tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-30 17:15:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update 9.2.11 9.2.12 9.2.13 for Debian12

Browse Source
This commit is contained in:
Samson-W 2023-06-12 02:18:30 +08:00
parent 03f583ad94
commit 2b6949548f
3 changed files with 25 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bin/hardening/9.2.11_pam_deny_times_tally2.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9 or CentOS 8 Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS 8 Hardening
# #
# #
@ -166,21 +166,12 @@ check_config() {
AUTHRULE='auth required pam_faillock.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_faillock.so deny=3 even_deny_root unlock_time=900'
ADDPATTERNLINE='auth[[:space:]]*required' ADDPATTERNLINE='auth[[:space:]]*required'
elif [ $OS_RELEASE -eq 1 ]; then elif [ $OS_RELEASE -eq 1 ]; then
is_debian_11
# faillock for Debian 11
if [ $FNRET = 0 ]; then
ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHRULE='auth required pam_faillock.so'
else
ISDEBIAN11=0 ISDEBIAN11=0
PAMLIBNAME='pam_tally2.so' PAMLIBNAME='pam_tally2.so'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900'
fi # ubuntu/debian11/debian12
# same to debian11 elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
elif [ $OS_RELEASE -eq 3 ]; then
ISDEBIAN11=1 ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf' SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'

15
bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9 or CentOS 8 Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS 8 Hardening
# #
# #
@ -164,21 +164,12 @@ check_config() {
AUTHRULE='auth required pam_faillock.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_faillock.so deny=3 even_deny_root unlock_time=900'
ADDPATTERNLINE='auth[[:space:]]*required' ADDPATTERNLINE='auth[[:space:]]*required'
elif [ $OS_RELEASE -eq 1 ]; then elif [ $OS_RELEASE -eq 1 ]; then
is_debian_11
# faillock for Debian 11
if [ $FNRET = 0 ]; then
ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHRULE='auth required pam_faillock.so'
else
ISDEBIAN11=0 ISDEBIAN11=0
PAMLIBNAME='pam_tally2.so' PAMLIBNAME='pam_tally2.so'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900'
fi # ubuntu/debian11/debian12
# same to debian11 elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
elif [ $OS_RELEASE -eq 3 ]; then
ISDEBIAN11=1 ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf' SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'

15
bin/hardening/9.2.13_pam_even_deny_root_tally2.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 9 or CentOS 8 Hardening # harbian-audit for Debian GNU/Linux 9/10/11/12 or CentOS 8 Hardening
# #
# #
@ -157,21 +157,12 @@ check_config() {
ADDPATTERNLINE='auth[[:space:]]*required' ADDPATTERNLINE='auth[[:space:]]*required'
DENYROOT='even_deny_root' DENYROOT='even_deny_root'
elif [ $OS_RELEASE -eq 1 ]; then elif [ $OS_RELEASE -eq 1 ]; then
is_debian_11
# faillock for Debian 11
if [ $FNRET = 0 ]; then
ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'
AUTHRULE='auth required pam_faillock.so'
else
ISDEBIAN11=0 ISDEBIAN11=0
PAMLIBNAME='pam_tally2.so' PAMLIBNAME='pam_tally2.so'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_tally2.so'
AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900' AUTHRULE='auth required pam_tally2.so deny=3 even_deny_root unlock_time=900'
fi # ubuntu/debian11/debian12
# same to debian11 elif [ $OS_RELEASE -eq 3 -o $OS_RELEASE -eq 11 -o $OS_RELEASE -eq 12 ]; then
elif [ $OS_RELEASE -eq 3 ]; then
ISDEBIAN11=1 ISDEBIAN11=1
SECCONFFILE='/etc/security/faillock.conf' SECCONFFILE='/etc/security/faillock.conf'
AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so' AUTHPATTERN='^auth[[:space:]]*required[[:space:]]*pam_faillock.so'