modify 8.1.10~8.1.16 to be compatible with CentOS, and add new feature to 5.8.
This commit is contained in:
parent
eb230b20ff
commit
d0bbbb9cc7
|
@ -6,6 +6,8 @@
|
|||
|
||||
#
|
||||
# 5.8 Ensure sudo is installed (Scored)
|
||||
# Add feature:
|
||||
# Ensure sudo log file is set to /var/log/sudo.log
|
||||
# Add new by:
|
||||
# Author : Samson wen, Samson <sccxboy@gmail.com>
|
||||
#
|
||||
|
@ -16,27 +18,46 @@ set -u # One variable unset, it's over
|
|||
HARDENING_LEVEL=2
|
||||
|
||||
PACKAGE='sudo'
|
||||
|
||||
CONFIGFILE='/etc/sudoers'
|
||||
LOGFILENAME='/var/log/sudo.log'
|
||||
LOGFILENAME_REP='\/var\/log\/sudo.log'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "$PACKAGE is not installed!"
|
||||
FNRET=1
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PACKAGE is installed"
|
||||
FNRET=0
|
||||
fi
|
||||
if [ $(grep -c "^Defaults.*logfile=" $CONFIGFILE) -eq 1 ]; then
|
||||
if [ $(grep "^Defaults.*logfile=" $CONFIGFILE | grep -c "$LOGFILENAME") -eq 1 ]; then
|
||||
ok "Log file is set to $LOGFILENAME in $CONFIGFILE"
|
||||
FNRET=0
|
||||
else
|
||||
crit "Log file path was set, but is not set to $LOGFILENAME"
|
||||
FNRET=3
|
||||
fi
|
||||
else
|
||||
crit "sudo Log file is not set in $CONFIGFILE"
|
||||
FNRET=2
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$PACKAGE is installed"
|
||||
else
|
||||
elif [ $FNRET = 1 ]; then
|
||||
warn "$PACKAGE is absent, installing it"
|
||||
apt_install $PACKAGE
|
||||
elif [ $FNRET = 2 ]; then
|
||||
warn "sudo Log file is not set in $CONFIGFILE, add set to"
|
||||
add_end_of_file $CONFIGFILE "Defaults logfile="$LOGFILENAME""
|
||||
else
|
||||
warn "Log file path was set, but is not set to $LOGFILENAME, modify"
|
||||
replace_in_file $CONFIGFILE "logfile=.*" "logfile=$LOGFILENAME_REP"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue