Fix some bugs.

2019-05-21 12:39:45 +08:00 · 2019-05-21 12:39:45 +08:00 · 70b95bd177
parent c591c3f601
commit 70b95bd177
3 changed files with 32 additions and 22 deletions
--- a/bin/hardening/2.25_disable_automounting.sh
+++ b/bin/hardening/2.25_disable_automounting.sh
@ -17,33 +17,43 @@ SERVICE_NAME="autofs"

 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    info "Checking if $SERVICE_NAME is enabled"
-    is_service_enabled $SERVICE_NAME
+	is_pkg_installed $SERVICE_NAME
    if [ $FNRET = 0 ]; then
-        crit "$SERVICE_NAME is enabled"
+    	info "Checking if $SERVICE_NAME is enabled"
+    	is_service_enabled $SERVICE_NAME
+    	if [ $FNRET = 0 ]; then
+        	crit "$SERVICE_NAME is enabled"
+    	else
+        	ok "$SERVICE_NAME is disabled"
+    	fi
    else
-        ok "$SERVICE_NAME is disabled"
-    fi
+        ok "$SERVICE_NAME is not installed"
+	fi
 }

 # This function will be called if the script status is on enabled mode
 apply () {
-    info "Checking if $SERVICE_NAME is enabled"
-    is_service_enabled $SERVICE_NAME
+	is_pkg_installed $SERVICE_NAME
    if [ $FNRET = 0 ]; then
-        is_debian_9 
-        if [ $FNRET = 0 ]; then
-            info "Disabling $SERVICE_NAME"
-            systemctl stop $SERVICE_NAME
-            systemctl disable $SERVICE_NAME
-            apt-get -y purge --autoremove $SERVICE_NAME
-        else
-            info "Disabling $SERVICE_NAME"
-            update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
-        fi
-    else
-        ok "$SERVICE_NAME is disabled"
-    fi
+    	info "Checking if $SERVICE_NAME is enabled"
+    	is_service_enabled $SERVICE_NAME
+    	if [ $FNRET = 0 ]; then
+        	is_debian_9 
+        	if [ $FNRET = 0 ]; then
+            	info "Disabling $SERVICE_NAME"
+            	systemctl stop $SERVICE_NAME
+            	systemctl disable $SERVICE_NAME
+            	apt-get -y purge --autoremove $SERVICE_NAME
+        	else
+            	info "Disabling $SERVICE_NAME"
+            	update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
+        	fi
+    	else
+        	ok "$SERVICE_NAME is disabled"
+    	fi
+	else
+        ok "$SERVICE_NAME is not installed"
+	fi
 }

 # This function will check config parameters required
--- a/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh
+++ b/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh
@ -23,7 +23,7 @@ audit () {
 	check_ipv6_is_enable
 	IPV6_ENABLE=$FNRET
 	if [ $IPV6_ENABLE -eq 0 ]; then
-    	if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o  $(${IPS4} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o  $(${IPS4} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
+    	if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o  $(${IPS6} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o  $(${IPS6} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
 			crit "Ip6tables: Firewall policy is not default deny!"
 			FNRET=1
 		else
--- a/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh
+++ b/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh
@ -54,7 +54,7 @@ audit () {
 			info "Ip6tables: loopback traffic INPUT deny from other interfaces is not configured!"
 		fi 

-		if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq -a $OUTPUT_ACCEPT -eq ]; then
+		if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 ]; then
 			ok "Loopback traffic rules were configured for v6!"
 		else
 			crit "Loopback traffic rules are not configured for v6!"