Fix some bugs for CentOS8.
This commit is contained in:
Samson-W
parent
912ba677ff
commit
fa9d907985
|
|
@ -20,7 +20,7 @@ RESULT=''
|
|||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
info "Checking if admin accounts have a login shell different than $SHELL"
|
||||
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
|
||||
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false" && $7!="/sbin/nologin") {print}')
|
||||
IFS=$'\n'
|
||||
for LINE in $RESULT; do
|
||||
debug "line : $LINE"
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ set -u # One variable unset, it's over
|
|||
HARDENING_LEVEL=3
|
||||
|
||||
FILES='/etc/motd /etc/issue /etc/issue.net'
|
||||
PATTERN='(\\v|\\r|\\m|\\s|Debian)'
|
||||
PATTERN='(\\v|\\r|\\m|\\s|Debian|CentOS)'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
|
|
|
|||
|
|
@ -28,14 +28,20 @@ audit () {
|
|||
crit "Some suid files are present"
|
||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||
crit "$FORMATTED_RESULT"
|
||||
FNRET=1
|
||||
else
|
||||
ok "No unknown suid files found"
|
||||
FNRET=0
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
warn "Removing suid on valid binary may seriously harm your system, report only here, need a manual fix."
|
||||
if [ $FNRET = 1 ]; then
|
||||
warn "Removing suid on valid binary may seriously harm your system, report only here, need a manual fix."
|
||||
else
|
||||
ok "No unknown suid files found"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
|
|
|
|||
|
|
@ -29,14 +29,20 @@ audit () {
|
|||
crit "Some sgid files are present"
|
||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||
crit "$FORMATTED_RESULT"
|
||||
FNRET=1
|
||||
else
|
||||
ok "No unknown sgid files found"
|
||||
FNRET=0
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
info "Removing sgid on valid binary may seriously harm your system, report only here"
|
||||
if [ $FNRET = 1 ]; then
|
||||
warn "Removing sgid on valid binary may seriously harm your system, report only here"
|
||||
else
|
||||
ok "No unknown sgid files found"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will create the config file for this check with default values
|
||||
|
|
|
|||
|
|
@ -16,11 +16,19 @@ HARDENING_LEVEL=1
|
|||
|
||||
FILE='/etc/gshadow-'
|
||||
PERMISSIONS='600'
|
||||
PERMISSIONS_REDHAT='0000'
|
||||
USER='root'
|
||||
GROUP='shadow'
|
||||
GROUP_REDHAT='root'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
@ -37,6 +45,12 @@ audit () {
|
|||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
|
|||
|
|
@ -16,11 +16,19 @@ HARDENING_LEVEL=1
|
|||
|
||||
FILE='/etc/shadow'
|
||||
PERMISSIONS='640'
|
||||
PERMISSIONS_REDHAT='0000'
|
||||
USER='root'
|
||||
GROUP='shadow'
|
||||
GROUP_REDHAT='root'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
@ -37,6 +45,12 @@ audit () {
|
|||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
|
|||
|
|
@ -16,11 +16,19 @@ HARDENING_LEVEL=1
|
|||
|
||||
FILE='/etc/gshadow'
|
||||
PERMISSIONS='640'
|
||||
PERMISSIONS_REDHAT='0000'
|
||||
USER='root'
|
||||
GROUP='shadow'
|
||||
GROUP_REDHAT='root'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
@ -37,6 +45,12 @@ audit () {
|
|||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
|
|||
|
|
@ -16,11 +16,19 @@ HARDENING_LEVEL=1
|
|||
|
||||
FILE='/etc/shadow-'
|
||||
PERMISSIONS='600'
|
||||
PERMISSIONS_REDHAT='0000'
|
||||
USER='root'
|
||||
GROUP='shadow'
|
||||
GROUP_REDHAT='root'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
@ -37,6 +45,12 @@ audit () {
|
|||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
if [ $OS_RELEASE -eq 2 ]; then
|
||||
PERMISSIONS=$PERMISSIONS_REDHAT
|
||||
GROUP=$GROUP_REDHAT
|
||||
else
|
||||
:
|
||||
fi
|
||||
has_file_correct_ownership $FILE $USER $GROUP
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$FILE has correct ownership"
|
||||
|
|
|
|||
|
|
@ -62,7 +62,11 @@ audit () {
|
|||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
warn "Editing items from PATH may seriously harm your system, report only here, need a manual fix."
|
||||
if [ $ERRORS = 0 ]; then
|
||||
ok "root PATH is secure"
|
||||
else
|
||||
warn "Editing items from PATH may seriously harm your system, report only here, need a manual fix."
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
|
|
|
|||
Loading…
Reference in New Issue