From 217c3cd020373a5218243e4bb7c8e9e407f50b96 Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Tue, 27 Nov 2018 02:05:23 +0800
Subject: [PATCH] Modify functions for firewall

---
 .../7.7.2_ensure_set_firewall_rules.sh        |  5 +---
 ...ensure_firewall_set_protect_dos_attacks.sh |  8 ++-----
 lib/utils.sh                                  | 23 -------------------
 3 files changed, 3 insertions(+), 33 deletions(-)

diff --git a/bin/hardening/7.7.2_ensure_set_firewall_rules.sh b/bin/hardening/7.7.2_ensure_set_firewall_rules.sh
index 44bb9f5..81f86f3 100755
--- a/bin/hardening/7.7.2_ensure_set_firewall_rules.sh
+++ b/bin/hardening/7.7.2_ensure_set_firewall_rules.sh
@@ -17,12 +17,9 @@ HARDENING_LEVEL=2
 # Quick note here : CIS recommends your iptables rules to be persistent. 
 # Do as you want, but this script does not handle this
 
-PARAM='SETRULE'
-
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    check_iptables_set ${PARAM}
-    if [ $FNRET != 0 ]; then
+    if [ $(/sbin/iptables -S | grep -Ec "^-A|^-I") -eq 0 ]; then
         crit "Iptables is not set rule!"
         FNRET=1
     else
diff --git a/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh b/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh
index 261bdf2..122066c 100755
--- a/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh
+++ b/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 7.7.2 Ensure the Firewall is set rules of protect DOS attacks (Scored)
+# 7.7.3 Ensure the Firewall is set rules of protect DOS attacks (Scored)
 # Add this feature:Authors : Samson wen, Samson <sccxboy@gmail.com>
 #
 
@@ -17,13 +17,9 @@ HARDENING_LEVEL=2
 # Quick note here : CIS recommends your iptables rules to be persistent. 
 # Do as you want, but this script does not handle this
 
-PARAM='SETDOS'
-
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    check_iptables_set ${PARAM}
-    echo "fffffffffffffffffffffffffffffffffffff"
-    if [ $FNRET != 0 ]; then
+    if [ $(/sbin/iptables -S | grep -E "\-m.*limit" | grep -Ec "\-\-limit-burst") -eq 0 ]; then
         crit "Iptables is not set rules of protect DOS attacks!"
         FNRET=1
     else
diff --git a/lib/utils.sh b/lib/utils.sh
index fa15220..9a535f9 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -673,26 +673,3 @@ check_auth_option_nullok_by_pam()
     fi
 }
 
-check_iptables_set()
-{
-    case $1 in
-        SETRULE)
-            COUNTLINE=$(/sbin/iptables -S | grep -Ec "^-A|^-I")
-            if [ ${COUNTLINE} -gt 0 ]; then
-                FNRET=0
-            else
-                FNRET=1
-            fi
-        ;;
-        SETDOS)
-            COUNTLINE=$(/sbin/iptables -S | grep -E "\-m.*limit" | grep -Ec "\-\-limit-burst") 
-            echo "fsfdsfdsfdfffffffffffffffff"
-            if [ ${COUNTLINE} -eq 0 ]; then
-                FNRET=1
-            else
-                FNRET=0
-            fi
-        ;;
-    esac
-}
-