diff --git a/bin/hardening/5.1.2_disable_rsh.sh b/bin/hardening/5.1.2_disable_rsh.sh index 5c90436..24c2729 100755 --- a/bin/hardening/5.1.2_disable_rsh.sh +++ b/bin/hardening/5.1.2_disable_rsh.sh @@ -93,7 +93,7 @@ apply_debian () { apply_redhat () { is_pkg_installed $PACKAGE_REDHAT if [ $FNRET = 0 ]; then - crit "$$PACKAGE_REDHAT is installed, purging it" + crit "$PACKAGE_REDHAT is installed, purging it" yum -y remove $PACKAGE_REDHAT else ok "$PACKAGE_REDHAT is absent" diff --git a/bin/hardening/5.1.7_disable_tftp_server.sh b/bin/hardening/5.1.7_disable_tftp_server.sh deleted file mode 100755 index 52f7fec..0000000 --- a/bin/hardening/5.1.7_disable_tftp_server.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/bin/bash - -# -# harbian audit 7/8/9/10 or CentOS Hardening -# Modify by: Samson-W (samson@hardenedlinux.org) -# - -# -# 5.1.7 Ensure tftp-server is not enabled (Scored) -# - -set -e # One error, it's over -set -u # One variable unset, it's over - -HARDENING_LEVEL=2 - -PACKAGES='tftpd tftpd-hpa atftpd' -FILE='/etc/inetd.conf' -PATTERN='^tftp' -PACKAGE_REDHAT='tftp-server' - -audit_debian () { - for PACKAGE in $PACKAGES; do - is_pkg_installed $PACKAGE - if [ $FNRET = 0 ]; then - warn "$PACKAGE is installed, checking configuration" - does_file_exist $FILE - if [ $FNRET != 0 ]; then - ok "$FILE does not exist" - else - does_pattern_exist_in_file $FILE $PATTERN - if [ $FNRET = 0 ]; then - crit "$PATTERN exists, $PACKAGE services are enabled!" - else - ok "$PATTERN is not present in $FILE" - fi - fi - else - ok "$PACKAGE is absent" - fi - done -} - -audit_redhat () { - is_pkg_installed $PACKAGE_REDHAT - if [ $FNRET = 0 ]; then - crit "$PACKAGE_REDHAT is installed" - else - ok "$PACKAGE_REDHAT is absent" - fi -} - -# This function will be called if the script status is on enabled / audit mode -audit () { - if [ $OS_RELEASE -eq 1 ]; then - audit_debian - elif [ $OS_RELEASE -eq 2 ]; then - audit_redhat - else - crit "Current OS is not support!" - FNRET=44 - fi -} - -apply_debian () { - for PACKAGE in $PACKAGES; do - is_pkg_installed $PACKAGE - if [ $FNRET = 0 ]; then - crit "$PACKAGE is installed, purging it" - apt-get purge $PACKAGE -y - apt-get autoremove - else - ok "$PACKAGE is absent" - fi - does_file_exist $FILE - if [ $FNRET != 0 ]; then - ok "$FILE does not exist" - else - info "$FILE exists, checking patterns" - does_pattern_exist_in_file $FILE $PATTERN - if [ $FNRET = 0 ]; then - warn "$PATTERN is present in $FILE, purging it" - backup_file $FILE - ESCAPED_PATTERN=$(sed "s/|\|(\|)/\\\&/g" <<< $PATTERN) - sed -ie "s/$ESCAPED_PATTERN/#&/g" $FILE - else - ok "$PATTERN is not present in $FILE" - fi - fi - done -} - -apply_redhat () {a - is_pkg_installed $PACKAGE_REDHAT - if [ $FNRET = 0 ]; then - crit "$PACKAGE_REDHAT is installed, purging it" - yum remove $PACKAGE_REDHAT -y - else - ok "$PACKAGE_REDHAT is absent" - fi -} - -# This function will be called if the script status is on enabled mode -apply () { - if [ $OS_RELEASE -eq 1 ]; then - apply_debian - elif [ $OS_RELEASE -eq 2 ]; then - apply_redhat - else - crit "Current OS is not support!" - fi -} -# This function will check config parameters required -check_config() { - : -} - -# Source Root Dir Parameter -if [ -r /etc/default/cis-hardening ]; then - . /etc/default/cis-hardening -fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." - exit 128 -fi - -# Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then - . $CIS_ROOT_DIR/lib/main.sh -else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" - exit 128 -fi diff --git a/bin/hardening/6.9_disable_ftp.sh b/bin/hardening/6.9_disable_ftp.sh index fee2833..e1d1d33 100755 --- a/bin/hardening/6.9_disable_ftp.sh +++ b/bin/hardening/6.9_disable_ftp.sh @@ -1,7 +1,8 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening +# Modify by: Samson-W (samson@hardenedlinux.org) # # @@ -16,9 +17,13 @@ HARDENING_EXCEPTION=ftp # Based on aptitude search '~Pftp-server' PACKAGES='ftpd ftpd-ssl heimdal-servers inetutils-ftpd krb5-ftpd muddleftpd proftpd-basic pure-ftpd pure-ftpd-ldap pure-ftpd-mysql pure-ftpd-postgresql twoftpd-run vsftpd wzdftpd' +PACKAGE_REDHAT='tftp-server vsftpd' # This function will be called if the script status is on enabled / audit mode audit () { + if [ $OS_RELEASE -eq 2 ]; then + PACKAGES=$PACKAGE_REDHAT + fi for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then @@ -35,6 +40,9 @@ audit () { # This function will be called if the script status is on enabled mode apply () { + if [ $OS_RELEASE -eq 2 ]; then + PACKAGES=$PACKAGE_REDHAT + fi for PACKAGE in $PACKAGES; do is_pkg_installed $PACKAGE if [ $FNRET = 0 ]; then @@ -42,8 +50,12 @@ apply () { warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate." else crit "$PACKAGE is installed, purging it" - apt-get purge $PACKAGE -y - apt-get autoremove + if [ $OS_RELEASE -eq 2 ]; then + yum remove $PACKAGE -y + else + apt-get purge $PACKAGE -y + apt-get autoremove + fi fi else ok "$PACKAGE is absent"