tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update how_to_creating_and_making_an_AMI_public.mkd and modify bin/hardening.sh

Browse Source
This commit is contained in:
Samson-W 2019-09-27 17:19:11 +08:00
parent 5a9dc68089
commit 5280e0a3ef
2 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening.sh
View File

@ -211,16 +211,16 @@ if [ $FINAL_G_CONFIG -eq 1 ]; then
USERSNAME=$(cat /etc/passwd | awk -F':' '{if($3>=1000 && $3<65534) {print $1}}') USERSNAME=$(cat /etc/passwd | awk -F':' '{if($3>=1000 && $3<65534) {print $1}}')
for USER in $USERSNAME; do for USER in $USERSNAME; do
RESETCONTIN="n" RESETCONTIN="n"
read -p "Will password of $USER be reset, are you sure to continue?(Y/n)" RESETCONTIN read -p "Will password of $USER be reset, are you sure to continue?(y/N)" RESETCONTIN
if [ "$RESETCONTIN" == "Y" ]; then if [ "$RESETCONTIN" == "y" ]; then
sudo -u $USER passwd passwd $USER
else else
continue continue
fi fi
done done
RESETCONTIN="n" RESETCONTIN="n"
read -p "Will password of root be reset, are you sure to continue?(Y/n)" RESETCONTIN read -p "Will password of root be reset, are you sure to continue?(y/N)" RESETCONTIN
if [ "$RESETCONTIN" == "Y" ]; then if [ "$RESETCONTIN" == "y" ]; then
passwd passwd
fi fi

15
docs/complianced_image/AMI/how_to_creating_and_making_an_AMI_public.mkd
View File

@ -89,7 +89,6 @@ admin@ip:/opt/harbian-audit-master$ sudo reboot
##### Third apply(after reboot) ##### Third apply(after reboot)
Apply need to apply three times items: Apply need to apply three times items:
``` ```
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 4.5
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.1 admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.1
@ -116,14 +115,9 @@ $ sudo rm /opt/harbian-audit-master/tmp/backups/*
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg $ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg
``` ```
#### Final apply
Reset password for all users and reinit aide database:
```
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --final
```
#### Uninstall #### Uninstall
``` ```
$ sudo apt-get purge --autoremove unzip $ sudo apt-get purge --autoremove unzip -y
``` ```
#### Clear the current log: #### Clear the current log:
@ -145,6 +139,13 @@ $ sudo -s
# echo > /var/log/tallylog # echo > /var/log/tallylog
# echo > /var/log/lastlog # echo > /var/log/lastlog
# echo > /var/log/wtmp # echo > /var/log/wtmp
# echo > /var/log/sudo.log
```
#### Final apply
Reset password for all users and reinit aide database:
```
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --final
``` ```
#### Clear bash hostory #### Clear bash hostory