From e2313bd1ff646c3646e09fabcbbd2bca6c8eae1a Mon Sep 17 00:00:00 2001 From: Samson-W Date: Fri, 12 Apr 2019 04:07:44 -0400 Subject: [PATCH] Implement audit and apply methods for 7.6 disable_wireless. --- ...le_verify_sign_packages_from_repository.sh | 2 +- ....3_enable_verify_sign_of_local_packages.sh | 2 +- ...set_no_allow_insecure_repository_by_apt.sh | 2 +- bin/hardening/10.1.10_set_create_home_bool.sh | 2 +- .../10.1.11_set_maxlogins_for_all_accounts.sh | 2 +- .../10.1.12_ensure_no_shosts_cfg_on_system.sh | 2 +- .../10.1.4_set_password_encrypt_method.sh | 2 +- .../10.1.5_set_min_password_lifetime.sh | 2 +- .../10.1.6_set_max_password_lifetime.sh | 2 +- .../10.1.7_remove_nopasswd_sudoers.sh | 2 +- .../10.1.8_remove_noauthenticate_sudoers.sh | 2 +- .../10.1.9_set_fail_delay_seconds.sh | 2 +- bin/hardening/2.26_home_nosuid.sh | 2 +- bin/hardening/2.27_nfs_nosuid.sh | 2 +- bin/hardening/2.28_nfs_noexec.sh | 2 +- bin/hardening/2.29_nfs_RPCSEC_GSS.sh | 2 +- bin/hardening/4.5_enable_apparmor.sh | 2 +- bin/hardening/5.10_ensure_installed_sudo.sh | 2 +- bin/hardening/5.7_install_screen.sh | 2 +- bin/hardening/5.8_enable_openssh_server.sh | 2 +- .../5.9_disable_ctrl_alt_del_target.sh | 2 +- ....17_ensure_virul_scan_server_is_enabled.sh | 2 +- ...ure_virusscan_program_update_is_enabled.sh | 2 +- ....5_ensure_time_sync_server_is_installed.sh | 2 +- .../7.1.3_disable_interface_promisc_mode.sh | 2 +- bin/hardening/7.6_disable_wireless.sh | 24 +++++++++++++++---- bin/hardening/7.7.1_enable_firewall.sh | 2 +- .../7.7.2_ensure_set_firewall_rules.sh | 2 +- ...ensure_firewall_set_protect_dos_attacks.sh | 2 +- ...7.4_ensure_default_deny_firewall_policy.sh | 2 +- ...5_ensure_loopback_traffic_is_configured.sh | 2 +- ...firewall_rules_exist_for_all_open_ports.sh | 2 +- ..._established_connections_are_configured.sh | 2 +- bin/hardening/8.1.1.4_set_failure_mode.sh | 2 +- .../8.1.1.5_ensure_set_remote_server.sh | 2 +- ...1.6_ensure_set_encrypt_for_audit_remote.sh | 2 +- ...nsure_set_action_for_audit_storage_full.sh | 2 +- .../8.1.1.8_ensure_set_action_for_net_fail.sh | 2 +- bin/hardening/8.1.1.9_set_space_left_audit.sh | 2 +- .../8.1.19_record_sshkeysign_usage.sh | 2 +- ...8.1.20_record_open_by_handle_at_syscall.sh | 2 +- ...Events_that_privileged_passwd_cmd_usage.sh | 2 +- ...s_that_privileged_priv_change_cmd_usage.sh | 2 +- ...vents_that_privileged_postfix_cmd_usage.sh | 2 +- .../8.1.24_record_crontab_cmd_usage.sh | 2 +- ...25_record_pam_timestamp_check_cmd_usage.sh | 2 +- .../8.1.26_record_pam_tally_cmd_usage.sh | 2 +- .../8.5_verify_integrity_packages.sh | 2 +- .../9.2.10_enable_maxclassrepeat_cracklib.sh | 2 +- .../9.2.11_set_deny_times_password.sh | 2 +- .../9.2.13_enable_password_sha512.sh | 2 +- .../9.2.14_enable_auth_without_nullpwd.sh | 2 +- .../9.2.15_set_printlastlog_to_showfailed.sh | 2 +- .../9.2.17_enable_even_deny_root_password.sh | 2 +- bin/hardening/9.2.1_enable_retry_cracklib.sh | 2 +- bin/hardening/9.2.2_enable_minlen_cracklib.sh | 2 +- .../9.2.3_enable_dcredit_cracklib.sh | 2 +- .../9.2.4_enable_ucredit_cracklib.sh | 2 +- .../9.2.5_enable_ocredit_cracklib.sh | 2 +- .../9.2.6_enable_lcredit_cracklib.sh | 2 +- bin/hardening/9.2.7_enable_difok_cracklib.sh | 2 +- .../9.2.8_enable_minclass_cracklib.sh | 2 +- .../9.2.9_enable_maxrepeat_cracklib.sh | 2 +- bin/hardening/9.3.15_sshd_printlastlog.sh | 2 +- .../9.3.16_sshd_IgnoreUserKnownHosts.sh | 2 +- .../9.3.17_sshd_GSSAPIAuthentication.sh | 2 +- .../9.3.18_sshd_KerberosAuthentication.sh | 2 +- bin/hardening/9.3.19_sshd_StrictModes.sh | 2 +- .../9.3.20_sshd_UsePrivilegeSeparation.sh | 2 +- bin/hardening/9.3.21_sshd_compression.sh | 2 +- bin/hardening/9.3.22_sshd_MACs.sh | 2 +- ...9.3.23_ssh_check_pub_hostkey_permission.sh | 2 +- ....3.24_ssh_check_priv_hostkey_permission.sh | 2 +- 73 files changed, 92 insertions(+), 76 deletions(-) diff --git a/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh b/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh index 8e1a3ec..e445442 100755 --- a/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh +++ b/bin/hardening/1.2_enable_verify_sign_packages_from_repository.sh @@ -6,7 +6,7 @@ # # 1.2 Enable Option for signature of packages from a repository (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/1.3_enable_verify_sign_of_local_packages.sh b/bin/hardening/1.3_enable_verify_sign_of_local_packages.sh index 55ad84f..f995c19 100755 --- a/bin/hardening/1.3_enable_verify_sign_of_local_packages.sh +++ b/bin/hardening/1.3_enable_verify_sign_of_local_packages.sh @@ -6,7 +6,7 @@ # # 1.3 Enable verify the signature of local packages (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh b/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh index 0c00f5c..32a4469 100755 --- a/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh +++ b/bin/hardening/1.4_set_no_allow_insecure_repository_by_apt.sh @@ -6,7 +6,7 @@ # # 1.4 Set no allow insecure repository when by apt update (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.10_set_create_home_bool.sh b/bin/hardening/10.1.10_set_create_home_bool.sh index 48cfec0..81d6f3e 100755 --- a/bin/hardening/10.1.10_set_create_home_bool.sh +++ b/bin/hardening/10.1.10_set_create_home_bool.sh @@ -6,7 +6,7 @@ # # 10.1.10 Set create home bool (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh index 5d52fb4..27a056f 100755 --- a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh +++ b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh @@ -6,7 +6,7 @@ # # 10.1.11 Set maxlogins for all accounts (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh b/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh index 2d8e920..760aad0 100755 --- a/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh +++ b/bin/hardening/10.1.12_ensure_no_shosts_cfg_on_system.sh @@ -6,7 +6,7 @@ # # 10.1.12 Ensure no shosts configure file on system (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.4_set_password_encrypt_method.sh b/bin/hardening/10.1.4_set_password_encrypt_method.sh index 05b398e..3d9d624 100755 --- a/bin/hardening/10.1.4_set_password_encrypt_method.sh +++ b/bin/hardening/10.1.4_set_password_encrypt_method.sh @@ -6,7 +6,7 @@ # # 10.1.4 Set Password Expiration Days (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.5_set_min_password_lifetime.sh b/bin/hardening/10.1.5_set_min_password_lifetime.sh index f2dfdf6..22ce435 100755 --- a/bin/hardening/10.1.5_set_min_password_lifetime.sh +++ b/bin/hardening/10.1.5_set_min_password_lifetime.sh @@ -6,7 +6,7 @@ # # 10.1.5 Set mininum password lifetime (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.6_set_max_password_lifetime.sh b/bin/hardening/10.1.6_set_max_password_lifetime.sh index f11b3ca..c554fd5 100755 --- a/bin/hardening/10.1.6_set_max_password_lifetime.sh +++ b/bin/hardening/10.1.6_set_max_password_lifetime.sh @@ -6,7 +6,7 @@ # # 10.1.6 Set maximum password lifetime (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh b/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh index 0132c06..f68cc7d 100755 --- a/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh +++ b/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh @@ -6,7 +6,7 @@ # # 10.1.7 Remove nopasswd option from the sudoers configuration (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh b/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh index cb79f11..d114ff4 100755 --- a/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh +++ b/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh @@ -6,7 +6,7 @@ # # 10.1.8 Remove not authenticate option from the sudoers configuration (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/10.1.9_set_fail_delay_seconds.sh b/bin/hardening/10.1.9_set_fail_delay_seconds.sh index 12aa7df..5a16b10 100755 --- a/bin/hardening/10.1.9_set_fail_delay_seconds.sh +++ b/bin/hardening/10.1.9_set_fail_delay_seconds.sh @@ -6,7 +6,7 @@ # # 10.1.9 Set FAIL_DELAY Parameters Using pam_faildelay (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/2.26_home_nosuid.sh b/bin/hardening/2.26_home_nosuid.sh index 2dc38d4..b3fc1c1 100755 --- a/bin/hardening/2.26_home_nosuid.sh +++ b/bin/hardening/2.26_home_nosuid.sh @@ -6,7 +6,7 @@ # # 2.26 Set nosuid option for /home filesystem/Partition (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/2.27_nfs_nosuid.sh b/bin/hardening/2.27_nfs_nosuid.sh index a8e9396..9ad37cb 100755 --- a/bin/hardening/2.27_nfs_nosuid.sh +++ b/bin/hardening/2.27_nfs_nosuid.sh @@ -6,7 +6,7 @@ # # 2.27 Set nosuid option for nfs/nfs4 filesystem/Partition (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/2.28_nfs_noexec.sh b/bin/hardening/2.28_nfs_noexec.sh index 96a2986..99abe66 100755 --- a/bin/hardening/2.28_nfs_noexec.sh +++ b/bin/hardening/2.28_nfs_noexec.sh @@ -6,7 +6,7 @@ # # 2.28 Set noexec option for nfs/nfs4 filesystem/Partition (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/2.29_nfs_RPCSEC_GSS.sh b/bin/hardening/2.29_nfs_RPCSEC_GSS.sh index fc7fb67..ace666d 100755 --- a/bin/hardening/2.29_nfs_RPCSEC_GSS.sh +++ b/bin/hardening/2.29_nfs_RPCSEC_GSS.sh @@ -6,7 +6,7 @@ # # 2.29 Set RPCSEC_GSS option for nfs/nfs4 filesystem/Partition (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/4.5_enable_apparmor.sh b/bin/hardening/4.5_enable_apparmor.sh index beecf7a..842c5ca 100755 --- a/bin/hardening/4.5_enable_apparmor.sh +++ b/bin/hardening/4.5_enable_apparmor.sh @@ -6,7 +6,7 @@ # # 4.5 Activate AppArmor (Scored) -# Add by Authors : Samson wen, Samson +# Add by Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/5.10_ensure_installed_sudo.sh b/bin/hardening/5.10_ensure_installed_sudo.sh index 47b4f54..4eb896c 100755 --- a/bin/hardening/5.10_ensure_installed_sudo.sh +++ b/bin/hardening/5.10_ensure_installed_sudo.sh @@ -7,7 +7,7 @@ # # 5.10 Ensure sudo is installed (Scored) # Add new by: -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/5.7_install_screen.sh b/bin/hardening/5.7_install_screen.sh index 14c3fcc..a15c7c6 100755 --- a/bin/hardening/5.7_install_screen.sh +++ b/bin/hardening/5.7_install_screen.sh @@ -6,7 +6,7 @@ # # 5.7 Install screen (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/5.8_enable_openssh_server.sh b/bin/hardening/5.8_enable_openssh_server.sh index 6fd1aba..e6b8144 100755 --- a/bin/hardening/5.8_enable_openssh_server.sh +++ b/bin/hardening/5.8_enable_openssh_server.sh @@ -6,7 +6,7 @@ # # 5.8 Ensure openssh server is enabled (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/5.9_disable_ctrl_alt_del_target.sh b/bin/hardening/5.9_disable_ctrl_alt_del_target.sh index ae1b77b..9fa598f 100755 --- a/bin/hardening/5.9_disable_ctrl_alt_del_target.sh +++ b/bin/hardening/5.9_disable_ctrl_alt_del_target.sh @@ -6,7 +6,7 @@ # # 5.9 Ensure ctrl-alt-del is disabled (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh index 042830f..07b788c 100755 --- a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh +++ b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh @@ -6,7 +6,7 @@ # # 6.17 Ensure virul scan Server is enabled (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh index ade523b..d67aa05 100755 --- a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh +++ b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh @@ -6,7 +6,7 @@ # # 6.18 Ensure virul scan Server update is enabled (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh b/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh index 101fa02..bc54001 100755 --- a/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh +++ b/bin/hardening/6.5_ensure_time_sync_server_is_installed.sh @@ -6,7 +6,7 @@ # # 6.19 Ensure time synchronization server is installed ( Not Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.1.3_disable_interface_promisc_mode.sh b/bin/hardening/7.1.3_disable_interface_promisc_mode.sh index b1b5373..0b7d311 100755 --- a/bin/hardening/7.1.3_disable_interface_promisc_mode.sh +++ b/bin/hardening/7.1.3_disable_interface_promisc_mode.sh @@ -6,7 +6,7 @@ # # 7.1.3 Disable promiscuous mode for network interface (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.6_disable_wireless.sh b/bin/hardening/7.6_disable_wireless.sh index 195fa64..899781c 100755 --- a/bin/hardening/7.6_disable_wireless.sh +++ b/bin/hardening/7.6_disable_wireless.sh @@ -1,11 +1,12 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 9 Hardening # # -# 7.6 Deactivate Wireless Interfaces (Not Scored) +# 7.6 Ensure wireless interfaces are disabled (Not Scored) +# Author : Samson wen, Samson # set -e # One error, it's over @@ -15,12 +16,27 @@ HARDENING_LEVEL=3 # This function will be called if the script status is on enabled / audit mode audit () { - info "Not implemented yet" + if [ $(lspci | grep -ic wireless ) -eq 0 ]; then + info "The OS is not wireless device! " + FNRET=0 + else + if [ $(wc -l /proc/net/wireless) -lt 3 ]; then + ok "Wireless interfaces are disabled!" + FNRET=0 + else + crit "Wireless interfaces is not disabled!" + FNRET=1 + fi + fi } # This function will be called if the script status is on enabled mode apply () { - info "Not implemented yet" + if [ $FNRET = 0 ]; then + ok "Wireless interfaces are disabled!" + else + warn "Wireless interfaces is not disabled! Need the administrator to manually disable it. HOWTO: ip link set down" + fi } # This function will check config parameters required diff --git a/bin/hardening/7.7.1_enable_firewall.sh b/bin/hardening/7.7.1_enable_firewall.sh index 9c0b4fd..44c9646 100755 --- a/bin/hardening/7.7.1_enable_firewall.sh +++ b/bin/hardening/7.7.1_enable_firewall.sh @@ -7,7 +7,7 @@ # # 7.7.1 Ensure Firewall is active (Scored) # Corresponds to the original 7.7 -# Modify Authors : Samson wen, Samson +# Modify Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.2_ensure_set_firewall_rules.sh b/bin/hardening/7.7.2_ensure_set_firewall_rules.sh index 19eea6c..edb73eb 100755 --- a/bin/hardening/7.7.2_ensure_set_firewall_rules.sh +++ b/bin/hardening/7.7.2_ensure_set_firewall_rules.sh @@ -7,7 +7,7 @@ # # 7.7.2 Ensure the Firewall is set rules (Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh b/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh index 6ed0378..6e9dcf2 100755 --- a/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh +++ b/bin/hardening/7.7.3_ensure_firewall_set_protect_dos_attacks.sh @@ -7,7 +7,7 @@ # # 7.7.3 Ensure the Firewall is set rules of protect DOS attacks (Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.4_ensure_default_deny_firewall_policy.sh b/bin/hardening/7.7.4_ensure_default_deny_firewall_policy.sh index 2a106e4..1b12f75 100755 --- a/bin/hardening/7.7.4_ensure_default_deny_firewall_policy.sh +++ b/bin/hardening/7.7.4_ensure_default_deny_firewall_policy.sh @@ -7,7 +7,7 @@ # # 7.7.4 Ensure default deny firewall policy (Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.5_ensure_loopback_traffic_is_configured.sh b/bin/hardening/7.7.5_ensure_loopback_traffic_is_configured.sh index 8ed451d..0299a1f 100755 --- a/bin/hardening/7.7.5_ensure_loopback_traffic_is_configured.sh +++ b/bin/hardening/7.7.5_ensure_loopback_traffic_is_configured.sh @@ -7,7 +7,7 @@ # # 7.7.5 Ensure loopback traffic is configured (Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.6_ensure_firewall_rules_exist_for_all_open_ports.sh b/bin/hardening/7.7.6_ensure_firewall_rules_exist_for_all_open_ports.sh index 0329bbd..5792db8 100755 --- a/bin/hardening/7.7.6_ensure_firewall_rules_exist_for_all_open_ports.sh +++ b/bin/hardening/7.7.6_ensure_firewall_rules_exist_for_all_open_ports.sh @@ -7,7 +7,7 @@ # # 7.7.6 Ensure default deny firewall policy (Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/7.7.7_ensure_outbound_and_established_connections_are_configured.sh b/bin/hardening/7.7.7_ensure_outbound_and_established_connections_are_configured.sh index 351c5ee..04699f4 100755 --- a/bin/hardening/7.7.7_ensure_outbound_and_established_connections_are_configured.sh +++ b/bin/hardening/7.7.7_ensure_outbound_and_established_connections_are_configured.sh @@ -7,7 +7,7 @@ # # 7.7.7 Ensure outbound and established connections are configured (Not Scored) # Include ipv4 and ipv6 -# Add this feature:Authors : Samson wen, Samson +# Add this feature:Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.4_set_failure_mode.sh b/bin/hardening/8.1.1.4_set_failure_mode.sh index 1ea7851..e37ff31 100755 --- a/bin/hardening/8.1.1.4_set_failure_mode.sh +++ b/bin/hardening/8.1.1.4_set_failure_mode.sh @@ -6,7 +6,7 @@ # # 8.1.1.4 Set failure mode of audit service (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh index 5eb616d..f8e51a7 100755 --- a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh +++ b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh @@ -6,7 +6,7 @@ # # 8.1.1.5 Ensure set remote_server for audit service (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh index bbea808..faf5e36 100755 --- a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh +++ b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh @@ -6,7 +6,7 @@ # # 8.1.1.6 Ensure enable_krb5 set to yes for remote audit service (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh index 39bf172..2bec33a 100755 --- a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh +++ b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh @@ -6,7 +6,7 @@ # # 8.1.1.7 Ensure set action for audit storage volume is fulled (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh index ac9332f..47627d9 100755 --- a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh +++ b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh @@ -6,7 +6,7 @@ # # 8.1.1.8 Ensure set action for network failure on remote audit service (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.1.9_set_space_left_audit.sh b/bin/hardening/8.1.1.9_set_space_left_audit.sh index ecc1f63..f992e1c 100755 --- a/bin/hardening/8.1.1.9_set_space_left_audit.sh +++ b/bin/hardening/8.1.1.9_set_space_left_audit.sh @@ -6,7 +6,7 @@ # # 8.1.1.9 Set space left for auditd service (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.19_record_sshkeysign_usage.sh b/bin/hardening/8.1.19_record_sshkeysign_usage.sh index 7e098c0..65b055a 100755 --- a/bin/hardening/8.1.19_record_sshkeysign_usage.sh +++ b/bin/hardening/8.1.19_record_sshkeysign_usage.sh @@ -6,7 +6,7 @@ # # 8.1.19 Recored ssh-keysign command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.20_record_open_by_handle_at_syscall.sh b/bin/hardening/8.1.20_record_open_by_handle_at_syscall.sh index d2fe5f3..2a85729 100755 --- a/bin/hardening/8.1.20_record_open_by_handle_at_syscall.sh +++ b/bin/hardening/8.1.20_record_open_by_handle_at_syscall.sh @@ -6,7 +6,7 @@ # # 8.1.20 Recored open_by_handle_at syscall (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh b/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh index 6904ef3..970caa3 100755 --- a/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh +++ b/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.21 Recored Events that privileged-passwd command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh b/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh index 02e7b43..bc3a64e 100755 --- a/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh +++ b/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.22 Recored Events that privileged-priv-change command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh index 20891fb..2058fc6 100755 --- a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh +++ b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.23 Recored Events that privileged-postfix command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh index e8b149e..60660d4 100755 --- a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh +++ b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.24 Recored crontab command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh index dee6772..310b952 100755 --- a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh +++ b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.25 Recored pam_timestamp_check command usage (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh index d824fe8..7c813ed 100755 --- a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh +++ b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh @@ -6,7 +6,7 @@ # # 8.1.26 Recored pam_tally/pam_tally2 command usage (Scored) -# Authors : Samson wen, Samson Author add this +# Author : Samson wen, Samson Author add this # set -e # One error, it's over diff --git a/bin/hardening/8.5_verify_integrity_packages.sh b/bin/hardening/8.5_verify_integrity_packages.sh index 18b4749..c96fe38 100755 --- a/bin/hardening/8.5_verify_integrity_packages.sh +++ b/bin/hardening/8.5_verify_integrity_packages.sh @@ -5,7 +5,7 @@ # # # 8.5 Verifies integrity all packages (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh b/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh index 631eaf1..a167ce2 100755 --- a/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh +++ b/bin/hardening/9.2.10_enable_maxclassrepeat_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.10 Set Password Creation Requirement Parameters Using pam_cracklib: audit maxclassrepeat option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.11_set_deny_times_password.sh b/bin/hardening/9.2.11_set_deny_times_password.sh index e9392f5..901fae7 100755 --- a/bin/hardening/9.2.11_set_deny_times_password.sh +++ b/bin/hardening/9.2.11_set_deny_times_password.sh @@ -8,7 +8,7 @@ # 9.2.11 Set deny times for Password Attempts (Scored) # The number in the original document is 9.2.2 # for login and ssh service -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.13_enable_password_sha512.sh b/bin/hardening/9.2.13_enable_password_sha512.sh index 4540804..f2b531b 100755 --- a/bin/hardening/9.2.13_enable_password_sha512.sh +++ b/bin/hardening/9.2.13_enable_password_sha512.sh @@ -6,7 +6,7 @@ # # 9.2.13 Set password with the SHA512 algorithm (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.14_enable_auth_without_nullpwd.sh b/bin/hardening/9.2.14_enable_auth_without_nullpwd.sh index 9a34f67..16c2701 100755 --- a/bin/hardening/9.2.14_enable_auth_without_nullpwd.sh +++ b/bin/hardening/9.2.14_enable_auth_without_nullpwd.sh @@ -6,7 +6,7 @@ # # 9.2.14 Configure password without blank or null passwords (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh b/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh index 05674bc..10203b7 100755 --- a/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh +++ b/bin/hardening/9.2.15_set_printlastlog_to_showfailed.sh @@ -6,7 +6,7 @@ # # 9.2.15 Set login display the date and time of last fail logon (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.17_enable_even_deny_root_password.sh b/bin/hardening/9.2.17_enable_even_deny_root_password.sh index a0f9ded..a0eb030 100755 --- a/bin/hardening/9.2.17_enable_even_deny_root_password.sh +++ b/bin/hardening/9.2.17_enable_even_deny_root_password.sh @@ -6,7 +6,7 @@ # # 9.2.17 Ensure unsuccessful root logon occur the associated account must be locked. (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # for login and ssh service # diff --git a/bin/hardening/9.2.1_enable_retry_cracklib.sh b/bin/hardening/9.2.1_enable_retry_cracklib.sh index f98961e..d3ba24d 100755 --- a/bin/hardening/9.2.1_enable_retry_cracklib.sh +++ b/bin/hardening/9.2.1_enable_retry_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.1 Set Password Creation Requirement Parameters Using pam_cracklib: audit retry option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.2_enable_minlen_cracklib.sh b/bin/hardening/9.2.2_enable_minlen_cracklib.sh index fc3c963..d0411c5 100755 --- a/bin/hardening/9.2.2_enable_minlen_cracklib.sh +++ b/bin/hardening/9.2.2_enable_minlen_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.2 Set Password Creation Requirement Parameters Using pam_cracklib: audit minlen option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.3_enable_dcredit_cracklib.sh b/bin/hardening/9.2.3_enable_dcredit_cracklib.sh index 8507dae..896cf9a 100755 --- a/bin/hardening/9.2.3_enable_dcredit_cracklib.sh +++ b/bin/hardening/9.2.3_enable_dcredit_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.3 Set Password Creation Requirement Parameters Using pam_cracklib: audit dcredit option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.4_enable_ucredit_cracklib.sh b/bin/hardening/9.2.4_enable_ucredit_cracklib.sh index efb9674..7b451b8 100755 --- a/bin/hardening/9.2.4_enable_ucredit_cracklib.sh +++ b/bin/hardening/9.2.4_enable_ucredit_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.4 Set Password Creation Requirement Parameters Using pam_cracklib: audit ucredit option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.5_enable_ocredit_cracklib.sh b/bin/hardening/9.2.5_enable_ocredit_cracklib.sh index caf0149..56bbc6b 100755 --- a/bin/hardening/9.2.5_enable_ocredit_cracklib.sh +++ b/bin/hardening/9.2.5_enable_ocredit_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.5 Set Password Creation Requirement Parameters Using pam_cracklib: audit ocredit option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.6_enable_lcredit_cracklib.sh b/bin/hardening/9.2.6_enable_lcredit_cracklib.sh index fb7a80d..fb56c7b 100755 --- a/bin/hardening/9.2.6_enable_lcredit_cracklib.sh +++ b/bin/hardening/9.2.6_enable_lcredit_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.6 Set Password Creation Requirement Parameters Using pam_cracklib: audit lcredit option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.7_enable_difok_cracklib.sh b/bin/hardening/9.2.7_enable_difok_cracklib.sh index d43b767..ad95398 100755 --- a/bin/hardening/9.2.7_enable_difok_cracklib.sh +++ b/bin/hardening/9.2.7_enable_difok_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.7 Set Password Creation Requirement Parameters Using pam_cracklib: audit difok option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.8_enable_minclass_cracklib.sh b/bin/hardening/9.2.8_enable_minclass_cracklib.sh index 3887aea..1ec456a 100755 --- a/bin/hardening/9.2.8_enable_minclass_cracklib.sh +++ b/bin/hardening/9.2.8_enable_minclass_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.8 Set Password Creation Requirement Parameters Using pam_cracklib: audit minclass option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh b/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh index 09ac986..46b0031 100755 --- a/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh +++ b/bin/hardening/9.2.9_enable_maxrepeat_cracklib.sh @@ -6,7 +6,7 @@ # # 9.2.9 Set Password Creation Requirement Parameters Using pam_cracklib: audit maxrepeat option (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.15_sshd_printlastlog.sh b/bin/hardening/9.3.15_sshd_printlastlog.sh index 14c4187..d7586ba 100755 --- a/bin/hardening/9.3.15_sshd_printlastlog.sh +++ b/bin/hardening/9.3.15_sshd_printlastlog.sh @@ -6,7 +6,7 @@ # # 9.3.15 Set SSHD printlastlog to yes (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh b/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh index c919b01..dc78f81 100755 --- a/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh +++ b/bin/hardening/9.3.16_sshd_IgnoreUserKnownHosts.sh @@ -6,7 +6,7 @@ # # 9.3.16 Set SSHD ignoreuserknownhosts to yes (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh b/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh index a352b2d..7ec0ab2 100755 --- a/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh +++ b/bin/hardening/9.3.17_sshd_GSSAPIAuthentication.sh @@ -6,7 +6,7 @@ # # 9.3.17 Set SSHD GSSAPIAuthentication to yes (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh b/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh index eaea117..1fd5c60 100755 --- a/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh +++ b/bin/hardening/9.3.18_sshd_KerberosAuthentication.sh @@ -6,7 +6,7 @@ # # 9.3.18 Set SSHD KerberosAuthentication to yes (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.19_sshd_StrictModes.sh b/bin/hardening/9.3.19_sshd_StrictModes.sh index 0c89f14..21c4b6d 100755 --- a/bin/hardening/9.3.19_sshd_StrictModes.sh +++ b/bin/hardening/9.3.19_sshd_StrictModes.sh @@ -6,7 +6,7 @@ # # 9.3.19 Set SSHD StrictModes to yes (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.20_sshd_UsePrivilegeSeparation.sh b/bin/hardening/9.3.20_sshd_UsePrivilegeSeparation.sh index 3487362..b17e13e 100755 --- a/bin/hardening/9.3.20_sshd_UsePrivilegeSeparation.sh +++ b/bin/hardening/9.3.20_sshd_UsePrivilegeSeparation.sh @@ -6,7 +6,7 @@ # # 9.3.20 Set SSHD UsePrivilegeSeparation to sandbox (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.21_sshd_compression.sh b/bin/hardening/9.3.21_sshd_compression.sh index 6d2536b..d12ec7a 100755 --- a/bin/hardening/9.3.21_sshd_compression.sh +++ b/bin/hardening/9.3.21_sshd_compression.sh @@ -6,7 +6,7 @@ # # 9.3.21 Set SSHD Compression to no (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.22_sshd_MACs.sh b/bin/hardening/9.3.22_sshd_MACs.sh index 2e98291..a5d67e7 100755 --- a/bin/hardening/9.3.22_sshd_MACs.sh +++ b/bin/hardening/9.3.22_sshd_MACs.sh @@ -6,7 +6,7 @@ # # 9.3.22 Set SSHD MACs to hmac-sha2-256,hmac-sha2-512 (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.23_ssh_check_pub_hostkey_permission.sh b/bin/hardening/9.3.23_ssh_check_pub_hostkey_permission.sh index 9d0b725..6eb271d 100755 --- a/bin/hardening/9.3.23_ssh_check_pub_hostkey_permission.sh +++ b/bin/hardening/9.3.23_ssh_check_pub_hostkey_permission.sh @@ -6,7 +6,7 @@ # # 9.3.23 Check SSH public host key permission (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over diff --git a/bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh b/bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh index e68ac70..daccd3c 100755 --- a/bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh +++ b/bin/hardening/9.3.24_ssh_check_priv_hostkey_permission.sh @@ -6,7 +6,7 @@ # # 9.3.24 Check SSH private host key permission (Scored) -# Authors : Samson wen, Samson +# Author : Samson wen, Samson # set -e # One error, it's over