debian-cis/lib/common.sh
Charles Herlin 7690b57ea9 FIX: add becho to send batch output to syslog too
becho stands for batch echo
formats the log line for syslog

Also logs audit summary into syslog (in batch mode only)
2019-02-07 11:41:12 +01:00

113 lines
2.4 KiB
Bash

# CIS Debian Hardening common functions
#
# File Backup functions
#
backup_file() {
FILE=$1
if [ ! -f $FILE ]; then
crit "Cannot backup $FILE, it's not a file"
FNRET=1
else
TARGET=$(echo $FILE | sed -s -e 's/\//./g' -e 's/^.//' -e "s/$/.$(date +%F-%H_%M_%S)/" )
TARGET="$BACKUPDIR/$TARGET"
debug "Backuping $FILE to $TARGET"
cp -a $FILE $TARGET
FNRET=0
fi
}
#
# Logging functions
#
case $LOGLEVEL in
error )
MACHINE_LOG_LEVEL=1
;;
warning )
MACHINE_LOG_LEVEL=2
;;
ok )
MACHINE_LOG_LEVEL=3
;;
info )
MACHINE_LOG_LEVEL=4
;;
debug )
MACHINE_LOG_LEVEL=5
;;
*)
MACHINE_LOG_LEVEL=4 ## Default loglevel value to info
esac
_logger() {
COLOR=$1
shift
test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0)
builtin echo "$*" | /usr/bin/logger -t "CIS_Hardening[$$] $SCRIPT_NAME" -p "user.info"
SCRIPT_NAME_FIXEDLEN=$(printf "%-25.25s" "$SCRIPT_NAME")
cecho $COLOR "$SCRIPT_NAME_FIXEDLEN $*"
}
becho() {
builtin echo "$*" | /usr/bin/logger -t "CIS_Hardening[$$]" -p "user.info"
builtin echo "$*"
}
cecho () {
COLOR=$1
shift
builtin echo -e "${COLOR}$*${NC}"
}
crit () {
if [ ${BATCH_MODE:-0} -eq 1 ]; then
BATCH_OUTPUT="$BATCH_OUTPUT KO{$*}"
else
if [ $MACHINE_LOG_LEVEL -ge 1 ]; then _logger $BRED "[ KO ] $*"; fi
fi
# This variable incrementation is used to measure failure or success in tests
CRITICAL_ERRORS_NUMBER=$((CRITICAL_ERRORS_NUMBER+1))
}
warn () {
if [ ${BATCH_MODE:-0} -eq 1 ]; then
BATCH_OUTPUT="$BATCH_OUTPUT WARN{$*}"
else
if [ $MACHINE_LOG_LEVEL -ge 2 ]; then _logger $BYELLOW "[WARN] $*"; fi
fi
}
ok () {
if [ ${BATCH_MODE:-0} -eq 1 ]; then
BATCH_OUTPUT="$BATCH_OUTPUT OK{$*}"
else
if [ $MACHINE_LOG_LEVEL -ge 3 ]; then _logger $BGREEN "[ OK ] $*"; fi
fi
}
info () {
if [ $MACHINE_LOG_LEVEL -ge 4 ]; then _logger '' "[INFO] $*"; fi
}
debug () {
if [ $MACHINE_LOG_LEVEL -ge 5 ]; then _logger $GRAY "[DBG ] $*"; fi
}
#
# sudo wrapper
# issue crit state if not allowed to perform sudo
# for the specified command
#
sudo_wrapper() {
if sudo -l "$@" >/dev/null 2>&1 ; then
sudo -n "$@"
else
crit "Not allowed to \"sudo -n $*\" "
fi
}