modify 8.1.10~8.1.16 to be compatible with CentOS, and add new feature to 5.8.

2025-07-31 01:24:58 +02:00 · 2019-08-12 18:56:21 +08:00 · 2019-08-12 18:56:21 +08:00 · d0bbbb9cc7
commit d0bbbb9cc7
parent eb230b20ff
7 changed files with 32 additions and 11 deletions
--- a/bin/hardening/5.8_ensure_installed_sudo.sh
+++ b/bin/hardening/5.8_ensure_installed_sudo.sh
@ -6,6 +6,8 @@
 #
 # 5.8 Ensure sudo is installed (Scored)
 # Add feature: 
 # Ensure sudo log file is set to /var/log/sudo.log 
 # Add new by: 
 # Author : Samson wen, Samson <sccxboy@gmail.com> 
 #
@ -16,27 +18,46 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=2
 PACKAGE='sudo'
-
+CONFIGFILE='/etc/sudoers'
 LOGFILENAME='/var/log/sudo.log'
 LOGFILENAME_REP='\/var\/log\/sudo.log'
 # This function will be called if the script status is on enabled / audit mode
 audit () {
    is_pkg_installed $PACKAGE
    if [ $FNRET != 0 ]; then
        crit "$PACKAGE is not installed!"
-	FNRET=1
+		FNRET=1
    else
        ok "$PACKAGE is installed"
-	FNRET=0
+		if [ $(grep -c "^Defaults.*logfile=" $CONFIGFILE) -eq 1 ]; then
-    fi
+			if [ $(grep "^Defaults.*logfile=" $CONFIGFILE | grep -c "$LOGFILENAME") -eq 1 ]; then
    	    	ok "Log file is set to $LOGFILENAME in $CONFIGFILE"
 				FNRET=0
 			else
 				crit "Log file path was set, but is not set to $LOGFILENAME"
 				FNRET=3
 			fi
 		else
 			crit "sudo Log file is not set in $CONFIGFILE"
 			FNRET=2
 		fi
 	fi
 }
 # This function will be called if the script status is on enabled mode
 apply () {	
    if [ $FNRET = 0 ]; then
        ok "$PACKAGE is installed"
-    else
+    elif [ $FNRET = 1 ]; then
        warn "$PACKAGE is absent, installing it"
        apt_install $PACKAGE
    elif [ $FNRET = 2 ]; then
 		warn "sudo Log file is not set in $CONFIGFILE, add set to"
 		add_end_of_file $CONFIGFILE "Defaults	logfile="$LOGFILENAME""
 	else
 		warn "Log file path was set, but is not set to $LOGFILENAME, modify"
 		replace_in_file $CONFIGFILE "logfile=.*" "logfile=$LOGFILENAME_REP"
    fi
 }
--- a/bin/hardening/8.1.10_record_dac_edit.sh
+++ b/bin/hardening/8.1.10_record_dac_edit.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #
--- a/bin/hardening/8.1.12_record_privileged_commands.sh
+++ b/bin/hardening/8.1.12_record_privileged_commands.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #
--- a/bin/hardening/8.1.13_record_successful_mount.sh
+++ b/bin/hardening/8.1.13_record_successful_mount.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #
--- a/bin/hardening/8.1.14_record_file_deletions.sh
+++ b/bin/hardening/8.1.14_record_file_deletions.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #
--- a/bin/hardening/8.1.15_record_sudoers_edit.sh
+++ b/bin/hardening/8.1.15_record_sudoers_edit.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #
--- a/bin/hardening/8.1.16_record_sudo_usage.sh
+++ b/bin/hardening/8.1.16_record_sudo_usage.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 #