,12 @@ audit () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - crit "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value !" + crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi @@ -44,14 +44,14 @@ apply () { for SYSCTL_VALUES in $SYSCTL_PARAMS; do SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) - debug "$SYSCTL_PARAM must have $SYSCTL_EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT if [ $FNRET != 0 ]; then - warn "$SYSCTL_PARAM has not $SYSCTL_EXP_RESULT value, correcting it" + warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing" set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS" elif [ $FNRET = 255 ]; then - warn "$SYSCTL_PARAM does not exist, typo ?" + warn "$SYSCTL_PARAM does not exist -- Typo?" else ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT" fi diff --git a/bin/hardening/7.4.1_install_tcp_wrapper.sh b/bin/hardening/7.4.1_install_tcp_wrapper.sh index adabcf6..c3f19e6 100755 --- a/bin/hardening/7.4.1_install_tcp_wrapper.sh +++ b/bin/hardening/7.4.1_install_tcp_wrapper.sh @@ -17,7 +17,7 @@ PACKAGE='tcpd' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" fi diff --git a/bin/hardening/7.4.3_hosts_allow_permissions.sh b/bin/hardening/7.4.3_hosts_allow_permissions.sh index 381f5a7..d032eb5 100755 --- a/bin/hardening/7.4.3_hosts_allow_permissions.sh +++ b/bin/hardening/7.4.3_hosts_allow_permissions.sh @@ -20,7 +20,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/7.4.5_hosts_deny_permissions.sh b/bin/hardening/7.4.5_hosts_deny_permissions.sh index 9930f56..c70b19d 100755 --- a/bin/hardening/7.4.5_hosts_deny_permissions.sh +++ b/bin/hardening/7.4.5_hosts_deny_permissions.sh @@ -20,7 +20,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/7.7_enable_firewall.sh b/bin/hardening/7.7_enable_firewall.sh index 28c0033..cacbd26 100755 --- a/bin/hardening/7.7_enable_firewall.sh +++ b/bin/hardening/7.7_enable_firewall.sh @@ -20,7 +20,7 @@ PACKAGE='iptables' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" fi diff --git a/bin/hardening/8.0_enable_auditd_kernel.sh b/bin/hardening/8.0_enable_auditd_kernel.sh index 8f9c443..743cb43 100755 --- a/bin/hardening/8.0_enable_auditd_kernel.sh +++ b/bin/hardening/8.0_enable_auditd_kernel.sh @@ -11,7 +11,7 @@ set -e # One error, it's over set -u # One variable unset, it's over -# Note : Not part of the CIS guide, but what's the point configuring a software not compatible with your kernel ? :) +# Note : Not part of the CIS guide, but what's the point of configuring software not compatible with your kernel? :) KERNEL_OPTION="CONFIG_AUDIT" diff --git a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh index 915dec0..df1220c 100755 --- a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh +++ b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh @@ -25,7 +25,7 @@ audit () { AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" - debug "$AUDIT_PARAM must have value $AUDIT_VALUE" + debug "$AUDIT_PARAM should be set to $AUDIT_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then crit "$PATTERN not present in $FILE" @@ -48,7 +48,7 @@ apply () { for AUDIT_OPTION in $OPTIONS; do AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) - debug "$AUDIT_PARAM must have value $AUDIT_VALUE" + debug "$AUDIT_PARAM should be set to $AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then @@ -58,7 +58,7 @@ apply () { info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end" add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE" else - info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting" + info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE" fi else diff --git a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh index 18d7d3d..a4f25b8 100755 --- a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh +++ b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh @@ -25,7 +25,7 @@ audit () { AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" - debug "$AUDIT_PARAM must have value $AUDIT_VALUE" + debug "$AUDIT_PARAM should be set to $AUDIT_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then crit "$PATTERN not present in $FILE" @@ -48,7 +48,7 @@ apply () { for AUDIT_OPTION in $OPTIONS; do AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) - debug "$AUDIT_PARAM must have value $AUDIT_VALUE" + debug "$AUDIT_PARAM should be set to $AUDIT_VALUE" PATTERN="^$AUDIT_PARAM[[:space:]]*=[[:space:]]*$AUDIT_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then @@ -58,7 +58,7 @@ apply () { info "Parameter $AUDIT_PARAM seems absent from $FILE, adding at the end" add_end_of_file $FILE "$AUDIT_PARAM = $AUDIT_VALUE" else - info "Parameter $AUDIT_PARAM is present but with the wrong value, correcting" + info "Parameter $AUDIT_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$AUDIT_PARAM[[:space:]]*=.*" "$AUDIT_PARAM = $AUDIT_VALUE" fi else diff --git a/bin/hardening/8.1.2_enable_auditd.sh b/bin/hardening/8.1.2_enable_auditd.sh index 66ed321..d95a0bb 100755 --- a/bin/hardening/8.1.2_enable_auditd.sh +++ b/bin/hardening/8.1.2_enable_auditd.sh @@ -18,7 +18,7 @@ SERVICE_NAME='auditd' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" is_service_enabled $SERVICE_NAME diff --git a/bin/hardening/8.1.3_audit_bootloader.sh b/bin/hardening/8.1.3_audit_bootloader.sh index a47fec4..03ad6e6 100755 --- a/bin/hardening/8.1.3_audit_bootloader.sh +++ b/bin/hardening/8.1.3_audit_bootloader.sh @@ -25,7 +25,7 @@ audit () { GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) PATTERN="^$GRUB_PARAM=$GRUB_VALUE" - debug "$GRUB_PARAM must have value $GRUB_VALUE" + debug "$GRUB_PARAM should be set to $GRUB_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then crit "$PATTERN not present in $FILE" @@ -48,7 +48,7 @@ apply () { for GRUB_OPTION in $OPTIONS; do GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) - debug "$GRUB_PARAM must have value $GRUB_VALUE" + debug "$GRUB_PARAM should be set to $GRUB_VALUE" PATTERN="^$GRUB_PARAM=$GRUB_VALUE" does_pattern_exists_in_file $FILE "$PATTERN" if [ $FNRET != 0 ]; then @@ -58,7 +58,7 @@ apply () { info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end" add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE" else - info "Parameter $GRUB_PARAM is present but with the wrong value, correcting" + info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE" fi else diff --git a/bin/hardening/8.2.1_install_syslog-ng.sh b/bin/hardening/8.2.1_install_syslog-ng.sh index 61c9c0a..b08fe6d 100755 --- a/bin/hardening/8.2.1_install_syslog-ng.sh +++ b/bin/hardening/8.2.1_install_syslog-ng.sh @@ -18,7 +18,7 @@ PACKAGE='syslog-ng' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" fi diff --git a/bin/hardening/8.2.4_set_logfile_perm.sh b/bin/hardening/8.2.4_set_logfile_perm.sh index ddf9523..7dbe6e9 100755 --- a/bin/hardening/8.2.4_set_logfile_perm.sh +++ b/bin/hardening/8.2.4_set_logfile_perm.sh @@ -33,7 +33,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi fi done diff --git a/bin/hardening/8.3.1_install_tripwire.sh b/bin/hardening/8.3.1_install_tripwire.sh index 591ab2a..5946aa1 100755 --- a/bin/hardening/8.3.1_install_tripwire.sh +++ b/bin/hardening/8.3.1_install_tripwire.sh @@ -18,7 +18,7 @@ PACKAGE='tripwire' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" fi diff --git a/bin/hardening/9.1.1_enable_cron.sh b/bin/hardening/9.1.1_enable_cron.sh index 49fb1ae..4a8e398 100755 --- a/bin/hardening/9.1.1_enable_cron.sh +++ b/bin/hardening/9.1.1_enable_cron.sh @@ -18,7 +18,7 @@ SERVICE_NAME="cron" audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" is_service_enabled $SERVICE_NAME diff --git a/bin/hardening/9.1.2_crontab_perm_ownership.sh b/bin/hardening/9.1.2_crontab_perm_ownership.sh index 1e8f140..358c5f3 100755 --- a/bin/hardening/9.1.2_crontab_perm_ownership.sh +++ b/bin/hardening/9.1.2_crontab_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh b/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh index e2ef13e..165ebdb 100755 --- a/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh +++ b/bin/hardening/9.1.3_cron_hourly_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.4_cron_daily_perm_ownership.sh b/bin/hardening/9.1.4_cron_daily_perm_ownership.sh index ffcde0b..416e3c9 100755 --- a/bin/hardening/9.1.4_cron_daily_perm_ownership.sh +++ b/bin/hardening/9.1.4_cron_daily_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh b/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh index fbb81e4..84ac63b 100755 --- a/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh +++ b/bin/hardening/9.1.5_cron_weekly_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh b/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh index 40b9aee..7224406 100755 --- a/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh +++ b/bin/hardening/9.1.6_cron_monthly_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.7_cron_d_perm_ownership.sh b/bin/hardening/9.1.7_cron_d_perm_ownership.sh index 046e9ac..5db00ba 100755 --- a/bin/hardening/9.1.7_cron_d_perm_ownership.sh +++ b/bin/hardening/9.1.7_cron_d_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.1.8_cron_users.sh b/bin/hardening/9.1.8_cron_users.sh index b89ad3d..1788b9c 100755 --- a/bin/hardening/9.1.8_cron_users.sh +++ b/bin/hardening/9.1.8_cron_users.sh @@ -42,7 +42,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi fi done @@ -76,7 +76,7 @@ apply () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - warn "$FILE has not $PERMISSIONS permissions set" + warn "$FILE permissions were not set to $PERMISSIONS" chmod 0$PERMISSIONS $FILE fi done diff --git a/bin/hardening/9.2.1_enable_cracklib.sh b/bin/hardening/9.2.1_enable_cracklib.sh index ce7ef3e..65dab6a 100755 --- a/bin/hardening/9.2.1_enable_cracklib.sh +++ b/bin/hardening/9.2.1_enable_cracklib.sh @@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" does_pattern_exists_in_file $FILE $PATTERN diff --git a/bin/hardening/9.2.2_enable_lockout_failed_password.sh b/bin/hardening/9.2.2_enable_lockout_failed_password.sh index d72e4c8..4f01ff6 100755 --- a/bin/hardening/9.2.2_enable_lockout_failed_password.sh +++ b/bin/hardening/9.2.2_enable_lockout_failed_password.sh @@ -19,7 +19,7 @@ FILE='/etc/pam.d/login' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" does_pattern_exists_in_file $FILE $PATTERN diff --git a/bin/hardening/9.2.3_limit_password_reuse.sh b/bin/hardening/9.2.3_limit_password_reuse.sh index 4146a18..ace964c 100755 --- a/bin/hardening/9.2.3_limit_password_reuse.sh +++ b/bin/hardening/9.2.3_limit_password_reuse.sh @@ -19,7 +19,7 @@ FILE='/etc/pam.d/common-password' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" does_pattern_exists_in_file $FILE $PATTERN diff --git a/bin/hardening/9.3.10_disable_sshd_setenv.sh b/bin/hardening/9.3.10_disable_sshd_setenv.sh index fad68cf..384e22f 100755 --- a/bin/hardening/9.3.10_disable_sshd_setenv.sh +++ b/bin/hardening/9.3.10_disable_sshd_setenv.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.11_sshd_ciphers.sh b/bin/hardening/9.3.11_sshd_ciphers.sh index 7d6540e..1b4fff9 100755 --- a/bin/hardening/9.3.11_sshd_ciphers.sh +++ b/bin/hardening/9.3.11_sshd_ciphers.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.12_sshd_idle_timeout.sh b/bin/hardening/9.3.12_sshd_idle_timeout.sh index b7b891d..41e9e25 100755 --- a/bin/hardening/9.3.12_sshd_idle_timeout.sh +++ b/bin/hardening/9.3.12_sshd_idle_timeout.sh @@ -19,7 +19,7 @@ audit () { OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0" is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.13_sshd_limit_access.sh b/bin/hardening/9.3.13_sshd_limit_access.sh index 28531be..2c4e6ca 100755 --- a/bin/hardening/9.3.13_sshd_limit_access.sh +++ b/bin/hardening/9.3.13_sshd_limit_access.sh @@ -19,7 +19,7 @@ audit () { OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'" is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -60,7 +60,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.14_ssh_banner.sh b/bin/hardening/9.3.14_ssh_banner.sh index 0ac086a..2a572d5 100755 --- a/bin/hardening/9.3.14_ssh_banner.sh +++ b/bin/hardening/9.3.14_ssh_banner.sh @@ -19,7 +19,7 @@ audit () { OPTIONS="Banner=$BANNER_FILE" is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do diff --git a/bin/hardening/9.3.1_sshd_protocol.sh b/bin/hardening/9.3.1_sshd_protocol.sh index df6de4f..2b32a67 100755 --- a/bin/hardening/9.3.1_sshd_protocol.sh +++ b/bin/hardening/9.3.1_sshd_protocol.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload > /dev/null 2>&1 diff --git a/bin/hardening/9.3.2_sshd_loglevel.sh b/bin/hardening/9.3.2_sshd_loglevel.sh index b60ccd2..6933e5c 100755 --- a/bin/hardening/9.3.2_sshd_loglevel.sh +++ b/bin/hardening/9.3.2_sshd_loglevel.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload > /dev/null 2>&1 diff --git a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh b/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh index e715afc..71cd3f4 100755 --- a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh +++ b/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh @@ -28,7 +28,7 @@ audit () { if [ $FNRET = 0 ]; then ok "$FILE has correct permissions" else - crit "$FILE has not $PERMISSIONS permissions set" + crit "$FILE permissions were not set to $PERMISSIONS" fi } diff --git a/bin/hardening/9.3.4_disable_x11_forwarding.sh b/bin/hardening/9.3.4_disable_x11_forwarding.sh index cee73a2..3a74ddd 100755 --- a/bin/hardening/9.3.4_disable_x11_forwarding.sh +++ b/bin/hardening/9.3.4_disable_x11_forwarding.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload > /dev/null 2>&1 diff --git a/bin/hardening/9.3.5_sshd_maxauthtries.sh b/bin/hardening/9.3.5_sshd_maxauthtries.sh index cb4b309..99ece8b 100755 --- a/bin/hardening/9.3.5_sshd_maxauthtries.sh +++ b/bin/hardening/9.3.5_sshd_maxauthtries.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh index cc0f659..f6da40e 100755 --- a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh +++ b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh index 0f8f17c..3d099b5 100755 --- a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh +++ b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.8_disable_root_login.sh b/bin/hardening/9.3.8_disable_root_login.sh index d524981..427a375 100755 --- a/bin/hardening/9.3.8_disable_root_login.sh +++ b/bin/hardening/9.3.8_disable_root_login.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh index 5f3fbf1..2934f51 100755 --- a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh +++ b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh @@ -19,7 +19,7 @@ FILE='/etc/ssh/sshd_config' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" for SSH_OPTION in $OPTIONS; do @@ -58,7 +58,7 @@ apply () { if [ $FNRET != 0 ]; then add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" else - info "Parameter $SSH_PARAM is present but with the wrong value, correcting" + info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" fi /etc/init.d/ssh reload diff --git a/bin/hardening/9.5_restrict_su.sh b/bin/hardening/9.5_restrict_su.sh index ddeb580..dc4f25b 100755 --- a/bin/hardening/9.5_restrict_su.sh +++ b/bin/hardening/9.5_restrict_su.sh @@ -19,7 +19,7 @@ FILE='/etc/pam.d/su' audit () { is_pkg_installed $PACKAGE if [ $FNRET != 0 ]; then - crit "$PACKAGE is not installed !" + crit "$PACKAGE is not installed!" else ok "$PACKAGE is installed" does_pattern_exists_in_file $FILE $PATTERN diff --git a/lib/utils.sh b/lib/utils.sh index e46a09f..f459932 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -14,7 +14,7 @@ has_sysctl_param_expected_result() { debug "$SYSCTL_PARAM does not exist" FNRET=255 else - debug "$SYSCTL_PARAM has not a value of $EXP_RESULT" + debug "$SYSCTL_PARAM should be set to $EXP_RESULT" FNRET=1 fi } @@ -39,7 +39,7 @@ set_sysctl_param() { debug "$SYSCTL_PARAM does not exist" FNRET=255 else - warn "$SYSCTL_PARAM Failed !" + warn "$SYSCTL_PARAM failed!" FNRET=1 fi }