diff --git a/bin/hardening/9.3.10_disable_sshd_setenv.sh b/bin/hardening/9.3.10_disable_sshd_setenv.sh index e87918e..142c7b9 100755 --- a/bin/hardening/9.3.10_disable_sshd_setenv.sh +++ b/bin/hardening/9.3.10_disable_sshd_setenv.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.14_ssh_banner.sh b/bin/hardening/9.3.14_ssh_banner.sh index bc3947a..e6e1a91 100755 --- a/bin/hardening/9.3.14_ssh_banner.sh +++ b/bin/hardening/9.3.14_ssh_banner.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ apply () { OPTIONS="Banner=$BANNER_FILE" SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.15_sshd_printlastlog.sh b/bin/hardening/9.3.15_sshd_printlastlog.sh index 9107361..d95d018 100755 --- a/bin/hardening/9.3.15_sshd_printlastlog.sh +++ b/bin/hardening/9.3.15_sshd_printlastlog.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh b/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh index b218e95..b0ec740 100755 --- a/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh +++ b/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh b/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh index 20124c6..9e4374a 100755 --- a/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh +++ b/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh b/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh index 837cc10..e09d861 100755 --- a/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh +++ b/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.19_sshd_StrictModes.sh b/bin/hardening/9.3.19_sshd_StrictModes.sh index caabd39..f6cce5c 100755 --- a/bin/hardening/9.3.19_sshd_StrictModes.sh +++ b/bin/hardening/9.3.19_sshd_StrictModes.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.20_sshd_compression.sh b/bin/hardening/9.3.20_sshd_compression.sh index 0ec6f67..87b8abe 100755 --- a/bin/hardening/9.3.20_sshd_compression.sh +++ b/bin/hardening/9.3.20_sshd_compression.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="$SSH_PARAM $SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.25_sshd_logingracetime.sh b/bin/hardening/9.3.25_sshd_logingracetime.sh index fafd216..77ede6f 100755 --- a/bin/hardening/9.3.25_sshd_logingracetime.sh +++ b/bin/hardening/9.3.25_sshd_logingracetime.sh @@ -32,20 +32,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -54,21 +52,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="$SSH_PARAM $SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.2_sshd_loglevel.sh b/bin/hardening/9.3.2_sshd_loglevel.sh index 376085d..da7d379 100755 --- a/bin/hardening/9.3.2_sshd_loglevel.sh +++ b/bin/hardening/9.3.2_sshd_loglevel.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.4_disable_x11_forwarding.sh b/bin/hardening/9.3.4_disable_x11_forwarding.sh index d61f884..77ca6ed 100755 --- a/bin/hardening/9.3.4_disable_x11_forwarding.sh +++ b/bin/hardening/9.3.4_disable_x11_forwarding.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.5_sshd_maxauthtries.sh b/bin/hardening/9.3.5_sshd_maxauthtries.sh index 2e990ba..38c6dde 100755 --- a/bin/hardening/9.3.5_sshd_maxauthtries.sh +++ b/bin/hardening/9.3.5_sshd_maxauthtries.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh index 2559d25..51824a7 100755 --- a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh +++ b/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh index 75b5d90..c7cfa83 100755 --- a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh +++ b/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.8_disable_root_login.sh b/bin/hardening/9.3.8_disable_root_login.sh index 0204a65..967ce03 100755 --- a/bin/hardening/9.3.8_disable_root_login.sh +++ b/bin/hardening/9.3.8_disable_root_login.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;; diff --git a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh index 3f07676..3c4b070 100755 --- a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh +++ b/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh @@ -31,20 +31,18 @@ audit () { if [ $FNRET = 0 ]; then ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." FNRET=0 - elif [ $FNRET = 1 ]; then + else crit "The keyword $SSH_PARAM does not exist in the sshd runtime configuration." - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN="^$SSH_PARAM[[:space:]]*" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" does_pattern_exist_in_file $FILE "$PATTERN" if [ $FNRET = 0 ]; then - ok "$PATTERN is present in $FILE" + crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." FNRET=1 else - crit "$PATTERN is not present in $FILE" + crit "$PATTERN_INFO is not present in $FILE" FNRET=2 fi - else - crit "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect." - FNRET=3 fi fi } @@ -53,21 +51,18 @@ audit () { apply () { SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1) SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2) - PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE" + PATTERN_INFO="$SSH_PARAM $SSH_VALUE" case $FNRET in 0) ok "The value of keyword $SSH_PARAM has set to $SSH_VALUE, it's correct." ;; - 1) warn "$PATTERN is present in $FILE, but runtime conf is incorrect, need reload" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 2) warn "$PATTERN is not present in $FILE, need add to sshd_config and reload" - add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" - /etc/init.d/ssh reload > /dev/null 2>&1 - ;; - 3) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" + 1) warn "The value of keyword $SSH_PARAM is not set to $SSH_VALUE, it's incorrect. Fixing and reload config" replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" /etc/init.d/ssh reload > /dev/null 2>&1 ;; + 2) warn "$PATTERN_INFO is not present in $FILE, need add to sshd_config and reload" + add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" + /etc/init.d/ssh reload > /dev/null 2>&1 + ;; 5) warn "$PACKAGE is absent, installing it" apt_install $PACKAGE ;;