Modify the implementation of 2.1 to be compatible with the original version.

2018-08-24 02:28:25 +08:00 · 2018-08-24 02:28:25 +08:00 · 9f7c4d56f8
parent dc268f3198
commit 9f7c4d56f8
1 changed files with 39 additions and 16 deletions
--- a/bin/hardening/2.1_tmp_partition.sh
+++ b/bin/hardening/2.1_tmp_partition.sh
@ -1,11 +1,11 @@
 #!/bin/bash

 #
-# harbian audit Debian 9 Hardening
+# harbian audit Debian 7/8/9 Hardening
 #

 #
-# 2.1 Create Separate Partition for /tmp (Scored)
+# 2.1 Create Separate Partition/filesystem for /tmp (Scored)
 #

 set -e # One error, it's over
@ -21,14 +21,32 @@ TMPMOUNTN="/etc/systemd/system/tmp.mount"

 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    info "Verifying that $PARTITION is a file system/partition"
+    info "Verifying that $PARTITION is a filesystem/partition"
    FNRET=0
-    is_mounted "$PARTITION"
+    is_debian_9
    if [ $FNRET -gt 0 ]; then
-    	crit "$PARTITION is not mounted"
-        FNRET=1
+        is_a_partition "$PARTITION"
+        if [ $FNRET -gt 0 ]; then
+            crit "$PARTITION is not a partition"
+            FNRET=2
+        else
+            ok "$PARTITION is a partition"
+            is_mounted "$PARTITION"
+            if [ $FNRET -gt 0 ]; then
+                warn "$PARTITION is not mounted"
+                FNRET=1
+            else
+                ok "$PARTITION is mounted"
+            fi
+        fi
    else
-        ok "$PARTITION is mounted"
+        is_mounted "$PARTITION"
+        if [ $FNRET -gt 0 ]; then
+    	    crit "$PARTITION is not mounted"
+            FNRET=3
+        else
+            ok "$PARTITION is mounted"
+        fi
    fi
    :
 }
@ -37,16 +55,21 @@ audit () {
 apply () {
    if [ $FNRET = 0 ]; then
        ok "$PARTITION is correctly set"
-    else
+    elif [ $FNRET = 2 ]; then
+        crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
+    elif [ $FNRET = 1 ];then 
        info "mounting $PARTITION"
-	if [ -a $TMPMOUNTN ]; then
-		$SUDO_CMD systemctl enable "$TMPMOUNTNAME"
-	elif [ -a $TMPMOUNTO ]; then
-		$SUDO_CMD cp $TMPMOUNTO $TMPMOUNTN
-		$SUDO_CMD systemctl enable "$TMPMOUNTNAME"
-	fi
-	$SUDO_CMD systemctl daemon-reload 
-	$SUDO_CMD systemctl start "$TMPMOUNTNAME"
+        mount $PARTITION
+    else
+        info "mounting $PARTITION by systemd"
+	    if [ -a $TMPMOUNTN ]; then
+		    $SUDO_CMD systemctl enable "$TMPMOUNTNAME"
+	    elif [ -a $TMPMOUNTO ]; then
+		    $SUDO_CMD cp $TMPMOUNTO $TMPMOUNTN
+		    $SUDO_CMD systemctl enable "$TMPMOUNTNAME"
+	    fi
+	    $SUDO_CMD systemctl daemon-reload 
+	    $SUDO_CMD systemctl start "$TMPMOUNTNAME"
    fi
 }