tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some bugs for CentOS8.

This commit is contained in:
Samson-W 2019-12-28 03:51:09 +08:00
parent 816c101241
commit 912ba677ff
37 changed files with 71 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/10.1.10_set_maxlogins_for_all_accounts.sh
View File

@ -59,7 +59,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
warn "$PACKAGE is not installed, need install."
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "$FILE is not exist, need manual check."
elif [ $FNRET = 3 ]; then

2
bin/hardening/10.1.1_set_password_exp_days.sh
View File

@ -51,7 +51,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1)
SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2)

2
bin/hardening/10.1.2_set_password_min_days_change.sh
View File

@ -51,7 +51,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1)
SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2)

2
bin/hardening/10.1.3_set_password_exp_warning_days.sh
View File

@ -50,7 +50,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
SSH_PARAM=$(echo $OPTIONS | cut -d= -f 1)
SSH_VALUE=$(echo $OPTIONS | cut -d= -f 2)

2
bin/hardening/10.1.4_set_password_encrypt_method.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

8
bin/hardening/10.1.6_remove_nopasswd_sudoers.sh
View File

@ -50,8 +50,12 @@ apply () {
ok "APPLY: $NOPASSWD is not set on $FILE, it's ok"
elif [ $FNRET = 1 ]; then
info "$NOPASSWD is set on the $FILE or $INCLUDFILE, need remove"
backup_file $FILE $INCLUDFILE
chmod 640 $FILE $INCLUDFILE && sed -i -e "s/$NOPASSWD/$PASSWD/g" $FILE $INCLUDFILE && chmod 440 $FILE $INCLUDFILE
backup_file $FILE
chmod 640 $FILE && sed -i -e "s/$NOPASSWD/$PASSWD/g" $FILE && chmod 440 $FILE
if [ $(ls $(dirname $INCLUDFILE) | wc -l) -gt 0 ]; then
backup_file $INCLUDFILE
chmod 640 $INCLUDFILE && sed -i -e "s/$NOPASSWD/$PASSWD/g" $INCLUDFILE && chmod 440 $INCLUDFILE
fi
elif [ $FNRET = 2 ]; then
warn "$FILE is not exist! Maybe sudo package not installed."
fi

2
bin/hardening/10.1.8_set_fail_delay_seconds.sh
View File

@ -55,7 +55,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
crit "$PATTERN is not present in $FILE, add default config to $FILE"
add_line_file_before_pattern $FILE "auth optional pam_faildelay.so delay=4000000" "# Outputs an issue file prior to each login prompt (Replaces the"

2
bin/hardening/10.1.9_set_create_home_bool.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

2
bin/hardening/9.2.11_pam_deny_times_tally2.sh
View File

@ -56,7 +56,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
warn "Apply:$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "Apply:$AUTHPATTERN is not present in $AUTHFILE"
add_line_file_after_pattern "$AUTHFILE" "$AUTHRULE" "$ADDPATTERNLINE"

2
bin/hardening/9.2.12_pam_lockout_failed_tally2.sh
View File

@ -54,7 +54,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
warn "Apply:$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "Apply:$AUTHPATTERN is not present in $AUTHFILE"
add_line_file_after_pattern "$AUTHFILE" "$AUTHRULE" "$ADDPATTERNLINE"

2
bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
View File

@ -53,7 +53,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
ok "$PATTERN is not present in $FILE, not need add"
elif [ $FNRET = 3 ]; then

2
bin/hardening/9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
View File

@ -50,7 +50,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "$PATTERN is not present in $FILE"
add_line_file_before_pattern $FILE "session optional pam_lastlog.so showfailed" "# pam-auth-update(8) for details."

2
bin/hardening/9.2.16_pam_limit_password_reuse.sh
View File

@ -51,7 +51,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "$PATTERN is not present in $FILE"
add_line_file_before_pattern $FILE "password required pam_pwhistory.so remember=5" "# pam-auth-update(8) for details."

2
bin/hardening/9.2.17_pam_even_deny_root_tally2.sh
View File

@ -53,7 +53,7 @@ apply () {
ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then
warn "Apply:$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
elif [ $FNRET = 2 ]; then
warn "Apply:$AUTHPATTERN is not present in $AUTHFILE"
add_line_file_after_pattern "$AUTHFILE" "$AUTHRULE" "$ADDPATTERNLINE"

4
bin/hardening/9.3.10_disable_sshd_setenv.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.11_sshd_ciphers.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.12_sshd_idle_timeout.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.13_sshd_limit_access.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -65,7 +65,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.14_ssh_banner.sh
View File

@ -44,7 +44,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -61,7 +61,7 @@ apply () {
else
info "Parameter $SSH_PARAM is present and activated"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.15_sshd_printlastlog.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.18_sshd_KerberosAuthentication.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.19_sshd_StrictModes.sh
View File

@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

6
bin/hardening/9.3.21_sshd_compression.sh → bin/hardening/9.3.20_sshd_compression.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.21 Set SSHD Compression to no (Scored)
# 9.3.20 Set SSHD Compression to no (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

6
bin/hardening/9.3.22_sshd_MACs.sh → bin/hardening/9.3.21_sshd_MACs.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.22 Set SSHD MACs to hmac-sha2-256,hmac-sha2-512 (Scored)
# 9.3.21 Set SSHD MACs to hmac-sha2-256,hmac-sha2-512 (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

2
bin/hardening/9.3.23_ssh_check_pub_hostkey_permission.sh → bin/hardening/9.3.22_ssh_check_pub_hostkey_permission.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.23 Check SSH public host key permission (Scored)
# 9.3.22 Check SSH public host key permission (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com>
#

2
bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh → bin/hardening/9.3.23_ssh_check_priv_hostkey_permission.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.24 Check SSH private host key permission (Scored)
# 9.3.23 Check SSH private host key permission (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com>
#

4
bin/hardening/9.3.25_sshd_kexalgorithms.sh → bin/hardening/9.3.24_sshd_kexalgorithms.sh
View File

@ -50,7 +50,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -68,7 +68,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload > /dev/null 2>&1
systemctl reload sshd
fi
done
}

6
bin/hardening/9.3.26_sshd_logingracetime.sh → bin/hardening/9.3.25_sshd_logingracetime.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.26 Ensure SSH LoginGraceTime is set to one minute or less (Scored)
# 9.3.25 Ensure SSH LoginGraceTime is set to one minute or less (Scored)
# Auther: Samson-W (sccxboy@gmail.com)
#
@ -46,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -64,7 +64,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.27_sshd_access_limit.sh → bin/hardening/9.3.26_sshd_access_limit.sh
View File

@ -5,7 +5,7 @@
#
#
# 9.3.27 Ensure SSH access is limited (Scored)
# 9.3.26 Ensure SSH access is limited (Scored)
# Auther: Samson-W (sccxboy@gmail.com)
#
@ -68,7 +68,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
if [ $ALLOWUSER_RET -eq 1 ]; then
warn "AllowUsers is not set! Need manual operation set it."

4
bin/hardening/9.3.5_sshd_maxauthtries.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.8_disable_root_login.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

4
bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
View File

@ -45,7 +45,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
@ -63,7 +63,7 @@ apply () {
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
systemctl reload sshd
fi
done
}

8
bin/hardening/9.5_pam_restrict_su.sh
View File

@ -14,11 +14,17 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=3
PACKAGE='login'
PACKAGE_REDHAT='util-linux'
PATTERN='^auth[[:space:]]*required[[:space:]]*pam_wheel.so'
FILE='/etc/pam.d/su'
# This function will be called if the script status is on enabled / audit mode
audit () {
if [ OS_RELEASE -eq 2 ]; then
PACKAGE=$PACKAGE_REDHAT
else
:
fi
is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!"
@ -40,7 +46,7 @@ apply () {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
install_package $PACKAGE
fi
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then