mirror of
https://github.com/hardenedlinux/harbian-audit.git
synced 2025-07-31 01:24:58 +02:00
Fix some bugs for Debian12.
This commit is contained in:
Samson-W
parent
754ff95056
commit
1eecbc633f
@ -8,7 +8,7 @@
|
||||
# 2.17 Set Sticky Bit on All World-Writable Directories (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
#set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
||||
HARDENING_LEVEL=2
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 10 Hardening
|
||||
# harbian-audit for Debian GNU/Linux 10/11/12 Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -15,11 +15,12 @@ set -u # One variable unset, it's over
|
||||
HARDENING_LEVEL=4
|
||||
|
||||
FILE='/etc/audit/rules.d/audit.rules'
|
||||
PACKAGE_NFT='nftables'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
is_debian_10
|
||||
if [ $FNRET != 0 ]; then
|
||||
is_pkg_installed $PACKAGE_NFT
|
||||
if [ $FNRET != 0 ]; then
|
||||
ok "OS not support nft, so pass"
|
||||
else
|
||||
# define custom IFS and save default one
|
||||
@ -43,8 +44,8 @@ audit () {
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
is_debian_10
|
||||
if [ $FNRET != 0 ]; then
|
||||
is_pkg_installed $PACKAGE_NFT
|
||||
if [ $FNRET != 0 ]; then
|
||||
ok "OS not support nft, so pass"
|
||||
else
|
||||
IFS=$'\n'
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -10,7 +10,7 @@
|
||||
#
|
||||
|
||||
set -u # One variable unset, it's over
|
||||
set -e # One error, it's over
|
||||
#set -e # One error, it's over
|
||||
|
||||
HARDENING_LEVEL=4
|
||||
FILE='/etc/audit/rules.d/audit.rules'
|
||||
@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F
|
||||
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -87,10 +87,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1
|
||||
-a always,exit -F path=/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -95,10 +95,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F a
|
||||
-a always,exit -F path=/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change"
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/postdrop -F perm=x -F auid>=10
|
||||
-a always,exit -F path=/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=
|
||||
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F per
|
||||
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -21,7 +21,7 @@ audit () {
|
||||
# This feature is only for debian
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
ok "CentOS/Redhat is not support, so pass"
|
||||
elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
|
||||
else
|
||||
# define custom IFS and save default one
|
||||
d_IFS=$IFS
|
||||
c_IFS=$'\n'
|
||||
@ -52,7 +52,7 @@ apply () {
|
||||
# This feature is only for debian
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
ok "CentOS/Redhat is not support, so pass"
|
||||
elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
|
||||
else
|
||||
IFS=$'\n'
|
||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||
check_audit_path $AUDIT_VALUE
|
||||
@ -85,19 +85,18 @@ AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privilege
|
||||
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
|
||||
fi
|
||||
else
|
||||
is_debian_11
|
||||
if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
|
||||
if [ $FNRET = 1 ]; then
|
||||
if [ $OS_RELEASE -lt 11 ]; then
|
||||
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam
|
||||
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam'
|
||||
elif [ $FNRET = 0 ]; then
|
||||
else
|
||||
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
|
||||
fi
|
||||
else
|
||||
if [ $FNRET = 1 ]; then
|
||||
if [ $OS_RELEASE -lt 11 ]; then
|
||||
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
|
||||
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
|
||||
elif [ $FNRET = 0 ]; then
|
||||
else
|
||||
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening
|
||||
# harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>
|
||||
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
|
||||
fi
|
||||
|
||||
if [ $OS_RELEASE -eq 1 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
elif [ $OS_RELEASE -eq 2 ]; then
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
|
||||
else
|
||||
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user