tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modified 6.2~6.6 to be compatible with CentOS.

This commit is contained in:
Samson-W 2019-08-07 23:56:20 +08:00
parent ec1174c2d0
commit d0a730c321
5 changed files with 60 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bin/hardening/6.2_disable_avahi_server.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -15,9 +16,13 @@ HARDENING_LEVEL=3
HARDENING_EXCEPTION=dns HARDENING_EXCEPTION=dns
PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7' PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
PACKAGES_REDHAT='avahi'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -34,6 +39,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -41,8 +49,12 @@ apply () {
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate." warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
else else
crit "$PACKAGE is installed, purging it" crit "$PACKAGE is installed, purging it"
apt-get purge $PACKAGE -y if [ $OS_RELEASE -eq 2 ]; then
apt-get autoremove yum autoremove $PACKAGE -y
else
apt-get purge $PACKAGE -y
apt-get autoremove
fi
fi fi
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"

18
bin/hardening/6.3_disable_print_server.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -15,9 +16,13 @@ HARDENING_LEVEL=3
HARDENING_EXCEPTION=cups HARDENING_EXCEPTION=cups
PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups' PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups'
PACKAGES_REDHAT='cups'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -34,6 +39,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -41,8 +49,12 @@ apply () {
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate." warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
else else
crit "$PACKAGE is installed, purging it" crit "$PACKAGE is installed, purging it"
apt-get purge $PACKAGE -y if [ $OS_RELEASE -eq 2 ]; then
apt-get autoremove yum autoremove $PACKAGE -y
else
apt-get purge $PACKAGE -y
apt-get autoremove
fi
fi fi
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"

18
bin/hardening/6.4_disable_dhcp.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -15,9 +16,13 @@ HARDENING_LEVEL=3
HARDENING_EXCEPTION=dhcp HARDENING_EXCEPTION=dhcp
PACKAGES='udhcpd isc-dhcp-server' PACKAGES='udhcpd isc-dhcp-server'
PACKAGES_REDHAT='dnsmasq'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -34,6 +39,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -41,8 +49,12 @@ apply () {
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate." warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
else else
crit "$PACKAGE is installed, purging it" crit "$PACKAGE is installed, purging it"
apt-get purge $PACKAGE -y if [ $OS_RELEASE -eq 2 ]; then
apt-get autoremove yum autoremove $PACKAGE -y
else
apt-get purge $PACKAGE -y
apt-get autoremove
fi
fi fi
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"

1
bin/hardening/6.5_ensure_time_sync_server_is_installed.sh
View File

@ -14,7 +14,6 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=3 HARDENING_LEVEL=3
PACKAGES='ntp chrony' PACKAGES='ntp chrony'
PACKAGES_COUNT=$(echo $PACKAGES | wc -w)
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {

18
bin/hardening/6.6_disable_ldap.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -15,9 +16,13 @@ HARDENING_LEVEL=3
HARDENING_EXCEPTION=ldap HARDENING_EXCEPTION=ldap
PACKAGES='slapd' PACKAGES='slapd'
PACKAGES_REDHAT='openldap-servers'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -34,6 +39,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGES=$PACKAGES_REDHAT
fi
for PACKAGE in $PACKAGES; do for PACKAGE in $PACKAGES; do
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
@ -41,8 +49,12 @@ apply () {
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate." warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
else else
crit "$PACKAGE is installed, purging it" crit "$PACKAGE is installed, purging it"
apt-get purge $PACKAGE -y if [ $OS_RELEASE -eq 2 ]; then
apt-get autoremove yum autoremove $PACKAGE -y
else
apt-get purge $PACKAGE -y
apt-get autoremove
fi
fi fi
else else
ok "$PACKAGE is absent" ok "$PACKAGE is absent"