Optimization tips for 9.2.1~9.2.10
This commit is contained in:
Samson-W
parent
2ba13e7318
commit
19914f08ab
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,27 +80,27 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
|
|
@ -49,9 +49,9 @@ audit () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,25 +80,25 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf, reset"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is not set greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -98,7 +98,7 @@ apply_debian () {
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -99,7 +99,7 @@ apply_debian () {
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -98,9 +98,9 @@ apply_debian () {
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,27 +80,27 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,27 +80,27 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is less than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is less than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,27 +80,27 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is greater than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
|
|
@ -39,9 +39,9 @@ audit_debian () {
|
||||||
ok "$PATTERN is present in $FILE"
|
ok "$PATTERN is present in $FILE"
|
||||||
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_pam $FILE $PAMLIBNAME $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL"
|
||||||
else
|
else
|
||||||
crit "$OPTIONNAME set condition is $CONDT_VAL"
|
crit "$OPTIONNAME set condition is greater than $CONDT_VAL"
|
||||||
#FNRET=3
|
#FNRET=3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -54,9 +54,9 @@ audit_debian () {
|
||||||
audit_redhat () {
|
audit_redhat () {
|
||||||
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME le $CONDT_VAL
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "Option $OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
|
crit "Option $OPTIONNAME set condition is greater than $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
|
|
@ -80,27 +80,27 @@ apply_debian () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$PACKAGE is installed"
|
ok "$PACKAGE is installed"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
crit "$PACKAGE is absent, installing it"
|
warn "$PACKAGE is absent, installing it"
|
||||||
apt_install $PACKAGE
|
apt_install $PACKAGE
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
crit "$PATTERN is not present in $FILE, add default config to $FILE"
|
warn "$PATTERN is not present in $FILE, add default config to $FILE"
|
||||||
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
|
||||||
elif [ $FNRET = 3 ]; then
|
elif [ $FNRET = 3 ]; then
|
||||||
crit "$FILE is not exist, please check"
|
crit "$FILE is not exist, please check"
|
||||||
elif [ $FNRET = 4 ]; then
|
elif [ $FNRET = 4 ]; then
|
||||||
crit "$OPTIONNAME is not conf"
|
warn "$OPTIONNAME is not conf"
|
||||||
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
add_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME=$CONDT_VAL"
|
||||||
elif [ $FNRET = 5 ]; then
|
elif [ $FNRET = 5 ]; then
|
||||||
crit "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
warn "$OPTIONNAME set is not match legally, reset it to $CONDT_VAL"
|
||||||
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
reset_option_to_password_check $FILE $PAMLIBNAME "$OPTIONNAME" "$CONDT_VAL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
apply_redhat () {
|
apply_redhat () {
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
|
ok "$OPTIONNAME set condition is less than or equal to $CONDT_VAL in $FILE_REDHAT"
|
||||||
elif [ $FNRET = 1 ]; then
|
elif [ $FNRET = 1 ]; then
|
||||||
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
warn "Reset option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
|
||||||
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
|
||||||
elif [ $FNRET = 2 ]; then
|
elif [ $FNRET = 2 ]; then
|
||||||
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue