tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bugs and add apply method for CentOS.

Browse Source
This commit is contained in:
Samson-W 2019-08-26 18:03:29 +08:00
parent 783d6e4455
commit f5de9a24f9
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bin/hardening/9.2.2_pam_minlen_cracklib.sh
View File

@ -54,11 +54,11 @@ audit_debian () {
audit_redhat () { audit_redhat () {
check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL" ok "Option $OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then elif [ $FNRET = 1 ]; then
crit "$OPTIONNAME set condition is not set $CONDT_VAL" crit "Option $OPTIONNAME set condition is not set $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 2 ]; then elif [ $FNRET = 2 ]; then
crit "$OPTIONNAME is not conf" crit "Option $OPTIONNAME is not conf in $FILE_REDHAT"
elif [ $FNRET = 3 ]; then elif [ $FNRET = 3 ]; then
crit "Config file $FILE_REDHAT is not exist!" crit "Config file $FILE_REDHAT is not exist!"
fi fi
@ -97,7 +97,17 @@ apply_debian () {
} }
apply_redhat () { apply_redhat () {
: if [ $FNRET = 0 ]; then
ok "$OPTIONNAME set condition is $CONDT_VAL in $FILE_REDHAT"
elif [ $FNRET = 1 ]; then
warn "Set option $OPTIONNAME to $CONDT_VAL in $FILE_REDHAT"
replace_in_file $FILE_REDHAT "^$OPTIONNAME.*" "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 2 ]; then
warn "$OPTIONNAME is not conf, add to $FILE_REDHAT"
add_end_of_file $FILE_REDHAT "$OPTIONNAME = $CONDT_VAL"
elif [ $FNRET = 3 ]; then
crit "Config file $FILE_REDHAT is not exist!"
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode

16
lib/utils.sh
View File

@ -595,18 +595,20 @@ check_param_pair_by_value ()
# OPTION="minlen" # OPTION="minlen"
# COMPARE="ge" # COMPARE="ge"
# OP_VALUE=15 # OP_VALUE=15
if [ -f "$FILENAME" ];then if [ -f "$FILENAME" ];then
RESULT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILENAME | grep "^$OPTION[[:space:]]=[[:space:]]") COUNT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILENAME | grep "^$OPTION[[:space:]]=[[:space:]]" | wc -l)
if [ $(echo $RESULT | wc -l) -eq 1 ]; then if [ $COUNT -eq 1 ]; then
debug "$OPTION is conf" debug "$OPTION is conf"
RESULT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILENAME | grep "^$OPTION[[:space:]]=[[:space:]]")
if [ "$(echo $RESULT | awk -F'= ' '{print $2}')" "-$COMPARE" "$OP_VALUE" ]; then if [ "$(echo $RESULT | awk -F'= ' '{print $2}')" "-$COMPARE" "$OP_VALUE" ]; then
debug "$OPTION conf is right." debug "$OPTION conf is right."
FNRET=0 FNRET=0
else else
debug "$OPTION conf is not right." debug "$OPTION conf is not right."
FNRET=1 FNRET=1
fi fi
else else
debug "$OPTION is not conf of $FILENAME" debug "$OPTION is not conf of $FILENAME"
FNRET=2 FNRET=2
fi fi