tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Optimization tips for 9.2.1~9.2.10

This commit is contained in:
Samson-W 2019-08-26 19:14:39 +08:00
parent 2ba13e7318
commit 19914f08ab
10 changed files with 77 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,27 +80,27 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"

4
bin/hardening/9.2.1_pam_retry_cracklib.sh
View File

@ -49,9 +49,9 @@ audit () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else

18
bin/hardening/9.2.2_pam_minlen_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,25 +80,25 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf, reset"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"

10
bin/hardening/9.2.3_pam_dcredit_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is not set greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -98,7 +98,7 @@ apply_debian () {
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"

10
bin/hardening/9.2.4_pam_ucredit_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -99,7 +99,7 @@ apply_debian () {
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"

12
bin/hardening/9.2.5_pam_ocredit_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -98,9 +98,9 @@ apply_debian () {
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"

20
bin/hardening/9.2.6_pam_lcredit_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,27 +80,27 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"

20
bin/hardening/9.2.7_pam_difok_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,27 +80,27 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"

20
bin/hardening/9.2.8_pam_minclass_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,27 +80,27 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"

20
bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh
View File

@ -39,9 +39,9 @@ audit_debian () {
ok "$PATTERN is present in $FILE"
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
else
crit "$OPTIONNAME set condition is $CONDT_VAL"
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
#FNRET=3
fi
else
@ -54,9 +54,9 @@ audit_debian () {
audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
if [ $FNRET = 0 ]; then
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then
@ -80,27 +80,27 @@ apply_debian () {
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
warn "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$FILE is not exist, please check"
elif [ $FNRET = 4 ]; then
crit "$OPTIONNAME is not conf"
warn "$OPTIONNAME is not conf"
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
elif [ $FNRET = 5 ]; then
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
fi
}
apply_redhat () {
if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"