tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix pam-tally2.so is missing in Ubuntu #38, Modify 8.1.26 for support to ubuntu.

Browse Source
This commit is contained in:
Samson-W 2022-09-05 14:14:13 +00:00
parent 297b4fa343
commit 1835a45c0e
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
View File

@ -21,7 +21,7 @@ audit () {
# This feature is only for debian # This feature is only for debian
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
ok "CentOS/Redhat is not support, so pass" ok "CentOS/Redhat is not support, so pass"
elif [ $OS_RELEASE -eq 1 ]; then elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
# define custom IFS and save default one # define custom IFS and save default one
d_IFS=$IFS d_IFS=$IFS
c_IFS=$'\n' c_IFS=$'\n'
@ -52,7 +52,7 @@ apply () {
# This feature is only for debian # This feature is only for debian
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
ok "CentOS/Redhat is not support, so pass" ok "CentOS/Redhat is not support, so pass"
elif [ $OS_RELEASE -eq 1 ]; then elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
IFS=$'\n' IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
@ -77,20 +77,29 @@ apply () {
# This function will check config parameters required # This function will check config parameters required
# Replaced pam_tally2 with faillock in debian 11 # Replaced pam_tally2 with faillock in debian 11
check_config() { check_config() {
is_debian_11 # support to ubuntu
if [ $DONT_AUDITD_BY_UID -eq 1 ]; then if [ $OS_RELEASE -eq 3 ]; then
if [ $FNRET = 1 ]; then if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam'
elif [ $FNRET = 0 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
else
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi fi
else else
if [ $FNRET = 1 ]; then is_debian_11
if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
if [ $FNRET = 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam'
elif [ $FNRET = 0 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
fi
else
if [ $FNRET = 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' -a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
elif [ $FNRET = 0 ]; then elif [ $FNRET = 0 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi
fi fi
fi fi
} }