Modify is_service_enabled method for debian 9, and apply to 2.25.

This commit is contained in:
samson 2019-04-01 04:15:09 +08:00
parent c6a43f52c0
commit 5caa36d5af
2 changed files with 42 additions and 18 deletions

View File

@ -31,8 +31,16 @@ apply () {
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then
info "Disabling $SERVICE_NAME"
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
is_debian_9
if [ $FNRET = 0 ]; then
info "Disabling $SERVICE_NAME"
systemctl stop $SERVICE_NAME
systemctl disable $SERVICE_NAME
apt-get -y purge --autoremove $SERVICE_NAME
else
info "Disabling $SERVICE_NAME"
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
fi
else
ok "$SERVICE_NAME is disabled"
fi

View File

@ -1,5 +1,21 @@
# CIS Debian 7 Hardening Utility functions
#
# debian version check
#
is_debian_9()
{
if $(cat /etc/debian_version | grep -q "^9.[0-9]"); then
debug "Debian version is 9.*."
FNRET=0
else
debug "Debian version is not 9.*."
FNRET=1
fi
}
#
# Sysctl
#
@ -203,16 +219,26 @@ does_group_exist() {
is_service_enabled() {
local SERVICE=$1
if [ $($SUDO_CMD find /etc/rc?.d/ -name "S*$SERVICE" -print | wc -l) -gt 0 ]; then
debug "Service $SERVICE is enabled"
FNRET=0
is_debian_9
if [ $FNRET = 0 ]; then
if [ $(systemctl is-enabled $SERVICE | grep -wc "^enabled") -eq 1 ]; then
debug "Service $SERVICE is enabled"
FNRET=0
else
debug "Service $SERVICE is disabled"
FNRET=1
fi
else
debug "Service $SERVICE is disabled"
FNRET=1
if [ $($SUDO_CMD find /etc/rc?.d/ -name "S*$SERVICE" -print | wc -l) -gt 0 ]; then
debug "Service $SERVICE is enabled"
FNRET=0
else
debug "Service $SERVICE is disabled"
FNRET=1
fi
fi
}
#
# Kernel Options checks
#
@ -454,16 +480,6 @@ is_pkg_installed()
fi
}
is_debian_9()
{
if $(cat /etc/debian_version | grep -q "^9.[0-9]"); then
debug "Debian version is 9.*."
FNRET=0
else
debug "Debian version is not 9.*."
FNRET=1
fi
}
verify_integrity_all_packages()
{