From 64bececd2de3f3b8cfc59583ab1e26d1d819db44 Mon Sep 17 00:00:00 2001 From: Samson-W Date: Mon, 22 Feb 2021 03:53:02 +0800 Subject: [PATCH] Fix some bugs for Debian11(bullseye). --- .../1.2_enable_verify_sign_packages_from_repository.sh | 4 ++-- bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh | 4 ++-- lib/utils.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh b/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh index 5aeb68e..e8949ce 100755 --- a/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh +++ b/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh @@ -19,7 +19,7 @@ YUM_CONF='/etc/yum.conf' audit_debian () { - if [ $(grep -v "^#" /etc/apt/ -r | grep -c "${OPTION}.*true") -gt 0 ]; then + if [ $(grep -v "^#" /etc/apt/ -Ir | grep -c "${OPTION}.*true") -gt 0 ]; then crit "The signature of packages option is disable " FNRET=1 else @@ -63,7 +63,7 @@ apply_debian () { ok "The signature of packages option is enable " else warn "Set to enabled signature of packages option" - for CONFFILE in $(grep -i "${OPTION}" /etc/apt/ -r | grep -v "^#" | awk -F: '{print $1}') + for CONFFILE in $(grep -i "${OPTION}" /etc/apt/ -Ir | grep -v "^#" | awk -F: '{print $1}') do sed -i "/${OPTION}/d" ${CONFFILE} #sed -i "s/${OPTION}.*true.*/${OPTION} \"false\";/g" ${CONFFILE} diff --git a/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh b/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh index be56853..ce71e43 100755 --- a/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh +++ b/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh @@ -19,7 +19,7 @@ YUM_OPTION='repo_gpgcheck' YUM_CONFFILE='/etc/yum.conf' audit_debian () { - if [ $(grep -v "^#" /etc/apt/ -r | grep -c "${OPTION}.*true") -gt 0 ]; then + if [ $(grep -v "^#" /etc/apt/ -rI | grep -c "${OPTION}.*true") -gt 0 ]; then crit "The allow insecure repository when by apt update is enable" FNRET=1 else @@ -61,7 +61,7 @@ apply_debian () { ok "The allow insecure repository when by apt update is disable" else warn "Set no allow insecure repository when by apt update" - for CONFFILE in $(grep -i "${OPTION}" /etc/apt/ -r | grep -v "^#" | awk -F: '{print $1}') + for CONFFILE in $(grep -i "${OPTION}" /etc/apt/ -rI | grep -v "^#" | awk -F: '{print $1}') do sed -i "s/${OPTION}.*true.*/${OPTION} \"false\";/g" ${CONFFILE} done diff --git a/lib/utils.sh b/lib/utils.sh index 4189322..46393be 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -1240,7 +1240,7 @@ check_sshd_conf_for_one_value_runtime () # Example: $1='nf_nat_sip' check_blacklist_module_set () { - MODPROBE_CONF_FILE_PATTERN='/etc/modprobe.d/*' + MODPROBE_CONF_FILE_PATTERN="/etc/modprobe.d/*" COUNT=$(grep -w $1 -r $MODPROBE_CONF_FILE_PATTERN | grep "^blacklist" | wc -l) if [ $COUNT -ge 1 ]; then debug "$1 has set in $MODPROBE_CONF_FILE_PATTERN"