tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify the implementation of 2.1 to be compatible with the original version.

Browse Source
This commit is contained in:
Samson-W 2018-08-24 02:28:25 +08:00
parent dc268f3198
commit 9f7c4d56f8
1 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
bin/hardening/2.1_tmp_partition.sh
View File

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit Debian 9 Hardening # harbian audit Debian 7/8/9 Hardening
# #
# #
# 2.1 Create Separate Partition for /tmp (Scored) # 2.1 Create Separate Partition/filesystem for /tmp (Scored)
# #
set -e # One error, it's over set -e # One error, it's over
@ -21,14 +21,32 @@ TMPMOUNTN="/etc/systemd/system/tmp.mount"
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
info "Verifying that $PARTITION is a file system/partition" info "Verifying that $PARTITION is a filesystem/partition"
FNRET=0 FNRET=0
is_mounted "$PARTITION" is_debian_9
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION is not mounted" is_a_partition "$PARTITION"
FNRET=1 if [ $FNRET -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else
ok "$PARTITION is mounted"
fi
fi
else else
ok "$PARTITION is mounted" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
crit "$PARTITION is not mounted"
FNRET=3
else
ok "$PARTITION is mounted"
fi
fi fi
: :
} }
@ -37,16 +55,21 @@ audit () {
apply () { apply () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PARTITION is correctly set" ok "$PARTITION is correctly set"
else elif [ $FNRET = 2 ]; then
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ $FNRET = 1 ];then
info "mounting $PARTITION" info "mounting $PARTITION"
if [ -a $TMPMOUNTN ]; then mount $PARTITION
$SUDO_CMD systemctl enable "$TMPMOUNTNAME" else
elif [ -a $TMPMOUNTO ]; then info "mounting $PARTITION by systemd"
$SUDO_CMD cp $TMPMOUNTO $TMPMOUNTN if [ -a $TMPMOUNTN ]; then
$SUDO_CMD systemctl enable "$TMPMOUNTNAME" $SUDO_CMD systemctl enable "$TMPMOUNTNAME"
fi elif [ -a $TMPMOUNTO ]; then
$SUDO_CMD systemctl daemon-reload $SUDO_CMD cp $TMPMOUNTO $TMPMOUNTN
$SUDO_CMD systemctl start "$TMPMOUNTNAME" $SUDO_CMD systemctl enable "$TMPMOUNTNAME"
fi
$SUDO_CMD systemctl daemon-reload
$SUDO_CMD systemctl start "$TMPMOUNTNAME"
fi fi
} }