tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply check_sshd_conf_for_one_value_runtime for 9.3.12

Browse Source
This commit is contained in:
Samson-W 2020-11-05 14:20:55 +08:00
parent 7eb3f188f5
commit 385bd6e8ba
1 changed files with 46 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
bin/hardening/9.3.12_sshd_idle_timeout.sh
View File

@ -23,50 +23,64 @@ audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
FNRET=5
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" check_sshd_conf_for_one_value_runtime $SSH_PARAM $SSH_VALUE
does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then
if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct."
ok "$PATTERN is present in $FILE" FNRET=0
else else
crit "$PATTERN is not present in $FILE" crit "The keyword value pair "\"$SSH_PARAM $SSH_VALUE\"" does not exist in the sshd runtime configuration."
fi PATTERN="^$SSH_PARAM[[:space:]]*"
PATTERN_INFO="$SSH_PARAM $SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ $FNRET = 0 ]; then
crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect."
FNRET=1
else
crit "$PATTERN_INFO is not present in $FILE"
FNRET=2
fi
fi
done done
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
is_pkg_installed $PACKAGE OPTIONS="ClientAliveInterval=$SSHD_TIMEOUT ClientAliveCountMax=0"
if [ $FNRET = 0 ]; then if [ $FNRET = 5 ]; then
ok "$PACKAGE is installed" warn "$PACKAGE is absent, installing it"
else
crit "$PACKAGE is absent, installing it"
install_package $PACKAGE install_package $PACKAGE
else
:
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" check_sshd_conf_for_one_value_runtime $SSH_PARAM $SSH_VALUE
does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then
if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct."
ok "$PATTERN is present in $FILE" else
else warn "The keyword value pair "\"$SSH_PARAM $SSH_VALUE\"" does not exist in the sshd runtime configuration."
warn "$PATTERN is not present in $FILE, adding it" PATTERN="^$SSH_PARAM[[:space:]]*"
does_pattern_exist_in_file $FILE "^$SSH_PARAM" PATTERN_INFO="$SSH_PARAM $SSH_VALUE"
if [ $FNRET != 0 ]; then does_pattern_exist_in_file $FILE "$PATTERN"
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" if [ $FNRET = 0 ]; then
else warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config"
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1
fi else
systemctl reload sshd warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload"
fi add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
done /etc/init.d/ssh reload > /dev/null 2>&1
fi
fi
done
} }
# This function will create the config file for this check with default values # This function will create the config file for this check with default values