From 7a0c112334aa3059c3c37abe7ac7f13aa591e26a Mon Sep 17 00:00:00 2001 From: Samson-W Date: Wed, 5 Sep 2018 17:59:33 +0800 Subject: [PATCH] Add audit and apply methods for screen. --- bin/hardening/5.7_enable_screen.sh | 60 +++++++++++++++++++ .../harbian_audit_Debian_9_Benchmark_v0.1.mkd | 2 +- 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100755 bin/hardening/5.7_enable_screen.sh diff --git a/bin/hardening/5.7_enable_screen.sh b/bin/hardening/5.7_enable_screen.sh new file mode 100755 index 0000000..17ce04f --- /dev/null +++ b/bin/hardening/5.7_enable_screen.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# +# harbian audit 7/8/9 Hardening +# + +# +# 5.7 Install screen (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +HARDENING_LEVEL=4 + +PACKAGE='screen' + +# This function will be called if the script status is on enabled / audit mode +audit () { + is_pkg_installed $PACKAGE + if [ $FNRET != 0 ]; then + crit "$PACKAGE is not installed!" + else + ok "$PACKAGE is installed" + fi +} + +# This function will be called if the script status is on enabled mode +apply () { + is_pkg_installed $PACKAGE + if [ $FNRET = 0 ]; then + ok "$PACKAGE is installed" + else + warn "$PACKAGE is absent, installing it" + apt_install $PACKAGE + fi +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ -r /etc/default/cis-hardening ]; then + . /etc/default/cis-hardening +fi +if [ -z "$CIS_ROOT_DIR" ]; then + echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." + echo "Cannot source CIS_ROOT_DIR variable, aborting." + exit 128 +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then + . $CIS_ROOT_DIR/lib/main.sh +else + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + exit 128 +fi diff --git a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd index 5cdf92c..1ef7ff0 100644 --- a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd +++ b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd @@ -6,7 +6,7 @@ Profile Applicability: Level 5 Description: -Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection.Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash. +Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash. Rationale: Verify integrity all packages features to to monitor the files of the packages installed by the system.