tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modify 10.1.8 for CentOS8.

This commit is contained in:
Samson-W 2020-01-16 05:00:39 +08:00
parent 665e54898a
commit 3cc483526b
1 changed files with 27 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
bin/hardening/10.1.8_set_fail_delay_seconds.sh
View File

@ -38,17 +38,23 @@ audit_debian () {
} }
audit_redhat () { audit_redhat () {
for SSH_OPTION in $OPTIONS; do SSH_PARAM=$(echo $OPTION | cut -d= -f 1)
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_VALUE=$(echo $OPTION | cut -d= -f 2)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) PATTERN="^$SSH_PARAM[[:space:]]*[[:digit:]]*"
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then
if [ $FNRET = 0 ]; then ok "$SSH_PARAM is present in $FILE"
ok "$PATTERN is present in $FILE" if [ $(grep $PATTERN $FILE | awk '{print $2}') -ge 4 ]; then
ok "$SSH_PARAM is set least four seconds between logon prompts following a failed console logon attempt"
FNRET=0
else else
crit "$PATTERN is not present in $FILE" crit "$SSH_PARAM is not set least four seconds between logon prompts following a failed console logon attempt"
FNRET=2
fi fi
done else
crit "$PATTERN is not present in $FILE"
FNRET=1
fi
} }
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
@ -81,24 +87,17 @@ apply_debian () {
} }
apply_redhat () { apply_redhat () {
for SSH_OPTION in $OPTIONS; do if [ $FNRET = 0 ]; then
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) ok "$SSH_PARAM is set least four seconds between logon prompts following a failed console logon attempt"
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) elif [ $FNRET = 1 ]; then
PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "$PATTERN" add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
if [ $FNRET = 0 ]; then elif [ $FNRET = 2 ]; then
ok "$PATTERN is present in $FILE" warn "Parameter $SSH_PARAM is present but less than $SSH_VALUE -- Fixing"
else replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
warn "$PATTERN is not present in $FILE, adding it" else
does_pattern_exist_in_file $FILE "^$SSH_PARAM" :
if [ $FNRET != 0 ]; then fi
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
fi
done
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
@ -114,7 +113,7 @@ apply () {
check_config() { check_config() {
# CentOS # CentOS
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
OPTIONS='FAIL_DELAY=4' OPTION='FAIL_DELAY=4'
FILE='/etc/login.defs' FILE='/etc/login.defs'
# Debian # Debian
else else