mirror of
https://github.com/hardenedlinux/harbian-audit.git
synced 2025-07-31 01:24:58 +02:00
Added function: Check the default value of the parameter that has not been set.
This commit is contained in:
Samson-W
parent
6598eb4b43
commit
0e20dd251a
@ -21,6 +21,11 @@ ALLOWGROUP='AllowGroups[[:space:]]*\*'
|
|||||||
DENYUSER='DenyUsers[[:space:]]*nobody'
|
DENYUSER='DenyUsers[[:space:]]*nobody'
|
||||||
DENYGROUP='DenyGroups[[:space:]]*nobody'
|
DENYGROUP='DenyGroups[[:space:]]*nobody'
|
||||||
|
|
||||||
|
ALLOWUSER_KEY='AllowUsers'
|
||||||
|
ALLOWGROUP_KEY='AllowGroups'
|
||||||
|
DENYUSER_KEY='DenyUsers'
|
||||||
|
DENYGROUP_KEY='DenyGroups'
|
||||||
|
|
||||||
ALLOWUSER_RET=1
|
ALLOWUSER_RET=1
|
||||||
ALLOWGROUP_RET=1
|
ALLOWGROUP_RET=1
|
||||||
DENYUSER_RET=1
|
DENYUSER_RET=1
|
||||||
@ -33,26 +38,31 @@ audit () {
|
|||||||
crit "$PACKAGE is not installed!"
|
crit "$PACKAGE is not installed!"
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
if [ $(sshd -T | grep -ic $ALLOWUSER) -eq 1 ]; then
|
check_sshd_access_limit $ALLOWUSER_KEY $ALLOWUSER
|
||||||
|
if [ $FNRET != 0 ]; then
|
||||||
crit "AllowUsers is not set!"
|
crit "AllowUsers is not set!"
|
||||||
else
|
else
|
||||||
ok "AllowUsers has set limit."
|
ok "AllowUsers has set limit."
|
||||||
ALLOWUSER_RET=0
|
ALLOWUSER_RET=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $(sshd -T | grep -ic $ALLOWGROUP) -eq 1 ]; then
|
check_sshd_access_limit $ALLOWGROUP_KEY $ALLOWGROUP
|
||||||
|
if [ $FNRET != 0 ]; then
|
||||||
crit "AllowGroups is not set!"
|
crit "AllowGroups is not set!"
|
||||||
else
|
else
|
||||||
ok "AllowGroups has set limit."
|
ok "AllowGroups has set limit."
|
||||||
ALLOWGROUP_RET=0
|
ALLOWGROUP_RET=0
|
||||||
fi
|
fi
|
||||||
if [ $(sshd -T | grep -ic $DENYUSER) -eq 1 ]; then
|
|
||||||
|
check_sshd_access_limit $DENYUSER_KEY $DENYUSER
|
||||||
|
if [ $FNRET != 0 ]; then
|
||||||
crit "DenyUsers is not set!"
|
crit "DenyUsers is not set!"
|
||||||
else
|
else
|
||||||
ok "DenyUsers has set limit."
|
ok "DenyUsers has set limit."
|
||||||
DENYUSER_RET=0
|
DENYUSER_RET=0
|
||||||
fi
|
fi
|
||||||
if [ $(sshd -T | grep -ic $DENYGROUP) -eq 1 ]; then
|
check_sshd_access_limit $DENYGROUP_KEY $DENYGROUP
|
||||||
|
if [ $FNRET != 0 ]; then
|
||||||
crit "DenyGroups is not set!"
|
crit "DenyGroups is not set!"
|
||||||
else
|
else
|
||||||
ok "DenyGroups has set limit."
|
ok "DenyGroups has set limit."
|
||||||
|
|||||||
19
lib/utils.sh
19
lib/utils.sh
@ -1194,3 +1194,22 @@ check_aa_status ()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Check sshd access limit
|
||||||
|
# If not exist key of above, it's fail beacause default is everyone to allow
|
||||||
|
# Example: $1='AllowUsers' $2='AllowUsers[[:space:]]*\*'
|
||||||
|
check_sshd_access_limit ()
|
||||||
|
{
|
||||||
|
if [ $(sshd -T | grep -ic $1) -eq 1 ]; then
|
||||||
|
if [ $(sshd -T | grep -ic $2) -eq 1 ]; then
|
||||||
|
debug "$1 is not set limit!"
|
||||||
|
FNRET=2
|
||||||
|
else
|
||||||
|
debug "$1 has set limit!"
|
||||||
|
FNRET=0
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "Arguments $1 is not exist! By default, login is allowed for all."
|
||||||
|
FNRET=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user