Modify apply method of 2.2, add add_option_to_systemd and remount_partition_by_systemd methods.
This commit is contained in:
parent
214c11a0cd
commit
0e20379c95
|
@ -0,0 +1 @@
|
|||
tmp/*
|
|
@ -16,7 +16,8 @@ HARDENING_LEVEL=2
|
|||
# Quick factoring as many script use the same logic
|
||||
PARTITION="/tmp"
|
||||
OPTION="nodev"
|
||||
SERVICENAME="/etc/systemd/system/tmp.mount"
|
||||
SERVICEPATH="/etc/systemd/system/tmp.mount"
|
||||
SERVICENAME="tmp.mount"
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
|
@ -51,7 +52,7 @@ audit () {
|
|||
crit "$PARTITION is not mounted"
|
||||
FNRET=4
|
||||
else
|
||||
has_mount_option_systemd $SERVICENAME $OPTION
|
||||
has_mount_option_systemd $SERVICEPATH $OPTION
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in systemd service!"
|
||||
FNRET=5
|
||||
|
@ -87,13 +88,14 @@ apply () {
|
|||
remount_partition $PARTITION
|
||||
elif [ $FNRET = 4 ]; then
|
||||
info "Remounting $PARTITION from systemd"
|
||||
remount_partition $PARTITION
|
||||
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||
elif [ $FNRET = 5 ]; then
|
||||
info "Remounting $PARTITION from systemd"
|
||||
remount_partition $PARTITION
|
||||
add_option_to_systemd $SERVICEPATH $OPTION $SERVICENAME
|
||||
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||
elif [ $FNRET = 6 ]; then
|
||||
info "Remounting $PARTITION from systemd"
|
||||
remount_partition $PARTITION
|
||||
remount_partition_by_systemd $SERVICENAME $PARTITION
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
*.cfg
|
||||
|
23
lib/utils.sh
23
lib/utils.sh
|
@ -334,6 +334,29 @@ remount_partition() {
|
|||
mount -o remount $PARTITION
|
||||
}
|
||||
|
||||
# Setup mount option in systemd
|
||||
add_option_to_systemd() {
|
||||
local SERVICEPATH=$1
|
||||
local OPTION=$2
|
||||
local SERVICENAME=$3
|
||||
debug "Setting $OPTION for in systemd"
|
||||
backup_file "$SERVICEPATH"
|
||||
systemctl stop $SERVICENAME
|
||||
# For example :
|
||||
# Options=mode=1777,strictatime,nosuid
|
||||
# Options=mode=1777,strictatime,nosuid,nodev
|
||||
#debug "Sed command : sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;\" $SERVICEPATH"
|
||||
sed -ie "s;\(^Options.*=mode=[1,2,4,7][1,2,4,7][1,2,4,7][1,2,4,7].*\);\1,$OPTION;" $SERVICEPATH
|
||||
systemctl daemon-reload
|
||||
}
|
||||
|
||||
remount_partition_by_systemd() {
|
||||
local SERVICENAME=$1
|
||||
local PARTITION=$2
|
||||
debug "Remounting $PARTITION by systemd"
|
||||
systemctl start $SERVICENAME
|
||||
}
|
||||
|
||||
#
|
||||
# APT
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue