Add method of analogons pakeage check for 6.5: Configure Network Time Protocol.

2025-07-28 08:04:57 +02:00 · 2019-04-02 03:29:00 +08:00 · 2019-04-02 03:29:00 +08:00 · e17aab2467
commit e17aab2467
parent 2ac2c2538b
1 changed files with 25 additions and 13 deletions
--- a/bin/hardening/6.5_configure_ntp.sh
+++ b/bin/hardening/6.5_configure_ntp.sh
@ -6,6 +6,7 @@

 #
 # 6.5 Configure Network Time Protocol (NTP) (Scored)
+# Modify Author : Samson wen, Samson <sccxboy@gmail.com>
 #

 set -e # One error, it's over
@ -14,6 +15,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=3
 HARDENING_EXCEPTION=ntp

+ANALOGONS_PKG='chrony'
 PACKAGE='ntp'
 NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)'
 NTP_CONF_FILE='/etc/ntp.conf'
@ -22,28 +24,37 @@ NTP_INIT_FILE='/etc/init.d/ntp'

 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    is_pkg_installed $PACKAGE
-    if [ $FNRET != 0 ]; then
-        crit "$PACKAGE is not installed!"
+    is_pkg_installed $ANALOGONS_PKG
+    if [ $FNRET = 0 ]; then
+        ok "Analogons pagkage is installed."
    else
-        ok "$PACKAGE is installed, checking configuration"
-        does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
+        is_pkg_installed $PACKAGE
        if [ $FNRET != 0 ]; then
-            crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
+            crit "$PACKAGE is not installed!"
        else
-            ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
-        fi
-        does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
-        if [ $FNRET != 0 ]; then
-            crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
-        else
-            ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
+            ok "$PACKAGE is installed, checking configuration"
+            does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
+            if [ $FNRET != 0 ]; then
+                crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
+            else
+                ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
+            fi
+            does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
+            if [ $FNRET != 0 ]; then
+                crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
+            else
+                ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
+            fi
        fi
    fi
 }

 # This function will be called if the script status is on enabled mode
 apply () {
+    is_pkg_installed $ANALOGONS_PKG
+    if [ $FNRET = 0 ]; then
+        ok "Analogons pagkage is installed."
+    else
        is_pkg_installed $PACKAGE
        if [ $FNRET = 0 ]; then
            ok "$PACKAGE is installed"
@ -68,6 +79,7 @@ apply () {
        else
            ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
        fi
+    fi
 }

 # This function will check config parameters required