Add method for set OS version to general config.

2019-07-30 19:45:12 +08:00 · 2019-07-30 19:45:12 +08:00 · 58c32abfc6
parent be6f773b1f
commit 58c32abfc6
3 changed files with 29 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -228,7 +228,7 @@ This document is a description of the additions to the sections not included in
 [How to config grub2 password protection](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)  
 [How to persistent iptables rules with debian 9](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_persistent_iptables_rules_with_debian_9.mkd)  
 [How to deploy audisp-remote for auditd log](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd)  
-[how to migrating from iptables to nftables in debian10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md)  
+[How to migrating from iptables to nftables in debian10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_migrating_from_iptables_to_nftables_in_debian10.md)  
 [How to persistent nft rules with debian 10](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_persistent_nft_rules_with_debian_10.mkd)  

 ### Use case docs  
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -23,6 +23,7 @@ AUDIT_ALL_ENABLE_PASSED=0
 ALLOW_SERVICE_LIST=0
 SET_HARDENING_LEVEL=0
 SUDO_MODE=''
+INIT_G_CONFIG=0

 usage() {
    cat << EOF
@ -30,8 +31,11 @@ $LONG_SCRIPT_NAME <RUN_MODE> [OPTIONS], where RUN_MODE is one of:

    --help -h
        Show this help
-
-    --apply
+	
+	--init 
+		Initialize the global configuration file(/etc/default/cis-hardening) based on the release version number
+    
+	--apply
        Apply hardening for enabled scripts.
        Beware that NO confirmation is asked whatsoever, which is why you're warmly
        advised to use --audit before, which can be regarded as a dry-run mode.
@ -140,6 +144,9 @@ while [[ $# > 0 ]]; do
        -h|--help)
            usage
        ;;
+		--init)
+			INIT_G_CONFIG=1
+		;;
        *)
            usage
        ;;
@ -162,6 +169,21 @@ fi
 [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
 [ -r $CIS_ROOT_DIR/lib/utils.sh      ] && . $CIS_ROOT_DIR/lib/utils.sh

+if [ $INIT_G_CONFIG -eq 1 ]; then
+	if [ -r /etc/redhat-release ]; then
+		info "This OS is redhat or CentOS."
+		sed -i 's/^OS_RELEASE=.*/OS_RELEASE=2/g' /etc/default/cis-hardening 
+	elif [ -r /etc/debian_version ]; then
+		info "This OS is Debian."
+		:
+	else
+		crit "This OS not support!"
+		exit 128
+	fi
+	exit 0
+fi
+
+
 # If --allow-service-list is specified, don't run anything, just list the supported services
 if [ "$ALLOW_SERVICE_LIST" = 1 ] ; then
    declare -a HARDENING_EXCEPTIONS_LIST
--- a/debian/default
+++ b/debian/default
@ -1,5 +1,8 @@
-# Default file for CIS Debian hardening scripts
+# Default file for CIS Debian/CentOS hardening scripts

 # Define here root directory for CIS debian hardening scripts
 CIS_ROOT_DIR='/opt/cis-hardening'
+# If distor is Debian, set 1; It's default  
+# If distor is CentOS, set 2;
+OS_RELEASE=1