tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bugs.

Browse Source
This commit is contained in:
Samson-W 2019-05-21 12:39:45 +08:00
parent c591c3f601
commit 70b95bd177
3 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening/2.25_disable_automounting.sh
View File

@ -17,6 +17,8 @@ SERVICE_NAME="autofs"
# This function will be called if the script status is on enabled / audit mode
audit () {
is_pkg_installed $SERVICE_NAME
if [ $FNRET = 0 ]; then
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then
@ -24,10 +26,15 @@ audit () {
else
ok "$SERVICE_NAME is disabled"
fi
else
ok "$SERVICE_NAME is not installed"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
is_pkg_installed $SERVICE_NAME
if [ $FNRET = 0 ]; then
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then
@ -44,6 +51,9 @@ apply () {
else
ok "$SERVICE_NAME is disabled"
fi
else
ok "$SERVICE_NAME is not installed"
fi
}
# This function will check config parameters required

2
bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh
View File

@ -23,7 +23,7 @@ audit () {
check_ipv6_is_enable
IPV6_ENABLE=$FNRET
if [ $IPV6_ENABLE -eq 0 ]; then
if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
crit "Ip6tables: Firewall policy is not default deny!"
FNRET=1
else

2
bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh
View File

@ -54,7 +54,7 @@ audit () {
info "Ip6tables: loopback traffic INPUT deny from other interfaces is not configured!"
fi
if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq -a $OUTPUT_ACCEPT -eq ]; then
if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 ]; then
ok "Loopback traffic rules were configured for v6!"
else
crit "Loopback traffic rules are not configured for v6!"