From 10fb74a7445bf806fe3796d4ef3db5d9a5f83895 Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Thu, 5 Sep 2019 18:07:19 +0800
Subject: [PATCH] Fix bug of 2.1

---
 bin/hardening/2.1_tmp_partition.sh | 52 +++++++++++++++++++-----------
 lib/utils.sh                       | 18 ++++++++++-
 2 files changed, 50 insertions(+), 20 deletions(-)

diff --git a/bin/hardening/2.1_tmp_partition.sh b/bin/hardening/2.1_tmp_partition.sh
index f062691..6f38206 100755
--- a/bin/hardening/2.1_tmp_partition.sh
+++ b/bin/hardening/2.1_tmp_partition.sh
@@ -16,7 +16,10 @@ HARDENING_LEVEL=2
 
 # Quick factoring as many script use the same logic
 PARTITION="/tmp"
-TMPMOUNTNAME="tmp.mount"
+SERVICENAME="tmp.mount"
+SERVICEPATH_DEBIAN="/usr/share/systemd/tmp.mount"
+REDHAT_SERVICEPATH="/usr/lib/systemd/system/tmp.mount"
+DEBIAN_SERVICEPATH="/lib/systemd/system/tmp.mount"
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
@@ -36,19 +39,12 @@ audit () {
 		fi
 	else
     	warn "$PARTITION is not partition in /etc/fstab, check tmp.mount service"
-		if [ $(systemctl | grep -c "tmp.mount[[:space:]]*loaded[[:space:]]active[[:space:]]mounted") -eq 1 ]; then
-	 		ok "$TMPMOUNTNAME service is active!"
-       		is_mounted "$PARTITION"
-			if [ $FNRET -gt 0 ]; then
-       			warn "$PARTITION is not mounted"
-           		FNRET=3
-        	else
-       			ok "$PARTITION is mounted"
-          		FNRET=0
-			fi
+		is_service_active $SERVICENAME
+		if [ $FNRET -eq 0 ]; then
+	 		ok "$SERVICENAME service is active!"
 		else
-    		crit "$TMPMOUNTNAME service is not active!"
-			FNRET=4			
+    		crit "$SERVICENAME service is inactive!"
+			FNRET=3			
 		fi
 	fi
 }
@@ -63,12 +59,30 @@ apply () {
 		warn "mounting $PARTITION"
         mount $PARTITION
 	elif [ $FNRET = 3 ]; then
-        $SUDO_CMD systemctl daemon-reload
-        $SUDO_CMD systemctl start "$TMPMOUNTNAME"
-	elif [ $FNRET = 4 ]; then
-        $SUDO_CMD systemctl enable "$TMPMOUNTNAME"
-	    $SUDO_CMD systemctl daemon-reload 
-	    $SUDO_CMD systemctl start "$TMPMOUNTNAME"
+		if [ $OS_RELEASE -eq 1 ]; then 
+			if [ -e $DEBIAN_SERVICEPATH ]; then
+				$SUDO_CMD systemctl enable "$SERVICENAME"
+				$SUDO_CMD systemctl daemon-reload
+				$SUDO_CMD systemctl start "$SERVICENAME"
+			else
+				if [ -e $SERVICEPATH_DEBIAN ]; then
+					cp $SERVICEPATH_DEBIAN $DEBIAN_SERVICEPATH
+					$SUDO_CMD systemctl enable "$SERVICENAME"
+					$SUDO_CMD systemctl daemon-reload
+					$SUDO_CMD systemctl start "$SERVICENAME"
+				else
+					crit "System unit file $DEBIAN_SERVICEPATH is not exist!"
+				fi
+			fi
+		elif [ $OS_RELEASE -eq 2 ]; then 
+			if [ -e $REDHAT_SERVICEPATH ]; then
+				$SUDO_CMD systemctl enable "$SERVICENAME"
+				$SUDO_CMD systemctl daemon-reload
+				$SUDO_CMD systemctl start "$SERVICENAME"
+			else
+					crit "System unit file $REDHAT_SERVICEPATH is not exist!"
+			fi
+		fi
 	fi
 }
 
diff --git a/lib/utils.sh b/lib/utils.sh
index 647bda3..75dadd4 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -5,6 +5,22 @@
 # debian version check 
 #
 
+is_debian_ge_9()
+{
+	if [ -r /etc/debian_version ]; then
+    	if [ $(cat /etc/debian_version | awk -F"." '{print $1}') -ge 9 ]; then
+        	debug "Debian version is greater than or equal to 9"
+        	FNRET=0
+    	else
+        	debug "Debian version is less than 9"
+        	FNRET=1
+    	fi
+	else
+		debug "Current OS is not Debian."
+		FNRET=2
+	fi
+}
+
 is_debian_9()
 {
 	if [ -r /etc/debian_version ]; then
@@ -254,7 +270,7 @@ is_service_active() {
 	if [ $OS_RELEASE -eq 2 ]; then
 		FNRET=0
 	else
-    	is_debian_9
+		is_debian_ge_9
 	fi
     if [ $FNRET = 0 ]; then
         if [ $(systemctl is-active $SERVICE | grep -c "^active") -eq 1 ]; then