Modified utils.sh and 2.25 to be compatible with CentOS.

This commit is contained in:
Samson-W 2019-08-02 04:16:53 +08:00
parent c9ba18c101
commit 359a7c3c5e
2 changed files with 54 additions and 21 deletions

View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -38,18 +39,31 @@ apply () {
info "Checking if $SERVICE_NAME is enabled" info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
is_debian_9 if [ $OS_RELEASE -eq 2 ]; then
:
else
is_debian_9
fi
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
info "Disabling $SERVICE_NAME" info "Disabling $SERVICE_NAME"
systemctl stop $SERVICE_NAME systemctl stop $SERVICE_NAME
systemctl disable $SERVICE_NAME systemctl disable $SERVICE_NAME
apt-get -y purge --autoremove $SERVICE_NAME if [ $OS_RELEASE -eq 2 ]; then
yum -y autoremove $SERVICE_NAME
else
apt-get -y purge --autoremove $SERVICE_NAME
fi
else else
info "Disabling $SERVICE_NAME" info "Disabling $SERVICE_NAME"
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1 update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
fi fi
else else
ok "$SERVICE_NAME is disabled" ok "$SERVICE_NAME is disabled"
if [ $OS_RELEASE -eq 2 ]; then
yum -y autoremove $SERVICE_NAME
else
apt-get -y purge --autoremove $SERVICE_NAME
fi
fi fi
else else
ok "$SERVICE_NAME is not installed" ok "$SERVICE_NAME is not installed"

View File

@ -241,9 +241,14 @@ does_group_exist() {
is_service_enabled() { is_service_enabled() {
local SERVICE=$1 local SERVICE=$1
is_debian_9 if [ $OS_RELEASE -eq 2 ]; then
FNRET=0
else
is_debian_9
fi
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
if [ $(systemctl is-enabled $SERVICE | grep -wc "^enabled") -eq 1 ]; then
if [ $(systemctl is-active $SERVICE | grep -c "^active") -eq 1 ]; then
debug "Service $SERVICE is enabled" debug "Service $SERVICE is enabled"
FNRET=0 FNRET=0
else else
@ -493,27 +498,41 @@ apt_install()
is_pkg_installed() is_pkg_installed()
{ {
PKG_NAME=$1 PKG_NAME=$1
if $(dpkg -s $PKG_NAME 2> /dev/null | grep -q '^Status: install ') ; then if [ $OS_RELEASE -eq 2 ]; then
debug "$PKG_NAME is installed" if [ $(rpm -qa | grep -c $PKG_NAME) -gt 0 ]; then
FNRET=0 debug "$PKG_NAME is installed"
else FNRET=0
debug "$PKG_NAME is not installed" else
FNRET=1 debug "$PKG_NAME is not installed"
fi FNRET=1
fi
else
if $(dpkg -s $PKG_NAME 2> /dev/null | grep -q '^Status: install ') ; then
debug "$PKG_NAME is installed"
FNRET=0
else
debug "$PKG_NAME is not installed"
FNRET=1
fi
fi
} }
verify_integrity_all_packages() verify_integrity_all_packages()
{ {
dpkg -V > /dev/shm/dpkg_verify_ret if [ $OS_RELEASE -eq 2 ]; then
if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then :
debug "Verify integrity all packages is fail" else
cat /dev/shm/dpkg_verify_ret dpkg -V > /dev/shm/dpkg_verify_ret
FNRET=1 if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then
else debug "Verify integrity all packages is fail"
debug "Verify integrity all packages is OK" cat /dev/shm/dpkg_verify_ret
FNRET=0 FNRET=1
fi else
debug "Verify integrity all packages is OK"
FNRET=0
fi
fi
} }
check_param_pair_by_pam() check_param_pair_by_pam()