tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-27 07:34:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modified 3.1 to be compatible with CentOS.

Browse Source
This commit is contained in:
Samson-W 2019-08-02 17:17:43 +08:00
parent db2f6a5f34
commit 635972c961
1 changed files with 69 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
bin/hardening/3.1_bootloader_ownership.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -16,53 +17,87 @@ HARDENING_LEVEL=1
# Assertion : Grub Based. # Assertion : Grub Based.
FILE='/boot/grub/grub.cfg' FILE='/boot/grub/grub.cfg'
FILE_GRUB2='/boot/grub2/grub.cfg'
USER='root' USER='root'
GROUP='root' GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
has_file_correct_ownership $FILE $USER $GROUP if [ $OS_RELEASE -eq 2 ]; then
if [ $FNRET = 0 ]; then has_file_correct_ownership $FILE_GRUB2 $USER $GROUP
ok "$FILE has correct ownership" if [ $FNRET = 0 ]; then
else ok "$FILE_GRUB2 has correct ownership"
crit "$FILE ownership was not set to $USER:$GROUP" else
fi crit "$FILE_GRUB2 ownership was not set to $USER:$GROUP"
fi
else
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
has_file_correct_ownership $FILE $USER $GROUP if [ $OS_RELEASE -eq 2 ]; then
if [ $FNRET = 0 ]; then has_file_correct_ownership $FILE_GRUB2 $USER $GROUP
ok "$FILE has correct ownership" if [ $FNRET = 0 ]; then
else ok "$FILE_GRUB2 has correct ownership"
info "fixing $FILE ownership to $USER:$GROUP" else
chown $USER:$GROUP $FILE info "fixing $FILE_GRUB2 ownership to $USER:$GROUP"
fi chown $USER:$GROUP $FILE_GRUB2
fi
else
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
fi
} }
# This function will check config parameters required # This function will check config parameters required
check_config() { check_config() {
if [ $OS_RELEASE -eq 2 ]; then
is_pkg_installed "grub2-pc"
else
is_pkg_installed "grub-pc"
fi
if [ $FNRET != 0 ]; then
warn "Grub is not installed, not handling configuration"
exit 128
fi
is_pkg_installed "grub-pc" does_user_exist $USER
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
warn "Grub is not installed, not handling configuration" crit "$USER does not exist"
exit 128 exit 128
fi fi
does_user_exist $USER
if [ $FNRET != 0 ]; then does_group_exist $GROUP
crit "$USER does not exist" if [ $FNRET != 0 ]; then
exit 128 crit "$GROUP does not exist"
fi exit 128
does_group_exist $GROUP fi
if [ $FNRET != 0 ]; then
crit "$GROUP does not exist" if [ $OS_RELEASE -eq 2 ]; then
exit 128 does_file_exist $FILE_GRUB2
fi if [ $FNRET != 0 ]; then
does_file_exist $FILE crit "$FILE_GRUB2 does not exist"
if [ $FNRET != 0 ]; then exit 128
crit "$FILE does not exist" fi
exit 128 else
fi does_file_exist $FILE
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
exit 128
fi
fi
} }
# Source Root Dir Parameter # Source Root Dir Parameter