Add a new feature: check items for services that do not exist in the current system are not scored.

2018-11-09 18:40:53 +08:00 · 2018-11-09 18:40:53 +08:00 · de3c2822aa
parent cf4c4d668a
commit de3c2822aa
4 changed files with 23 additions and 2 deletions
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -243,8 +243,15 @@ for SCRIPT in $(ls $CIS_ROOT_DIR/bin/hardening/*.sh -v); do
            DISABLED_CHECKS=$((DISABLED_CHECKS+1))
        ;;
    esac
-
-    TOTAL_CHECKS=$((TOTAL_CHECKS+1))
+    if [ $SCRIPT_EXITCODE -eq 3 ]; then
+    {
+        debug "$SCRIPT maybe is nonexist service in this system"
+    }
+    else
+    {
+        TOTAL_CHECKS=$((TOTAL_CHECKS+1))
+    }
+    fi
 
 done

--- a/bin/hardening/2.10.1_home_nosuid.sh
+++ b/bin/hardening/2.10.1_home_nosuid.sh
--- a/lib/common.sh
+++ b/lib/common.sh
@ -63,6 +63,12 @@ crit () {
    CRITICAL_ERRORS_NUMBER=$((CRITICAL_ERRORS_NUMBER+1))
 }

+no_entity() {
+    if [ $MACHINE_LOG_LEVEL -ge 1 ]; then _logger $BGREEN "[ none entity, so it's not scored ] $*"; fi
+    # This variable incrementation is used to measure whether the service exists in tests
+    NONEXISTENT_NUMBER=$((NONEXISTENT_NUMBER+1))
+}
+
 warn () {
    if [ $MACHINE_LOG_LEVEL -ge 2 ]; then _logger $BYELLOW "[WARN] $*"; fi
 }
--- a/lib/main.sh
+++ b/lib/main.sh
@ -2,6 +2,7 @@ LONG_SCRIPT_NAME=$(basename $0)
 SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh}
 # Variable initialization, to avoid crash
 CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed
+NONEXISTENT_NUMBER=0 #This will be used to see if service is exist 
 status=""
 forcedstatus=""
 SUDO_CMD=""
@ -68,6 +69,8 @@ elif [ "$forcedstatus" = "audit" ] ; then
    else
        info "Audit argument passed but script is disabled"
    fi
+elif [ $NONEXISTENT_NUMBER -gt 0 ]; then
+    status=nonexistent
 fi

 if [ -z $status ]; then
@ -75,6 +78,7 @@ if [ -z $status ]; then
    exit 2
 fi

+
 case $status in
    enabled | true )
        info "Checking Configuration"
@ -94,6 +98,10 @@ case $status in
        info "$SCRIPT_NAME is disabled, ignoring"
        exit 2 # Means unknown status
        ;;
+    nonexistent)
+        no_entity "Check ${SCRIPT_NAME} Service is nonexistent "
+        exit 3
+        ;;
    *)
        warn "Wrong value for status : $status. Must be [ enabled | true | audit | disabled | false ]"
        ;;