Modify apply method of 2.2, add add_option_to_systemd and remount_partition_by_systemd methods.
This commit is contained in:
parent
214c11a0cd
commit
0e20379c95
|
@ -0,0 +1 @@
|
||||||
|
tmp/*
|
|
@ -16,7 +16,8 @@ HARDENING_LEVEL=2
|
||||||
# Quick factoring as many script use the same logic
|
# Quick factoring as many script use the same logic
|
||||||
PARTITION="/tmp"
|
PARTITION="/tmp"
|
||||||
OPTION="nodev"
|
OPTION="nodev"
|
||||||
SERVICENAME="/etc/systemd/system/tmp.mount"
|
SERVICEPATH="/etc/systemd/system/tmp.mount"
|
||||||
|
SERVICENAME="tmp.mount"
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
|
@ -51,7 +52,7 @@ audit () {
|
||||||
crit "$PARTITION is not mounted"
|
crit "$PARTITION is not mounted"
|
||||||
FNRET=4
|
FNRET=4
|
||||||
else
|
else
|
||||||
has_mount_option_systemd $SERVICENAME $OPTION
|
has_mount_option_systemd $SERVICEPATH $OPTION
|
||||||
if [ $FNRET -gt 0 ]; then
|
if [ $FNRET -gt 0 ]; then
|
||||||
crit "$PARTITION has no option $OPTION in systemd service!"
|
crit "$PARTITION has no option $OPTION in systemd service!"
|
||||||
FNRET=5
|
FNRET=5
|
||||||
|
@ -87,13 +88,14 @@ apply () {
|
||||||
remount_partition $PARTITION
|
remount_partition $PARTITION
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
info "Remounting $PARTITION from systemd"
|
info "Remounting $PARTITION from systemd"
|
||||||
remount_partition $PARTITION
|
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
info "Remounting $PARTITION from systemd"
|
info "Remounting $PARTITION from systemd"
|
||||||
remount_partition $PARTITION
|
add_option_to_systemd $SERVICEPATH $OPTION $SERVICENAME
|
||||||
|
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||||
elif [ $FNRET = 6 ]; then
|
elif [ $FNRET = 6 ]; then
|
||||||
info "Remounting $PARTITION from systemd"
|
info "Remounting $PARTITION from systemd"
|
||||||
remount_partition $PARTITION
|
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
*.cfg
|
||||||
|
|
23
lib/utils.sh
23
lib/utils.sh
|
@ -334,6 +334,29 @@ remount_partition() {
|
||||||
mount -o remount $PARTITION
|
mount -o remount $PARTITION
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Setup mount option in systemd
|
||||||
|
add_option_to_systemd() {
|
||||||
|
local SERVICEPATH=$1
|
||||||
|
local OPTION=$2
|
||||||
|
local SERVICENAME=$3
|
||||||
|
debug "Setting $OPTION for in systemd"
|
||||||
|
backup_file "$SERVICEPATH"
|
||||||
|
systemctl stop $SERVICENAME
|
||||||
|
# For example :
|
||||||
|
# Options=mode=1777,strictatime,nosuid
|
||||||
|
# Options=mode=1777,strictatime,nosuid,nodev
|
||||||
|
#debug "Sed command : sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;\" $SERVICEPATH"
|
||||||
|
sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;" $SERVICEPATH
|
||||||
|
systemctl daemon-reload
|
||||||
|
}
|
||||||
|
|
||||||
|
remount_partition_by_systemd() {
|
||||||
|
local SERVICENAME=$1
|
||||||
|
local PARTITION=$2
|
||||||
|
debug "Remounting $PARTITION by systemd"
|
||||||
|
systemctl start $SERVICENAME
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# APT
|
# APT
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue