tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-09-26 03:09:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modified utils.sh and 8.7 to be compatible with CentOS.

Browse Source
This commit is contained in:
Samson-W 2019-08-02 15:44:39 +08:00
parent 359a7c3c5e
commit db2f6a5f34
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/hardening/8.7_verify_integrity_packages.sh
View File

@ -1,14 +1,14 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #
# 8.7 Verifies integrity all packages (Scored) # 8.7 Verifies integrity all packages (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com> # Author : Samson wen, Samson <sccxboy@gmail.com>
# #
set -e # One error, it's over set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over
HARDENING_LEVEL=5 HARDENING_LEVEL=5
@ -25,7 +25,7 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
info "This check item need to confirm manually. No automatic fix is available." warn "This check item need to confirm manually. No automatic fix is available."
} }
# This function will check config parameters required # This function will check config parameters required

28
lib/utils.sh
View File

@ -521,17 +521,29 @@ is_pkg_installed()
verify_integrity_all_packages() verify_integrity_all_packages()
{ {
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
: set +e
rpm -Va > /dev/shm/yum_verify_ret
COUNT=$(cat /dev/shm/yum_verify_ret | wc -l )
if [ $COUNT -gt 0 ]; then
debug "Verify integrity all packages is fail"
cat /dev/shm/yum_verify_ret
rm /dev/shm/yum_verify_ret
FNRET=1
else
debug "Verify integrity all packages is OK"
FNRET=0
fi
set -e
else else
dpkg -V > /dev/shm/dpkg_verify_ret dpkg -V > /dev/shm/dpkg_verify_ret
if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then if [ $(cat /dev/shm/dpkg_verify_ret | wc -l) -gt 0 ]; then
debug "Verify integrity all packages is fail" debug "Verify integrity all packages is fail"
cat /dev/shm/dpkg_verify_ret cat /dev/shm/dpkg_verify_ret
FNRET=1 FNRET=1
else else
debug "Verify integrity all packages is OK" debug "Verify integrity all packages is OK"
FNRET=0 FNRET=0
fi fi
fi fi
} }