tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bug

Browse Source
This commit is contained in:
Samson-W 2018-11-21 02:45:33 -05:00
parent 35b75f0779
commit b5cff8047a
4 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/hardening/2.10_home_nodev.sh
View File

@ -46,6 +46,7 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
set -x
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PARTITION is correctly set" ok "$PARTITION is correctly set"
elif [ $FNRET = 2 ]; then elif [ $FNRET = 2 ]; then

4
bin/hardening/2.7_var_log_partition.sh
View File

@ -19,7 +19,6 @@ PARTITION="/var/log"
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ $FNRET -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
@ -32,10 +31,9 @@ audit () {
FNRET=1 FNRET=1
else else
ok "$PARTITION is mounted" ok "$PARTITION is mounted"
FNRET=0
fi fi
fi fi
:
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode

2
bin/hardening/8.5_verify_integrity_packages.sh
View File

@ -4,7 +4,7 @@
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9 Hardening
# #
# #
# 8.5 8.5_Verifies integrity all packages (Scored) # 8.5 Verifies integrity all packages (Scored)
# Authors : Samson wen, Samson <sccxboy@gmail.com> # Authors : Samson wen, Samson <sccxboy@gmail.com>
# #

16
lib/utils.sh
View File

@ -268,7 +268,7 @@ is_a_partition() {
local PARTITION=$1 local PARTITION=$1
FNRET=128 FNRET=128
if $(grep "[[:space:]]$1[[:space:]]" /etc/fstab | grep -vqE "^#"); then if $(grep "[[:space:]]*${PARTITION}[[:space:]]*" /etc/fstab | grep -vqE "^#"); then
debug "$PARTITION found in fstab" debug "$PARTITION found in fstab"
FNRET=0 FNRET=0
else else
@ -341,9 +341,17 @@ add_option_to_fstab() {
# UUID=40327bc9-f9d1-5816-a312-df307cc8732e /home ext4 errors=remount-ro 0 2 # UUID=40327bc9-f9d1-5816-a312-df307cc8732e /home ext4 errors=remount-ro 0 2
# UUID=40327bc9-f9d1-5816-a312-df307cc8732e /home ext4 errors=remount-ro,nosuid 0 2 # UUID=40327bc9-f9d1-5816-a312-df307cc8732e /home ext4 errors=remount-ro,nosuid 0 2
# debug "Sed command : sed -ie \"s;\(.*\)\(\s*\)\s\($PARTITION\)\s\(\s*\)\(\w*\)\(\s*\)\(\w*\)*;\1\2 \3 \4\5\6\7,$OPTION;\" /etc/fstab" # debug "Sed command : sed -ie \"s;\(.*\)\(\s*\)\s\($PARTITION\)\s\(\s*\)\(\w*\)\(\s*\)\(\w*\)*;\1\2 \3 \4\5\6\7,$OPTION;\" /etc/fstab"
# sed -ie "s;\(.*\)\(\s*\)\s\($PARTITION\)\s\(\s*\)\(\w*\)\(\s*\)\(\w*\)*;\1\2 \3 \4\5\6\7,$OPTION;" /etc/fstab # sed -ie "s;\(^[^#].*${PARTITION}\)\(\s.*\)\(\s\w.*\)\(\s[0-2]\s*[0-2]\);\1\2\3,${OPTION}\4;" /etc/fstab
debug "Sed -ie "s;\(^[^#].*${PARTITION}\)\(\s.*\)\(\s\w.*\)\(\s[0-2]\s*[0-2]\);\1\2\3,${OPTION}\4;" /etc/fstab" MOUNT_OPTION=$(grep -v "^#" /etc/fstab | awk '$2=="${PARTITION}" {print $4}')
sed -ie "s;\(^[^#].*${PARTITION}\)\(\s.*\)\(\s\w.*\)\(\s[0-2]\s*[0-2]\);\1\2\3,${OPTION}\4;" /etc/fstab CURLINE=$(grep -v "^#" /etc/fstab -n | grep "/home" | awk -F: '{print $1}')
if [ "${MOUNT_OPTION}" == "defaults" ]; then
NEWOP='rw,nosuid,nodev,noexec,auto,async'
sed -i "s${CURLINE}/$MOUNT_OPTION/$NEWOP/"
elif [ $(echo $MOUNT_OPTION | grep -w $(echo $OPTION | cut -c 3-) | wc -l) -gt 0 ]; then
fi
} }
remount_partition() { remount_partition() {