tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix bug for 8.1.3

This commit is contained in:
Samson-W 2018-11-21 16:14:27 -05:00
parent cfd82154af
commit 286434cff2
2 changed files with 30 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/4.5_enable_apparmor.sh
View File

@ -60,7 +60,7 @@ apply () {
apt_install $PACKAGE
done
elif [ $FNRET = 2 ]; then
warn "Set ${SETSTRING} to ${GRUBFILE} in ${GRUBFILE}, need reboot the system and enable AppArmor profiles after set it."
warn "Set ${SETSTRING} to ${GRUBFILE} in ${GRUBFILE}, need to reboot the system and enable AppArmor profiles after setting it."
sed -ie "s;\(${KEYWORD}=\)\(\".*\)\(\"\);\1\2 ${SETSTRING}\3;" ${GRUBFILE}
/usr/sbin/update-grub2
elif [ $FNRET = 3 ]; then

65
bin/hardening/8.1.3_audit_bootloader.sh
View File

@ -2,6 +2,8 @@
#
# harbian audit 7/8/9 Hardening
# Modify author:
# Samson-W (sccxboy@gmail.com)
#
#
@ -14,59 +16,50 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=4
FILE='/etc/default/grub'
OPTIONS='GRUB_CMDLINE_LINUX="audit=1"'
KEYWORD='GRUB_CMDLINE_LINUX'
OPTION='audit'
SETVAL=1
# This function will be called if the script status is on enabled / audit mode
audit () {
does_file_exist $FILE
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
FNRET=1
else
ok "$FILE exists, checking configuration"
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
crit "$PATTERN is not present in $FILE"
if [ $(grep -w "^${KEYWORD}" ${FILE} | grep -c ${OPTION}) -eq 1 ]; then
ok "$OPTION is present in $FILE"
if [ $(grep -w "^${KEYWORD}" $FILE | grep -c "${OPTION}=${SETVAL}") -eq 1 ]; then
ok "${OPTION}'s set is correctly."
FNRET=0
else
crit "${OPTION}'s set is not correctly."
FNRET=3
fi
else
ok "$PATTERN is present in $FILE"
fi
done
crit "$OPTION is not present in $FILE"
FNRET=2
fi
fi
}
# This function will be called if the script status is on enabled mode
apply () {
does_file_exist $FILE
if [ $FNRET != 0 ]; then
if [ $FNRET = 0 ]; then
ok "${OPTION}'s set is correctly."
elif [ $FNRET = 1 ]; then
warn "$FILE does not exist, creating it"
touch $FILE
else
ok "$FILE exists"
elif [ $FNRET = 2 ]; then
warn "$OPTION is not present in $FILE, add it to $KEYWORD line, need to reboot the system after setting it"
sed -ie "s;\(${KEYWORD}=\)\(\".*\)\(\"\);\1\2 ${OPTION}=${SETVAL}\3;" $FILE
/usr/sbin/update-grub2
elif [ $FNRET = 3 ]; then
warn "Parameter $OPTION is present but with the wrong value -- Fixing, need to reboot the system after setting it"
sed -ie "s/${OPTION}=./${OPTION}=${SETVAL}/" $FILE
/usr/sbin/update-grub2
fi
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET != 0 ]; then
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$GRUB_PARAM"
if [ $FNRET != 0 ]; then
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
else
info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
fi
else
ok "$PATTERN is present in $FILE"
fi
done
}
# This function will check config parameters required