tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Combine the functions of 12.4 to 12.1, 12.5 to 12.2, 12.6 to 12.3.

This commit is contained in:
Samson-W 2019-05-14 04:05:04 +08:00
parent 22002609f4
commit a29f621ea7
6 changed files with 33 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/hardening/12.1_etc_passwd_permissions.sh
View File

@ -6,6 +6,7 @@
# #
# 12.1 Verify Permissions on /etc/passwd (Scored) # 12.1 Verify Permissions on /etc/passwd (Scored)
# Modify by: Samson-W (sccxboy@gmail.com)
# #
set -e # One error, it's over set -e # One error, it's over

16
bin/hardening/12.2_etc_shadow_permissions.sh
View File

@ -6,6 +6,7 @@
# #
# 12.2 Verify Permissions on /etc/shadow (Scored) # 12.2 Verify Permissions on /etc/shadow (Scored)
# Modify by: Samson-W (sccxboy@gmail.com)
# #
set -e # One error, it's over set -e # One error, it's over
@ -15,9 +16,17 @@ HARDENING_LEVEL=1
FILE='/etc/shadow' FILE='/etc/shadow'
PERMISSIONS='640' PERMISSIONS='640'
USER='root'
GROUP='shadow'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -28,6 +37,13 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"

16
bin/hardening/12.3_etc_group_permissions.sh
View File

@ -6,6 +6,7 @@
# #
# 12.3 Verify Permissions on /etc/group (Scored) # 12.3 Verify Permissions on /etc/group (Scored)
# Modify by: Samson-W (sccxboy@gmail.com)
# #
set -e # One error, it's over set -e # One error, it's over
@ -15,9 +16,17 @@ HARDENING_LEVEL=1
FILE='/etc/group' FILE='/etc/group'
PERMISSIONS='644' PERMISSIONS='644'
USER='root'
GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -28,6 +37,13 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"

76
bin/hardening/12.4_etc_passwd_ownership.sh
View File

@ -1,76 +0,0 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
#
#
# 12.4 Verify User/Group Ownership on /etc/passwd (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=1
FILE='/etc/passwd'
USER='root'
GROUP='root'
# This function will be called if the script status is on enabled / audit mode
audit () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
}
# This function will check config parameters required
check_config() {
does_user_exist $USER
if [ $FNRET != 0 ]; then
crit "$USER does not exist"
exit 128
fi
does_group_exist $GROUP
if [ $FNRET != 0 ]; then
crit "$GROUP does not exist"
exit 128
fi
does_file_exist $FILE
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
exit 128
fi
}
# Source Root Dir Parameter
if [ -r /etc/default/cis-hardening ]; then
. /etc/default/cis-hardening
fi
if [ -z "$CIS_ROOT_DIR" ]; then
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
echo "Cannot source CIS_ROOT_DIR variable, aborting."
exit 128
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
. $CIS_ROOT_DIR/lib/main.sh
else
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
exit 128
fi

76
bin/hardening/12.5_etc_shadow_ownership.sh
View File

@ -1,76 +0,0 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
#
#
# 12.5 Verify User/Group Ownership on /etc/shadow (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=1
FILE='/etc/shadow'
USER='root'
GROUP='shadow'
# This function will be called if the script status is on enabled / audit mode
audit () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
}
# This function will check config parameters required
check_config() {
does_user_exist $USER
if [ $FNRET != 0 ]; then
crit "$USER does not exist"
exit 128
fi
does_group_exist $GROUP
if [ $FNRET != 0 ]; then
crit "$GROUP does not exist"
exit 128
fi
does_file_exist $FILE
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
exit 128
fi
}
# Source Root Dir Parameter
if [ -r /etc/default/cis-hardening ]; then
. /etc/default/cis-hardening
fi
if [ -z "$CIS_ROOT_DIR" ]; then
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
echo "Cannot source CIS_ROOT_DIR variable, aborting."
exit 128
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
. $CIS_ROOT_DIR/lib/main.sh
else
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
exit 128
fi

76
bin/hardening/12.6_etc_group_ownership.sh
View File

@ -1,76 +0,0 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
#
#
# 12.6 Verify User/Group Ownership on /etc/group (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=1
FILE='/etc/group'
USER='root'
GROUP='root'
# This function will be called if the script status is on enabled / audit mode
audit () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
has_file_correct_ownership $FILE $USER $GROUP
if [ $FNRET = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
fi
}
# This function will check config parameters required
check_config() {
does_user_exist $USER
if [ $FNRET != 0 ]; then
crit "$USER does not exist"
exit 128
fi
does_group_exist $GROUP
if [ $FNRET != 0 ]; then
crit "$GROUP does not exist"
exit 128
fi
does_file_exist $FILE
if [ $FNRET != 0 ]; then
crit "$FILE does not exist"
exit 128
fi
}
# Source Root Dir Parameter
if [ -r /etc/default/cis-hardening ]; then
. /etc/default/cis-hardening
fi
if [ -z "$CIS_ROOT_DIR" ]; then
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
echo "Cannot source CIS_ROOT_DIR variable, aborting."
exit 128
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
. $CIS_ROOT_DIR/lib/main.sh
else
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
exit 128
fi