tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-27 15:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify audit and apply methods for 9.2.1

Browse Source
This commit is contained in:
Samson-W 2018-09-08 22:29:10 +08:00
parent 3d7bcb9d99
commit b836cabdba
1 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
bin/hardening/9.2.1_enable_cracklib.sh
View File

@ -46,46 +46,51 @@ audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
FNRET=1
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
does_pattern_exist_in_file $FILE $PATTERN does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
check_password_by_pam $OPTION_DCREDIT gt $DCREDIT_CONDT
if [ $FNRET = 0 ]; then
ok "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
else
cirt "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
FNRET=1
fi
#ok "$PATTERN is present in $FILE" #ok "$PATTERN is present in $FILE"
#check_password_by_pam $OPTION_RETRY gt $RETRY_CONDT #check_password_by_pam $OPTION_DCREDIT gt $DCREDIT_CONDT
#if [ $FNRET = 0 ]; then #if [ $FNRET = 0 ]; then
# ok "$OPTION_RETRY set condition is $RETRY_CONDT" # ok "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
#else #else
# crit "$OPTION_RETRY set condition is $RETRY_CONDT" # crit "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
FNRET=1 # FNRET=1
#fi
ok "$PATTERN is present in $FILE"
check_password_by_pam $OPTION_RETRY eq $RETRY_CONDT
if [ $FNRET = 0 ]; then
ok "$OPTION_RETRY set condition is $RETRY_CONDT"
else
crit "$OPTION_RETRY set condition is $RETRY_CONDT"
#FNRET=3
fi
else else
crit "$PATTERN is not present in $FILE" crit "$PATTERN is not present in $FILE"
FNRET=2
fi fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
is_pkg_installed $PACKAGE # is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else elif [ $FNRET = 1 ]; then
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install $PACKAGE
fi elif [ $FNRET = 2 ]; then
does_pattern_exist_in_file $FILE $PATTERN crit "$PATTERN is not present in $FILE, add default config to $FILE"
if [ $FNRET = 0 ]; then
ok "$PATTERN is present in $FILE"
else
crit "$PATTERN is not present in $FILE"
add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details." add_line_file_before_pattern $FILE "password requisite pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
elif [ $FNRET = 3 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 3"
elif [ $FNRET = 4 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 4"
elif [ $FNRET = 5 ]; then
crit "$OPTION_RETRY set is not match legally, reset it 5"
fi fi
} }