Modified utils.sh and 2.25 to be compatible with CentOS.

2019-08-02 04:16:53 +08:00 · 2019-08-02 04:16:53 +08:00 · 359a7c3c5e
parent c9ba18c101
commit 359a7c3c5e
2 changed files with 54 additions and 21 deletions
--- a/bin/hardening/2.25_disable_automounting.sh
+++ b/bin/hardening/2.25_disable_automounting.sh
@ -1,7 +1,8 @@
 #!/bin/bash

 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS  Hardening
+# Modify by: Samson-W (samson@hardenedlinux.org)
 #

 #
@ -38,18 +39,31 @@ apply () {
    	info "Checking if $SERVICE_NAME is enabled"
    	is_service_enabled $SERVICE_NAME
    	if [ $FNRET = 0 ]; then
-        	is_debian_9 
+			if [ $OS_RELEASE -eq 2 ]; then
+				:
+			else
+        		is_debian_9 
+			fi
        	if [ $FNRET = 0 ]; then
            	info "Disabling $SERVICE_NAME"
            	systemctl stop $SERVICE_NAME
            	systemctl disable $SERVICE_NAME
-            	apt-get -y purge --autoremove $SERVICE_NAME
+				if [ $OS_RELEASE -eq 2 ]; then
+					yum -y autoremove $SERVICE_NAME
+				else
+            		apt-get -y purge --autoremove $SERVICE_NAME
+				fi
        	else
            	info "Disabling $SERVICE_NAME"
            	update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
        	fi
    	else
        	ok "$SERVICE_NAME is disabled"
+			if [ $OS_RELEASE -eq 2 ]; then
+				yum -y autoremove $SERVICE_NAME
+			else
+           		apt-get -y purge --autoremove $SERVICE_NAME				
+			fi
    	fi
 	else
        ok "$SERVICE_NAME is not installed"
--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -241,9 +241,14 @@ does_group_exist() {

 is_service_enabled() {
    local SERVICE=$1
-    is_debian_9
+	if [ $OS_RELEASE -eq 2 ]; then
+		FNRET=0
+	else
+    	is_debian_9
+	fi
    if [ $FNRET = 0 ]; then
-        if [ $(systemctl is-enabled $SERVICE | grep -wc "^enabled") -eq 1 ]; then
+		
+        if [ $(systemctl is-active $SERVICE | grep -c "^active") -eq 1 ]; then
            debug "Service $SERVICE is enabled"
            FNRET=0
        else
@ -493,27 +498,41 @@ apt_install()
 is_pkg_installed()
 {
    PKG_NAME=$1
-    if $(dpkg -s $PKG_NAME 2> /dev/null | grep -q '^Status: install ') ; then
-        debug "$PKG_NAME is installed"
-        FNRET=0
-    else
-        debug "$PKG_NAME is not installed"
-        FNRET=1
-    fi
+	if [ $OS_RELEASE -eq 2 ]; then
+		if [ $(rpm -qa | grep -c $PKG_NAME) -gt 0 ]; then
+			debug "$PKG_NAME is installed"
+			FNRET=0
+		else
+			debug "$PKG_NAME is not installed"
+			FNRET=1
+		fi
+	else
+		if $(dpkg -s $PKG_NAME 2> /dev/null | grep -q '^Status: install ') ; then
+			debug "$PKG_NAME is installed"
+			FNRET=0
+		else
+			debug "$PKG_NAME is not installed"
+			FNRET=1
+		fi
+	fi
 }


 verify_integrity_all_packages()
 {
-	dpkg -V > /dev/shm/dpkg_verify_ret
-    if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then
-        debug "Verify integrity all packages is fail"
-		cat /dev/shm/dpkg_verify_ret
-        FNRET=1
-    else
-        debug "Verify integrity all packages is OK"
-        FNRET=0
-    fi
+	if [ $OS_RELEASE -eq 2 ]; then
+		:
+	else
+		dpkg -V > /dev/shm/dpkg_verify_ret
+    	if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then
+        	debug "Verify integrity all packages is fail"
+			cat /dev/shm/dpkg_verify_ret
+        	FNRET=1
+    	else
+        	debug "Verify integrity all packages is OK"
+        	FNRET=0
+    	fi
+	fi
 }

 check_param_pair_by_pam()