Add exception method for --allow-service to skip audit and apply.

bin/hardening/14.1_security_related_NAT_slipstreaming.sh

@@ -12,6 +12,7 @@ set -e # One error, it's over
 set -u # One variable unset, it's over
 
 HARDENING_LEVEL=3
+HARDENING_EXCEPTION=sechardened
 
 HARBIAN_SEC_CONF_FILE='/etc/modprobe.d/harbian-security-workaround.conf'
 BLACKLIST_CONF_ITEMS='nf_nat_sip nf_conntrack_sip'
@@ -20,6 +21,9 @@ SYSCTL_EXP_RESULT=0
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $ISEXCEPTION -eq 1 ]; then
+		warn "Exception is set to 1, so it's pass!"
+	else
 		for BLACKLIST_CONF in $BLACKLIST_CONF_ITEMS; do	
 			check_blacklist_module_set $BLACKLIST_CONF
     		if [ $FNRET = 0 ]; then
@@ -40,10 +44,14 @@ audit () {
 		else
 			crit "/proc/sys/net/netfilter/nf_conntrack_helper is not exist, connection tracking may not be enabled, so please determine the risk yourself."
     	fi
+	fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply () {
+	if [ $ISEXCEPTION -eq 1 ]; then
+		warn "Exception is set to 1, so it's pass!"
+	else
 		for BLACKLIST_CONF in $BLACKLIST_CONF_ITEMS; do	
 			check_blacklist_module_set $BLACKLIST_CONF
     		if [ $FNRET = 0 ]; then
@@ -77,6 +85,7 @@ apply () {
 				:
 			fi
 		fi
+	fi
 }
 
 # This function will create the config file for this check with default values