Modify audit and apply methods for 9.3.24

bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh

@@ -14,25 +14,37 @@ set -u # One variable unset, it's over
 
 HARDENING_LEVEL=2
 
+USER='root'
+GROUP='root'
+PERMISSIONS='0600'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $(find /etc/ssh/ -name "*ssh_host*key" ! -uid 0 -o ! -gid 0 | wc -l) -gt 0 ]; then
+		crit "There are file ownership was not set to $USER:$GROUP"
+	else
+		ok "There are file has correct ownership"
+	fi
     if [ $(find /etc/ssh/ -name "*ssh_host*key" -perm /177 | wc -l) -gt 0 ]; then
-        crit "There are file file has a mode more permissive than "0600""
-        FNRET=1
+        crit "There are file file has a mode more permissive than $PERMISSIONS"
     else
-        ok "Not any file has a mode more permissive than "0600""
-        FNRET=0
+        ok "Not any file has a mode more permissive than $PERMISSIONS"
     fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply () {
-    if [ $FNRET = 0 ]; then
-        ok "any file has a mode more permissive than "0600""
-    else
+	if [ $(find /etc/ssh/ -name "*ssh_host*key" ! -uid 0 -o ! -gid 0 | wc -l) -gt 0 ]; then
+		warn "There are file ownership was not set to $USER:$GROUP"
+		find /etc/ssh/ -name "*ssh_host*key" ! -uid 0 -o ! -gid 0 -exec chown $USER:$GROUP {} \;
+	else
+		ok "There are file has correct ownership"
+	fi
+    if [ $(find /etc/ssh/ -name "*ssh_host*key" -perm /177 | wc -l) -gt 0 ]; then
         warn "Set ssh private host key permission to 0600"
-        find /etc/ssh/ -name "*ssh_host*key" -perm /177 -exec chmod 0600 {} \;
+        find /etc/ssh/ -name "*ssh_host*key" -perm /177 -exec chmod $PERMISSIONS {} \;
+    else
+        ok "any file has a mode more permissive than "0600""
     fi
 }