Fix some bugs.

bin/hardening/10.1.7_remove_nopasswd_sudoers.sh

@@ -22,20 +22,26 @@ INCLUDFILE='/etc/sudoers.d/*'
 # This function will be called if the script status is on enabled / audit mode
 audit () 
 {
-    does_pattern_exist_in_file $FILE $NOPASSWD
+	does_file_exist $FILE 
-    if [ $FNRET = 0 ]; then
+    if [ $FNRET != 0 ]; then
-        crit "$NOPASSWD is set on $FILE, it's error conf"
+		crit "$FILE is not exist!"
-        FNRET=1
+		FNRET=2
-    else
+	else
-        ok "$NOPASSWD is not set on $FILE, it's ok"
+    	does_pattern_exist_in_file $FILE $NOPASSWD
-        if [ $(grep -c $NOPASSWD $INCLUDFILE) -gt 0 ]; then 
+    	if [ $FNRET = 0 ]; then
-            crit "$NOPASSWD is set on $INCLUDFILE, it's error conf"
+        	crit "$NOPASSWD is set on $FILE, it's error conf"
-            FNRET=1
+        	FNRET=1
-        else
+    	else
-            ok "$NOPASSWD is not set on $INCLUDFILE, it's ok"
+        	ok "$NOPASSWD is not set on $FILE, it's ok"
-            FNRET=0
+        	if [ $(grep -c $NOPASSWD $INCLUDFILE) -gt 0 ]; then 
-        fi
+            	crit "$NOPASSWD is set on $INCLUDFILE, it's error conf"
-    fi
+            	FNRET=1
+        	else
+            	ok "$NOPASSWD is not set on $INCLUDFILE, it's ok"
+            	FNRET=0
+        	fi
+    	fi
+	fi
 }
 
 # This function will be called if the script status is on enabled mode
@@ -46,6 +52,8 @@ apply () {
         info "$NOPASSWD is set on the $FILE or $INCLUDFILE, need remove"
         backup_file $FILE $INCLUDFILE
         chmod 640 $FILE $INCLUDFILE &&  sed -i -e "s/$NOPASSWD/$PASSWD/g" $FILE $INCLUDFILE && chmod 440 $FILE $INCLUDFILE
+    elif [ $FNRET = 2 ]; then
+		warn "$FILE is not exist! Maybe sudo package not installed."
     fi
 }
 

bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh

@@ -22,20 +22,26 @@ INCLUDFILE='/etc/sudoers.d/*'
 # This function will be called if the script status is on enabled / audit mode
 audit () 
 {
-    does_pattern_exist_in_file $FILE $NOAUTH
+	does_file_exist $FILE 
-    if [ $FNRET = 0 ]; then
+	if [ $FNRET != 0 ]; then
-        crit "$NOAUTH is set on $FILE, it's error conf"
+		crit "$FILE is not exist!"
-        FNRET=1
+		FNRET=2
-    else
+	else
-        ok "$NOAUTH is not set on $FILE, it's ok"
+    	does_pattern_exist_in_file $FILE $NOAUTH
-        if [ $(grep -c $NOAUTH $INCLUDFILE) -gt 0 ]; then 
+    	if [ $FNRET = 0 ]; then
-            crit "$NOAUTH is set on $INCLUDFILE, it's error conf"
+        	crit "$NOAUTH is set on $FILE, it's error conf"
-            FNRET=1
+        	FNRET=1
-        else
+    	else
-            ok "$NOAUTH is not set on $INCLUDFILE, it's ok"
+        	ok "$NOAUTH is not set on $FILE, it's ok"
-            FNRET=0
+        	if [ $(grep -c $NOAUTH $INCLUDFILE) -gt 0 ]; then 
-        fi
+            	crit "$NOAUTH is set on $INCLUDFILE, it's error conf"
-    fi
+            	FNRET=1
+        	else
+            	ok "$NOAUTH is not set on $INCLUDFILE, it's ok"
+            	FNRET=0
+        	fi
+    	fi
+	fi
 }
 
 # This function will be called if the script status is on enabled mode
@@ -46,6 +52,8 @@ apply () {
         info "$NOAUTH is set on the $FILE or $INCLUDFILE, need remove"
         backup_file $FILE $INCLUDFILE
         chmod 640 $FILE $INCLUDFILE &&  sed -i -e "s/$NOAUTH/$AUTHENTICATE/g" $FILE $INCLUDFILE && chmod 440 $FILE $INCLUDFILE
+    elif [ $FNRET = 1 ]; then
+		warn "$FILE is not exist! Maybe sudo package not installed."
     fi
 }
 

bin/hardening/8.1.12_record_privileged_commands.sh

@@ -14,8 +14,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 # Find all files with setuid or setgid set
-SUDO_CMD='sudo -n'
+AUDIT_PARAMS=$(find / -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print \
-AUDIT_PARAMS=$($SUDO_CMD find / -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print \
 "-a always,exit -F path=" $1 " -F perm=x -F auid>=1000 -F auid!=4294967295 \
 -k privileged" }')
 FILE='/etc/audit/rules.d/audit.rules'