From f8aa395b6e709090bf9aa74d8a864ff6797ec58e Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Sat, 3 Aug 2019 04:49:42 +0800
Subject: [PATCH] Modified 4.5 to be compatible with CentOS.

---
 bin/hardening/4.1_restrict_core_dumps.sh |  1 -
 bin/hardening/4.5_enable_apparmor.sh     | 46 ++++++++++++++++++++----
 2 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/bin/hardening/4.1_restrict_core_dumps.sh b/bin/hardening/4.1_restrict_core_dumps.sh
index d88bb82..fc04cdc 100755
--- a/bin/hardening/4.1_restrict_core_dumps.sh
+++ b/bin/hardening/4.1_restrict_core_dumps.sh
@@ -98,7 +98,6 @@ apply () {
         apply_redhat
     else
         crit "Current OS is not support!"
-        FNRET=44
     fi
 }
 
diff --git a/bin/hardening/4.5_enable_apparmor.sh b/bin/hardening/4.5_enable_apparmor.sh
index 842c5ca..c835993 100755
--- a/bin/hardening/4.5_enable_apparmor.sh
+++ b/bin/hardening/4.5_enable_apparmor.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
-#
+# harbian audit 7/8/9/10 or CentOS Hardening
+# Modify by: Samson-W (samson@hardenedlinux.org)
+# todo: SELinux
 
 #
-# 4.5 Activate AppArmor (Scored)
+# 4.5 Activate AppArmor/SELinux (Scored)
 # Add by Author : Samson wen, Samson <sccxboy@gmail.com>
 #
 
@@ -20,8 +21,7 @@ PATTERN="apparmor=1[[:space:]]*security=apparmor"
 SETSTRING="apparmor=1 security=apparmor" 
 GRUBFILE='/etc/default/grub'
 
-# This function will be called if the script status is on enabled / audit mode
-audit () {
+audit_debian () {
     for PACKAGE in ${PACKAGES}
     do
         is_pkg_installed $PACKAGE
@@ -49,8 +49,24 @@ audit () {
     fi
 }
 
-# This function will be called if the script status is on enabled mode
-apply () {
+# Todo
+audit_redhat () {
+	:	
+}
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+	if [ $OS_RELEASE -eq 1 ]; then
+        audit_debian
+    elif [ $OS_RELEASE -eq 2 ]; then
+        audit_redhat
+    else
+        crit "Current OS is not support!"
+        FNRET=44
+    fi
+}
+
+apply_debian () {
     if [ $FNRET = 0 ]; then
         ok "AppArmor profiles is enable in the system "
     elif [ $FNRET = 1 ]; then
@@ -69,6 +85,22 @@ apply () {
     fi
 }
 
+# Todo
+apply_redhat () {
+	:
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+	if [ $OS_RELEASE -eq 1 ]; then
+        apply_debian
+    elif [ $OS_RELEASE -eq 2 ]; then
+        apply_redhat
+    else
+        crit "Current OS is not support!"
+    fi
+}
+
 # This function will check config parameters required
 check_config() {
     :