Modify apply method of 2.2, add add_option_to_systemd and remount_partition_by_systemd methods.

This commit is contained in:
Samson-W 2018-08-25 05:09:03 +08:00
parent 214c11a0cd
commit 0e20379c95
4 changed files with 33 additions and 5 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tmp/*

View File

@ -16,7 +16,8 @@ HARDENING_LEVEL=2
# Quick factoring as many script use the same logic
PARTITION="/tmp"
OPTION="nodev"
SERVICENAME="/etc/systemd/system/tmp.mount"
SERVICEPATH="/etc/systemd/system/tmp.mount"
SERVICENAME="tmp.mount"
# This function will be called if the script status is on enabled / audit mode
audit () {
@ -51,7 +52,7 @@ audit () {
crit "$PARTITION is not mounted"
FNRET=4
else
has_mount_option_systemd $SERVICENAME $OPTION
has_mount_option_systemd $SERVICEPATH $OPTION
if [ $FNRET -gt 0 ]; then
crit "$PARTITION has no option $OPTION in systemd service!"
FNRET=5
@ -87,13 +88,14 @@ apply () {
remount_partition $PARTITION
elif [ $FNRET = 4 ]; then
info "Remounting $PARTITION from systemd"
remount_partition $PARTITION
remount_partition_by_systemd $SERVICENAME $PARTITION
elif [ $FNRET = 5 ]; then
info "Remounting $PARTITION from systemd"
remount_partition $PARTITION
add_option_to_systemd $SERVICEPATH $OPTION $SERVICENAME
remount_partition_by_systemd $SERVICENAME $PARTITION
elif [ $FNRET = 6 ]; then
info "Remounting $PARTITION from systemd"
remount_partition $PARTITION
remount_partition_by_systemd $SERVICENAME $PARTITION
fi
}

2
etc/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.cfg

View File

@ -334,6 +334,29 @@ remount_partition() {
mount -o remount $PARTITION
}
# Setup mount option in systemd
add_option_to_systemd() {
local SERVICEPATH=$1
local OPTION=$2
local SERVICENAME=$3
debug "Setting $OPTION for in systemd"
backup_file "$SERVICEPATH"
systemctl stop $SERVICENAME
# For example :
# Options=mode=1777,strictatime,nosuid
# Options=mode=1777,strictatime,nosuid,nodev
#debug "Sed command : sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;\" $SERVICEPATH"
sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;" $SERVICEPATH
systemctl daemon-reload
}
remount_partition_by_systemd() {
local SERVICENAME=$1
local PARTITION=$2
debug "Remounting $PARTITION by systemd"
systemctl start $SERVICENAME
}
#
# APT
#