tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add audit and apply methods for screen.

This commit is contained in:
Samson-W 2018-09-05 17:59:33 +08:00
parent 11ea940951
commit 7a0c112334
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
bin/hardening/5.7_enable_screen.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
#
#
# 5.7 Install screen (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
PACKAGE='screen'
# This function will be called if the script status is on enabled / audit mode
audit () {
is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed"
else
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
fi
}
# This function will check config parameters required
check_config() {
:
}
# Source Root Dir Parameter
if [ -r /etc/default/cis-hardening ]; then
. /etc/default/cis-hardening
fi
if [ -z "$CIS_ROOT_DIR" ]; then
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
echo "Cannot source CIS_ROOT_DIR variable, aborting."
exit 128
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
. $CIS_ROOT_DIR/lib/main.sh
else
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
exit 128
fi

2
docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
View File

@ -6,7 +6,7 @@ Profile Applicability:
Level 5 Level 5
Description: Description:
Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection.Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash. Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash.
Rationale: Rationale:
Verify integrity all packages features to to monitor the files of the packages installed by the system. Verify integrity all packages features to to monitor the files of the packages installed by the system.