Implement the exception handling feature for the specified service.
This commit is contained in:
parent
0985aedee2
commit
ebed556653
|
@ -22,7 +22,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -34,15 +38,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,29 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,14 +37,27 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -12,6 +12,7 @@ set -e # One error, it's over
|
||||||
set -u # One variable unset, it's over
|
set -u # One variable unset, it's over
|
||||||
|
|
||||||
HARDENING_LEVEL=3
|
HARDENING_LEVEL=3
|
||||||
|
HARDENING_EXCEPTION=dns
|
||||||
|
|
||||||
PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
|
PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
|
||||||
|
|
||||||
|
@ -20,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -32,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,29 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -33,15 +37,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -22,7 +22,11 @@ audit () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed!"
|
crit "$PACKAGE is installed!"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
|
@ -34,15 +38,28 @@ apply () {
|
||||||
for PACKAGE in $PACKAGES; do
|
for PACKAGE in $PACKAGES; do
|
||||||
is_pkg_installed $PACKAGE
|
is_pkg_installed $PACKAGE
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
crit "$PACKAGE is installed, purging it"
|
crit "$PACKAGE is installed, purging it"
|
||||||
apt-get purge $PACKAGE -y
|
apt-get purge $PACKAGE -y
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
ok "$PACKAGE is absent"
|
ok "$PACKAGE is absent"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
|
@ -21,7 +21,11 @@ SYSCTL_EXP_RESULT=0
|
||||||
audit () {
|
audit () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||||
|
else
|
||||||
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
|
fi
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
|
@ -33,9 +37,13 @@ audit () {
|
||||||
apply () {
|
apply () {
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
|
if [ $ISEXCEPTION -eq 1 ]; then
|
||||||
|
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||||
|
else
|
||||||
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||||
|
fi
|
||||||
elif [ $FNRET = 255 ]; then
|
elif [ $FNRET = 255 ]; then
|
||||||
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||||
else
|
else
|
||||||
|
@ -43,6 +51,15 @@ apply () {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# This function will create the config file for this check with default values
|
||||||
|
create_config() {
|
||||||
|
cat <<EOF
|
||||||
|
status=disabled
|
||||||
|
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||||
|
ISEXCEPTION=0
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
check_config() {
|
check_config() {
|
||||||
:
|
:
|
||||||
|
|
Loading…
Reference in New Issue