From 2a1d76d39713692e383d297f1cf493846c106515 Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Sat, 3 Aug 2019 04:17:09 +0800
Subject: [PATCH] Modified 4.1 to be compatible with CentOS.

---
 bin/hardening/4.1_restrict_core_dumps.sh | 55 +++++++++++++++++++++---
 1 file changed, 50 insertions(+), 5 deletions(-)

diff --git a/bin/hardening/4.1_restrict_core_dumps.sh b/bin/hardening/4.1_restrict_core_dumps.sh
index 36159be..d88bb82 100755
--- a/bin/hardening/4.1_restrict_core_dumps.sh
+++ b/bin/hardening/4.1_restrict_core_dumps.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
+#Modify by: Samson-W (samson@hardenedlinux.org)
 #
 
 #
@@ -17,9 +18,9 @@ LIMIT_FILE='/etc/security/limits.conf'
 LIMIT_PATTERN='^\*[[:space:]]*hard[[:space:]]*core[[:space:]]*0$'
 SYSCTL_PARAM='fs.suid_dumpable'
 SYSCTL_EXP_RESULT=0
+SERVICE_NAME='kdump'
 
-# This function will be called if the script status is on enabled / audit mode
-audit () {
+audit_debian () {
     does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
     if [ $FNRET != 0 ]; then
         crit "$LIMIT_PATTERN not present in $LIMIT_FILE"
@@ -36,8 +37,30 @@ audit () {
     fi
 }
 
-# This function will be called if the script status is on enabled mode
-apply () {
+audit_redhat () {
+	is_service_enabled $SERVICE_NAME
+	if [ $FNRET -eq 0 ]; then
+		crit "$SERVICE_NAME is enabled"
+		FNRET=1
+	else
+		ok "$SERVICE_NAME is disabled"
+		FNRET=0
+	fi
+}
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+	if [ $OS_RELEASE -eq 1 ]; then
+        audit_debian
+    elif [ $OS_RELEASE -eq 2 ]; then
+        audit_redhat
+    else
+        crit "Current OS is not support!"
+        FNRET=44
+    fi
+}
+
+apply_debian () {
     does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
     if [ $FNRET != 0 ]; then
         warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of  $LIMIT_FILE"
@@ -57,6 +80,28 @@ apply () {
 
 }
 
+apply_redhat () {
+	if [ $FNRET -eq 1 ]; then
+		info "Disabling $SERVICE_NAME"
+		systemctl stop $SERVICE_NAME
+		systemctl disable $SERVICE_NAME
+	else
+		ok "$SERVICE_NAME is disabled"
+	fi
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+	if [ $OS_RELEASE -eq 1 ]; then
+        apply_debian
+    elif [ $OS_RELEASE -eq 2 ]; then
+        apply_redhat
+    else
+        crit "Current OS is not support!"
+        FNRET=44
+    fi
+}
+
 # This function will check config parameters required
 check_config() {
     :