Fix 10.1.9 if value is greater

2018-10-09 21:27:57 +08:00 · 2018-10-09 21:27:57 +08:00 · caace05766
parent 018766478d
commit caace05766
1 changed files with 20 additions and 22 deletions
--- a/bin/hardening/10.1.9_set_fail_delay_seconds.sh
+++ b/bin/hardening/10.1.9_set_fail_delay_seconds.sh
@ -22,17 +22,26 @@ audit () {
    is_pkg_installed $PACKAGE
    if [ $FNRET != 0 ]; then
        crit "$PACKAGE is not installed!"
+        FNRET=1
    else
        ok "$PACKAGE is installed"
        for SSH_OPTION in $OPTIONS; do
            SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
            SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
-            PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
+            PATTERN="^$SSH_PARAM[[:space:]]*"
            does_pattern_exist_in_file $FILE "$PATTERN"
            if [ $FNRET = 0 ]; then
                ok "$PATTERN is present in $FILE"
+                if [ $(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' /etc/login.defs  | grep FAIL_DELAY | awk '{print $2}') -lt $SSH_VALUE ]; then
+                    crit "$SSH_PARAM value is less than $SSH_VALUE"
+                    FNRET=3
+                else
+                    ok "$SSH_PARAM value is equal or greater to  $SSH_VALUE"
+                    FNRET=0
+                fi
            else
                crit "$PATTERN is not present in $FILE"
+                FNRET=2
            fi
        done
    fi
@ -40,31 +49,20 @@ audit () {

 # This function will be called if the script status is on enabled mode
 apply () {
-    is_pkg_installed $PACKAGE
-    if [ $FNRET = 0 ]; then
-        ok "$PACKAGE is installed"
-    else
-        crit "$PACKAGE is absent, installing it"
-        apt_install $PACKAGE
-    fi
-    for SSH_OPTION in $OPTIONS; do
    SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
    SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
-            PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
-            does_pattern_exist_in_file $FILE "$PATTERN"
    if [ $FNRET = 0 ]; then
-                ok "$PATTERN is present in $FILE"
-            else
-                warn "$PATTERN is not present in $FILE, adding it"
-                does_pattern_exist_in_file $FILE "^$SSH_PARAM"
-                if [ $FNRET != 0 ]; then
+        ok "FAIL_DELAY is set"
+    elif [ $FNRET = 1 ]; then
+        crit "$PACKAGE is absent, installing it"
+        apt_install $PACKAGE
+    elif [ $FNRET = 2 ]; then
+        warn "$SSH_PARAM is not present in $FILE, adding it"
        add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
-                else
+    elif [ $FNRET = 3 ]; then
        info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
        replace_in_file $FILE "^$SSH_PARAM[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
    fi
-            fi
-    done
 }

 # This function will check config parameters required