Implement the exception handling feature for the specified service.
This commit is contained in:
samson
parent
0985aedee2
commit
ebed556653
|
|
@ -22,7 +22,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -34,15 +38,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,29 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,14 +37,27 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ set -e # One error, it's over
|
|||
set -u # One variable unset, it's over
|
||||
|
||||
HARDENING_LEVEL=3
|
||||
HARDENING_EXCEPTION=dns
|
||||
|
||||
PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
|
||||
|
||||
|
|
@ -20,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -32,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,29 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -33,15 +37,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -22,7 +22,11 @@ audit () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed!"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$PACKAGE is installed!"
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
|
|
@ -34,15 +38,28 @@ apply () {
|
|||
for PACKAGE in $PACKAGES; do
|
||||
is_pkg_installed $PACKAGE
|
||||
if [ $FNRET = 0 ]; then
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
crit "$PACKAGE is installed, purging it"
|
||||
apt-get purge $PACKAGE -y
|
||||
apt-get autoremove
|
||||
fi
|
||||
else
|
||||
ok "$PACKAGE is absent"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
|
|
@ -21,7 +21,11 @@ SYSCTL_EXP_RESULT=0
|
|||
audit () {
|
||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But Exception is set to 1, so it's pass!"
|
||||
else
|
||||
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||
fi
|
||||
elif [ $FNRET = 255 ]; then
|
||||
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||
else
|
||||
|
|
@ -33,9 +37,13 @@ audit () {
|
|||
apply () {
|
||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||
if [ $FNRET != 0 ]; then
|
||||
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||
if [ $ISEXCEPTION -eq 1 ]; then
|
||||
warn "$PACKAGE is installed! But the exception is set to true, so don't need any operate."
|
||||
else
|
||||
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||
sysctl -w net.ipv4.route.flush=1 > /dev/null
|
||||
fi
|
||||
elif [ $FNRET = 255 ]; then
|
||||
warn "$SYSCTL_PARAM does not exist -- Typo?"
|
||||
else
|
||||
|
|
@ -43,6 +51,15 @@ apply () {
|
|||
fi
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here exception to pass this case, if set is 1, don't need apply, let to pass.
|
||||
ISEXCEPTION=0
|
||||
EOF
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
|
|
|
|||
Loading…
Reference in New Issue