Fix some bugs for 6.18 and lib

2020-01-17 04:04:54 +08:00 · 2020-01-17 04:04:54 +08:00 · 24fd4aacc2
parent 8e0c2dc6e2
commit 24fd4aacc2
2 changed files with 28 additions and 16 deletions
--- a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh
+++ b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh
@ -17,22 +17,28 @@ CLAMAVCONF_DIR='/etc/clamav/clamd.conf'
 UPDATE_SERVER='clamav-freshclam'

 audit_debian () {
-	UPDATE_DIR=$(grep -i databasedirectory "$CLAMAVCONF_DIR" | awk '{print $2}')
-	if [ -d $UPDATE_DIR -a -e $CLAMAVCONF_DIR ]; then
-		NOWTIME=$(date +"%s")
-		# This file extension name maybe change to .cvd or .cld
-		VIRUSTIME=$(stat -c "%Y" "$UPDATE_DIR"/daily.*)
-		INTERVALTIME=$((${NOWTIME}-${VIRUSTIME}))
-		if [ "${INTERVALTIME}" -ge 604800 ];then
-			crit "Clamav database file has a date older than seven days from the current date"
-			FNRET=3
+	does_file_exist $CLAMAVCONF_DIR
+	if [ $FNRET -eq 0 ]; then
+		UPDATE_DIR=$(grep -i databasedirectory "$CLAMAVCONF_DIR" | awk '{print $2}')
+		if [ -d $UPDATE_DIR -a -e $CLAMAVCONF_DIR ]; then
+			NOWTIME=$(date +"%s")
+			# This file extension name maybe change to .cvd or .cld
+			VIRUSTIME=$(stat -c "%Y" "$UPDATE_DIR"/daily.*)
+			INTERVALTIME=$((${NOWTIME}-${VIRUSTIME}))
+			if [ "${INTERVALTIME}" -ge 604800 ];then
+				crit "Clamav database file has a date older than seven days from the current date"
+				FNRET=3
+			else
+				ok "Clamav database file has a date less than seven days from the current date"
+				FNRET=0
+			fi
 		else
-			ok "Clamav database file has a date less than seven days from the current date"
-			FNRET=0
+			crit "Clamav update dir is not configuration"
+			FNRET=2
 		fi
 	else
-		crit "Clamav config file or update dir is not exist"
-		FNRET=2
+			crit "Clamav config file $CLAMAVCONF_DIR not exist"
+			FNRET=1
 	fi
 }

@ -55,12 +61,16 @@ audit () {
 apply_debian () {
    if [ $FNRET = 0 ]; then
        ok "Clamav database file has a date less than seven days from the current date"
+    elif [ $FNRET = 1 ]; then
+        warn "Clamav $CLAMAVCONF_DIR is not exist, please check that is exist or check config"
    elif [ $FNRET = 2 ]; then
-        warn "Clamav config file or update dir is not exist, please check that is exist or check config"
+        warn "Clamav update dir is not exist, please check that is exist or check config"
    elif [ $FNRET = 3 ]; then
        warn "Clamav database file has a date older than seven days from the current date, start clamav-freshclam.service to update"
        apt-get install -y $UPDATE_SERVER
        systemctl start $UPDATE_SERVER
+	else
+		:
    fi
 }

--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -1,6 +1,5 @@
 # CIS Debian 7 Hardening Utility functions

-
 #
 # debian version check 
 #
@ -15,6 +14,9 @@ is_centos_8()
        		debug "CentOS version is less than 8"
        		FNRET=1
 		fi
+	else
+		debug "Current OS is not redhat/CentOS"
+		FNRET=2
 	fi
 }

@ -141,7 +143,7 @@ does_pattern_exist_in_dmesg() {

 does_file_exist() {
    local FILE=$1
-    if $SUDO_CMD [ -e $FILE ]; then
+    if $SUDO_CMD [ -r $FILE ]; then
        FNRET=0
    else
        FNRET=1