Fix issues #37 need extra checks on audisp path on Ubuntu.

bin/hardening.sh

@@ -205,15 +205,21 @@ fi
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh
 
+### Debian: OS_RELEASE=1  Redhat/centos: OS_RELEASE=2 Ubuntu: OS_RELEASE=3
 # For --init
 if [ $INIT_G_CONFIG -eq 1 ]; then
 	if [ -r /etc/redhat-release ]; then
 		info "This OS is redhat/CentOS."
 		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=2/g' /etc/default/cis-hardening 
 		. /etc/default/cis-hardening
+	elif [ $(grep -i Ubuntu /etc/lsb-release -c) -gt 0 ]; then
+		info "This OS is Ubuntu."
+		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=3/g' /etc/default/cis-hardening 
+		. /etc/default/cis-hardening
 	elif [ -r /etc/debian_version ]; then
 		info "This OS is Debian."
-		:
+		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=1/g' /etc/default/cis-hardening 
+		. /etc/default/cis-hardening
 	else
 		crit "This OS not support!"
 		exit 128
@@ -225,6 +231,8 @@ if [ $OS_RELEASE -eq 1 ]; then
 	info "Start auditing for Debian."
 elif [ $OS_RELEASE -eq 2 ]; then
 	info "Start auditing for redhat/CentOS."
+elif [ $OS_RELEASE -eq 3 ]; then
+	info "Start auditing for Ubuntu."
 else
 	crit "This OS not support!"
 	exit 128
@@ -251,9 +259,9 @@ if [ $FINAL_G_CONFIG -eq 1 ]; then
 
 	# Reinit aide database 
 	info "Will reinitialize the AIDE database"
-	if [ $OS_RELEASE -eq 1 ]; then
+	if [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then
 		aideinit
-	elif [ $OS_RELEASE -eq 2 ]; then
+	elif [ $OS_RELEASE -eq 2]; then
 		aide --init
         mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
 	fi

bin/hardening/8.1.1.5_ensure_set_remote_server.sh

@@ -15,7 +15,6 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 PACKAGE='audispd-plugins'
-FILE='/etc/audisp/audisp-remote.conf'
 PATTERN='remote_server'
 
 # This function will be called if the script status is on enabled / audit mode
@@ -59,7 +58,12 @@ apply () {
 
 # This function will check config parameters required
 check_config() {
-    :
+	#Ubuntu 
+	if [ $OS_RELEASE -eq 3 ]; then
+		FILE='/etc/audit/audisp-remote.conf'
+	else
+		FILE='/etc/audisp/audisp-remote.conf'
+	fi
 }
 
 # Source Root Dir Parameter

bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh

@@ -15,7 +15,6 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 PACKAGE='audispd-plugins'
-FILE='/etc/audisp/audisp-remote.conf'
 PATTERN='enable_krb5'
 SETVALUE='yes'
 
@@ -68,7 +67,12 @@ apply () {
 
 # This function will check config parameters required
 check_config() {
-    :
+	#Ubuntu 
+	if [ $OS_RELEASE -eq 3 ]; then
+		FILE='/etc/audit/audisp-remote.conf'
+	else
+		FILE='/etc/audisp/audisp-remote.conf'
+	fi
 }
 
 # Source Root Dir Parameter

bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh

@@ -15,7 +15,6 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 PACKAGE='audispd-plugins'
-FILE='/etc/audisp/audisp-remote.conf'
 PATTERN='disk_full_action'
 SETVALUE='syslog'
 
@@ -70,7 +69,12 @@ apply () {
 
 # This function will check config parameters required
 check_config() {
-    :
+	#Ubuntu 
+	if [ $OS_RELEASE -eq 3 ]; then
+		FILE='/etc/audit/audisp-remote.conf'
+	else
+		FILE='/etc/audisp/audisp-remote.conf'
+	fi
 }
 
 # Source Root Dir Parameter

bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh

@@ -15,7 +15,6 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 PACKAGE='audispd-plugins'
-FILE='/etc/audisp/audisp-remote.conf'
 PATTERN='network_failure_action'
 SETVALUE='syslog'
 
@@ -70,7 +69,12 @@ apply () {
 
 # This function will check config parameters required
 check_config() {
-    :
+	#Ubuntu 
+	if [ $OS_RELEASE -eq 3 ]; then
+		FILE='/etc/audit/audisp-remote.conf'
+	else
+		FILE='/etc/audisp/audisp-remote.conf'
+	fi
 }
 
 # Source Root Dir Parameter

bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh

@@ -89,8 +89,26 @@ check_config() {
 -a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change
 -a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change
 -a always,exit -F dir=/etc/logrotate.d/ -F perm=wa -k config_file_change'
+	# Ubuntu
+	elif [ $OS_RELEASE -eq 3 ]; then
+		AUDIT_PARAMS='-a always,exit -F path=/etc/audit/audisp-remote.conf -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/fstab -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/hosts.deny -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/login.defs -F perm=wa -k config_file_change
+-a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change
+-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
+-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change
+-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change
+-a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/rsyslog.conf -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change
+-a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change'
 	# Debian
-	else
+	elif [ $OS_RELEASE -eq 1 ]; then
 		AUDIT_PARAMS='-a always,exit -F path=/etc/audisp/audisp-remote.conf -F perm=wa -k config_file_change
 -a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change
 -a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change
@@ -108,6 +126,8 @@ check_config() {
 -a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change
 -a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change
 -a always,exit -F dir=/etc/logrotate.d/ -F perm=wa -k config_file_change'
+	else
+		warn "No support!!!"
 	fi
 }