tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-09-26 11:19:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix a bug for 4.7

Browse Source
This commit is contained in:
Samson-W 2020-06-26 03:33:53 +08:00
parent 3f7cb765d1
commit 9c29558fad
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bin/hardening/4.7_enable_selinux_policy.sh
View File

@ -14,14 +14,16 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=3
APPARMOR_RUN="/sys/kernel/security/apparmor/"
SELINUXCONF_FILE='/etc/selinux/config'
SELINUXTYPE_VALUE='SELINUXTYPE=default'
APPARMOR_STATUS='/usr/sbin/aa-status'
audit_debian () {
if [ -d $APPARMOR_RUN ]; then
ok "AppArmor was actived. So pass."
return 0
if [ -f "$APPARMOR_STATUS" ]; then
if [ $($APPARMOR_STATUS | grep 'profiles are loaded' | awk '{print $1}') -gt 0 ]; then
ok "AppArmor was actived. So pass."
return 0
fi
fi
does_valid_pattern_exist_in_file $SELINUXCONF_FILE $SELINUXTYPE_VALUE
if [ ${FNRET} -eq 0 ]; then
@ -57,9 +59,11 @@ audit () {
}
apply_debian () {
if [ -d $APPARMOR_RUN ]; then
ok "AppArmor was actived. So pass."
return 0
if [ -f "$APPARMOR_STATUS" ]; then
if [ $($APPARMOR_STATUS | grep 'profiles are loaded' | awk '{print $1}') -gt 0 ]; then
ok "AppArmor was actived. So pass."
return 0
fi
fi
if [ $FNRET = 0 ]; then
ok "SELinux targeted policy was enabled."