tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-09-26 03:09:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify audit and apply methods for redhat/CentOS to 9.2.14

Browse Source
This commit is contained in:
Samson-W 2020-01-14 15:24:15 +08:00
parent 88d444950a
commit dc2a8d3a51
1 changed files with 57 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
bin/hardening/9.2.14_pam_auth_without_nullpwd_unix.sh
View File

@ -21,8 +21,7 @@ KEYWORD='pam_unix.so'
OPTIONNAME1='nullok' OPTIONNAME1='nullok'
OPTIONNAME2='nullok_secure' OPTIONNAME2='nullok_secure'
# This function will be called if the script status is on enabled / audit mode audit_debian () {
audit () {
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
@ -47,8 +46,31 @@ audit () {
fi fi
} }
# This function will be called if the script status is on enabled mode audit_redhat () {
apply () { for FILE in $FILES; do
does_pattern_exist_in_file $FILE $PATTERN
if [ $FNRET = 0 ]; then
crit "$OPTIONNAME is configured in $FILE"
FNRET=1
else
ok "$OPTIONNAME is not configured in $FILE"
FNRET=0
fi
done
}
# This function will be called if the script status is on enabled / audit mode
audit () {
if [ $OS_RELEASE -eq 1 ]; then
audit_debian
elif [ $OS_RELEASE -eq 1 ]; then
audit_redhat
else
crit "Current OS is not support!"
fi
}
apply_debian () {
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
elif [ $FNRET = 1 ]; then elif [ $FNRET = 1 ]; then
@ -67,9 +89,39 @@ apply () {
fi fi
} }
apply_redhat () {
for FILE in $FILES; do
does_pattern_exist_in_file $FILE $OPTIONNAME
if [ $FNRET = 0 ]; then
crit "$OPTIONNAME is configured in $FILE"
info "Delete option $OPTIONNAME from $FILE"
sed -i "s/$OPTIONNAME//" $FILE
else
ok "$OPTIONNAME is not configured in $FILE"
fi
done
}
# This function will be called if the script status is on enabled mode
apply () {
if [ $OS_RELEASE -eq 1 ]; then
apply_debian
elif [ $OS_RELEASE -eq 1 ]; then
apply_redhat
else
crit "Current OS is not support!"
fi
}
# This function will check config parameters required # This function will check config parameters required
check_config() { check_config() {
: if [ $OS_RELEASE -eq 2 ]; then
PACKAGE='pam'
FILES='/etc/pam.d/system-auth /etc/pam.d/password-auth'
OPTIONNAME='nullok'
else
:
fi
} }
# Source Root Dir Parameter # Source Root Dir Parameter