Add check_audit_is_immutable_mode method in lib/utils.sh and apply the method for 8.1.4

2019-05-18 04:36:55 +08:00 · 2019-05-18 04:36:55 +08:00 · 8856f64d16
parent 0bd15205e9
commit 8856f64d16
2 changed files with 9 additions and 1 deletions
--- a/bin/hardening/8.1.4_record_date_time_edit.sh
+++ b/bin/hardening/8.1.4_record_date_time_edit.sh
@ -59,7 +59,7 @@ apply () {
        if [ $FNRET != 0 ]; then
            warn "$AUDIT_VALUE is not in file $FILE, adding it"
            add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_audit_is_immutable_mode
        else
            ok "$AUDIT_VALUE is present in $FILE"
        fi
--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -872,3 +872,11 @@ check_ipv6_is_enable()
 	fi
 }

+check_audit_is_immutable_mode()
+{
+	if [ $(auditctl -s | head -n 1 | awk '{print $2}') -eq 2 ]; then
+		warn "The audit system is in immutable mode, no rule changes allowed. So must need reboot after adding/modifying the auditd rule!"
+	else
+		eval $(pkill -HUP -P 1 auditd)
+	fi
+}