Fix a bug for 6.18 and update how_to_creating_and_making_an_AMI_public.mkd

bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh

@@ -13,48 +13,38 @@ set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=4
-VIRULSERVER='clamav-daemon'
 CLAMAVCONF_DIR='/etc/clamav/clamd.conf'
 UPDATE_SERVER='clamav-freshclam'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    if [ $(systemctl | grep  $VIRULSERVER | grep "active running" | wc -l) -ne 1 ]; then
+	UPDATE_DIR=$(grep -i databasedirectory "$CLAMAVCONF_DIR" | awk '{print $2}')
-        crit "$VIRULSERVER is not runing"
+	if [ -d $UPDATE_DIR -a -e $CLAMAVCONF_DIR ]; then
-        FNRET=1
+		NOWTIME=$(date +"%s")
-    else
+		# This file extension name maybe change to .cvd or .cld
-        ok "$VIRULSERVER is runing"
+		VIRUSTIME=$(stat -c "%Y" "$UPDATE_DIR"/daily.*)
-        UPDATE_DIR=$(grep -i databasedirectory "$CLAMAVCONF_DIR" | awk '{print $2}')
+		INTERVALTIME=$((${NOWTIME}-${VIRUSTIME}))
-        if [ -d $UPDATE_DIR -a -e $CLAMAVCONF_DIR ]; then
+		if [ "${INTERVALTIME}" -ge 604800 ];then
-            NOWTIME=$(date +"%s")
+			crit "Clamav database file has a date older than seven days from the current date"
-			# This file extension name maybe change to .cvd or .cld
+			FNRET=3
-            VIRUSTIME=$(stat -c "%Y" "$UPDATE_DIR"/daily.*)
+		else
-            INTERVALTIME=$((${NOWTIME}-${VIRUSTIME}))
+			ok "Clamav database file has a date less than seven days from the current date"
-            if [ "${INTERVALTIME}" -ge 604800 ];then
+			FNRET=0
-                crit "Database file has a date older than seven days from the current date"
+		fi
-                FNRET=3
+	else
-            else
+		crit "Clamav config file or update dir is not exist"
-                ok "Database file has a date less than seven days from the current date"
+		FNRET=2
-                FNRET=0
+	fi
-            fi
-        else
-            crit "Clamav config file or update dir is not exist"
-            FNRET=2
-        fi
-    fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply () {
     if [ $FNRET = 0 ]; then
-        ok "Database file has a date less than seven days from the current date"
+        ok "Clamav database file has a date less than seven days from the current date"
-    elif [ $FNRET = 1 ]; then
-        warn "Install $VIRULSERVER"
-        apt-get install -y $VIRULSERVER
     elif [ $FNRET = 2 ]; then
         warn "Clamav config file or update dir is not exist, please check that is exist or check config"
     elif [ $FNRET = 3 ]; then
-        warn "Database file has a date older than seven days from the current date, start clamav-freshclam.service to update"
+        warn "Clamav database file has a date older than seven days from the current date, start clamav-freshclam.service to update"
         apt-get install -y $UPDATE_SERVER
         systemctl start $UPDATE_SERVER
     fi

docs/complianced_image/AMI/how_to_creating_and_making_an_AMI_public.mkd

@@ -77,11 +77,11 @@ admin@ip:/opt/harbian-audit-master# exit
 
 Apply need to apply twice items and that items of must apply after first apply:
 ```
-admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
-admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.32 
 admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.2
 admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.3
 admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.12
+admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg 
+admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.32 
 admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 4.5
 admin@ip:/opt/harbian-audit-master$ sudo reboot 
 ```