tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-28 16:14:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add method of analogons pakeage check for 6.5: Configure Network Time Protocol.

Browse Source
This commit is contained in:
samson 2019-04-02 03:29:00 +08:00
parent 2ac2c2538b
commit e17aab2467
1 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
bin/hardening/6.5_configure_ntp.sh
View File

@ -6,6 +6,7 @@
# #
# 6.5 Configure Network Time Protocol (NTP) (Scored) # 6.5 Configure Network Time Protocol (NTP) (Scored)
# Modify Author : Samson wen, Samson <sccxboy@gmail.com>
# #
set -e # One error, it's over set -e # One error, it's over
@ -14,6 +15,7 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=3 HARDENING_LEVEL=3
HARDENING_EXCEPTION=ntp HARDENING_EXCEPTION=ntp
ANALOGONS_PKG='chrony'
PACKAGE='ntp' PACKAGE='ntp'
NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)' NTP_CONF_DEFAULT_PATTERN='^restrict -4 default (kod nomodify notrap nopeer noquery|ignore)'
NTP_CONF_FILE='/etc/ntp.conf' NTP_CONF_FILE='/etc/ntp.conf'
@ -22,28 +24,37 @@ NTP_INIT_FILE='/etc/init.d/ntp'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
is_pkg_installed $PACKAGE is_pkg_installed $ANALOGONS_PKG
if [ $FNRET != 0 ]; then if [ $FNRET = 0 ]; then
crit "$PACKAGE is not installed!" ok "Analogons pagkage is installed."
else else
ok "$PACKAGE is installed, checking configuration" is_pkg_installed $PACKAGE
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE" crit "$PACKAGE is not installed!"
else else
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE" ok "$PACKAGE is installed, checking configuration"
fi does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN" if [ $FNRET != 0 ]; then
if [ $FNRET != 0 ]; then crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE" else
else ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE" fi
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
if [ $FNRET != 0 ]; then
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
else
ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
fi
fi fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
is_pkg_installed $ANALOGONS_PKG
if [ $FNRET = 0 ]; then
ok "Analogons pagkage is installed."
else
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
@ -68,6 +79,7 @@ apply () {
else else
ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE" ok "$NTP_INIT_PATTERN found in $NTP_INIT_FILE"
fi fi
fi
} }
# This function will check config parameters required # This function will check config parameters required