From 19d4b01ef87bd0cd755503b64b60f6d6f28ea82c Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Tue, 13 Nov 2018 18:35:40 +0800
Subject: [PATCH] Add audit and apply methods for 10.1.12

---
 .../10.1.11_set_maxlogins_for_all_accounts.sh |  2 +-
 .../10.1.12_ensure_no_shosts_cfg_on_system.sh | 65 +++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100755 bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh

diff --git a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh
index 742ec01..50695d3 100755
--- a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh
+++ b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh
@@ -12,7 +12,7 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
-HARDENING_LEVEL=3
+HARDENING_LEVEL=2
 
 PACKAGE='libpam-modules'
 OPTIONS='maxlogins'
diff --git a/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh b/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh
new file mode 100755
index 0000000..2d8e920
--- /dev/null
+++ b/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+#
+# harbian audit 7/8/9  Hardening
+#
+
+#
+# 10.1.12 Ensure no shosts configure file on system (Scored)
+# Authors : Samson wen, Samson <sccxboy@gmail.com>
+#
+
+set -e # One error, it's over
+set -u # One variable unset, it's over
+
+HARDENING_LEVEL=3
+
+FILENAME='.shosts'
+FILENAME1='shosts.equiv'
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+    COUNT=$(find / -name "${FILENAME}" | wc -l)
+    COUNT1=$(find / -name "${FILENAME1}" | wc -l)
+    if [ "$COUNT" -ne 0 -o "$COUNT1" -ne 0 ]; then
+        crit "$FILENAME or $FILENAME1 file is exist on system."
+        FNRET=1
+    else
+        ok "$FILENAME and $FILENAME1 file is not on system."
+        FNRET=0
+    fi
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+    if [ $FNRET = 0 ]; then
+        ok "$FILENAME and $FILENAME1 file is not on system."
+    elif [ $FNRET = 1 ]; then
+        warn "$FILENAME or $FILENAME1 file is exist on the system, delete all like this name file on the system."
+        find / -name "$FILENAME" -exec rm {} \;
+        find / -name "$FILENAME1" -exec rm {} \;
+    fi
+}
+
+# This function will check config parameters required
+check_config() {
+    :
+}
+
+# Source Root Dir Parameter
+if [ -r /etc/default/cis-hardening ]; then
+    . /etc/default/cis-hardening
+fi
+if [ -z "$CIS_ROOT_DIR" ]; then
+     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    exit 128
+fi
+
+# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+    . $CIS_ROOT_DIR/lib/main.sh
+else
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    exit 128
+fi