From ff38211d6e901b45ab54303fbc277d07df4546d3 Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Sun, 11 Aug 2019 03:20:55 +0800
Subject: [PATCH] modify 8.1.1.1~8.1.9 to be compatible with CentOS.

---
 bin/hardening/8.1.1.1_audit_log_storage.sh    |  2 +-
 .../8.1.1.2_halt_when_audit_log_full.sh       |  2 +-
 bin/hardening/8.1.1.3_keep_all_audit_logs.sh  |  2 +-
 bin/hardening/8.1.1.4_set_failure_mode.sh     |  2 +-
 .../8.1.1.5_ensure_set_remote_server.sh       |  2 +-
 ...1.6_ensure_set_encrypt_for_audit_remote.sh |  2 +-
 ...nsure_set_action_for_audit_storage_full.sh |  2 +-
 .../8.1.1.8_ensure_set_action_for_net_fail.sh |  2 +-
 bin/hardening/8.1.1.9_set_space_left_audit.sh |  2 +-
 .../8.1.11_record_failed_access_file.sh       |  2 +-
 bin/hardening/8.1.2_enable_auditd.sh          | 20 +++++++++++++++----
 bin/hardening/8.1.3_audit_bootloader.sh       |  1 +
 bin/hardening/8.1.4_record_date_time_edit.sh  |  2 +-
 bin/hardening/8.1.5_record_user_group_edit.sh |  2 +-
 bin/hardening/8.1.6_record_network_edit.sh    |  2 +-
 bin/hardening/8.1.7_record_mac_edit.sh        |  1 +
 bin/hardening/8.1.8_record_login_logout.sh    | 12 ++++++++++-
 bin/hardening/8.1.9_record_session_init.sh    | 11 +++++++++-
 18 files changed, 52 insertions(+), 19 deletions(-)

diff --git a/bin/hardening/8.1.1.1_audit_log_storage.sh b/bin/hardening/8.1.1.1_audit_log_storage.sh
index 014e360..1bdbde8 100755
--- a/bin/hardening/8.1.1.1_audit_log_storage.sh
+++ b/bin/hardening/8.1.1.1_audit_log_storage.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS  Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
index 6a3b52c..22fb9f6 100755
--- a/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
+++ b/bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
index 0812643..d1e76ed 100755
--- a/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
+++ b/bin/hardening/8.1.1.3_keep_all_audit_logs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.4_set_failure_mode.sh b/bin/hardening/8.1.1.4_set_failure_mode.sh
index e37ff31..26e2461 100755
--- a/bin/hardening/8.1.1.4_set_failure_mode.sh
+++ b/bin/hardening/8.1.1.4_set_failure_mode.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh
index f8e51a7..9920503 100755
--- a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh
+++ b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh
index daa68da..182eb39 100755
--- a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh
+++ b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh
index 2bec33a..02e2a45 100755
--- a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh
+++ b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh
index 47627d9..5ad45bd 100755
--- a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh
+++ b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.1.9_set_space_left_audit.sh b/bin/hardening/8.1.1.9_set_space_left_audit.sh
index f992e1c..22e6507 100755
--- a/bin/hardening/8.1.1.9_set_space_left_audit.sh
+++ b/bin/hardening/8.1.1.9_set_space_left_audit.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 9  Hardening
+# harbian audit 9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.11_record_failed_access_file.sh b/bin/hardening/8.1.11_record_failed_access_file.sh
index 5ceace2..526686f 100755
--- a/bin/hardening/8.1.11_record_failed_access_file.sh
+++ b/bin/hardening/8.1.11_record_failed_access_file.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.2_enable_auditd.sh b/bin/hardening/8.1.2_enable_auditd.sh
index e1d8006..850c215 100755
--- a/bin/hardening/8.1.2_enable_auditd.sh
+++ b/bin/hardening/8.1.2_enable_auditd.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
@@ -15,10 +15,14 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 PACKAGE='auditd'
+PACKAGE_REDHAT='auditd'
 SERVICE_NAME='auditd'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		PACKAGE=$PACKAGE_REDHAT
+	fi
     is_pkg_installed $PACKAGE
     if [ $FNRET != 0 ]; then
         crit "$PACKAGE is not installed!"
@@ -35,12 +39,19 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		PACKAGE=$PACKAGE_REDHAT
+	fi
 	is_pkg_installed $PACKAGE
 	if [ $FNRET = 0 ]; then
 		ok "$PACKAGE is installed"
 	else
 		warn "$PACKAGE is absent, installing it"
-		apt_install $PACKAGE
+		if [ $OS_RELEASE -eq 2 ]; then
+			yum install -y $PACKAGE
+		else
+			apt_install $PACKAGE
+		fi
 	fi
 	is_service_enabled $SERVICE_NAME
 	if [ $FNRET = 0 ]; then
@@ -48,8 +59,9 @@ apply () {
 	else    
 		warn "$SERVICE_NAME is not enabled, enabling it"
 		is_debian_9
-		if [ $FNRET = 0 ]; then
-			systemctl enable auditd
+		if [ $FNRET = 0 -o $OS_RELEASE -eq 2 ]; then
+			systemctl enable $SERVICE_NAME
+			systemctl start $SERVICE_NAME
 		else
 			update-rc.d $SERVICE_NAME remove >  /dev/null 2>&1
 			update-rc.d $SERVICE_NAME defaults > /dev/null 2>&1
diff --git a/bin/hardening/8.1.3_audit_bootloader.sh b/bin/hardening/8.1.3_audit_bootloader.sh
index 4e0c07d..3284db6 100755
--- a/bin/hardening/8.1.3_audit_bootloader.sh
+++ b/bin/hardening/8.1.3_audit_bootloader.sh
@@ -9,6 +9,7 @@
 #
 # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored)
 #
+# todo test for centos
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
diff --git a/bin/hardening/8.1.4_record_date_time_edit.sh b/bin/hardening/8.1.4_record_date_time_edit.sh
index 7a9626b..1c87fe8 100755
--- a/bin/hardening/8.1.4_record_date_time_edit.sh
+++ b/bin/hardening/8.1.4_record_date_time_edit.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.5_record_user_group_edit.sh b/bin/hardening/8.1.5_record_user_group_edit.sh
index 1f4efe9..7362152 100755
--- a/bin/hardening/8.1.5_record_user_group_edit.sh
+++ b/bin/hardening/8.1.5_record_user_group_edit.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.6_record_network_edit.sh b/bin/hardening/8.1.6_record_network_edit.sh
index 349bcf9..c52e5e7 100755
--- a/bin/hardening/8.1.6_record_network_edit.sh
+++ b/bin/hardening/8.1.6_record_network_edit.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
diff --git a/bin/hardening/8.1.7_record_mac_edit.sh b/bin/hardening/8.1.7_record_mac_edit.sh
index 6d81cbd..4529b43 100755
--- a/bin/hardening/8.1.7_record_mac_edit.sh
+++ b/bin/hardening/8.1.7_record_mac_edit.sh
@@ -8,6 +8,7 @@
 # 8.1.7 Record Events That Modify the System's Mandatory Access Controls (Scored)
 # Modify by: Samson-W (sccxboy@gmail.com)
 #
+# todo test for centos
 
 set -e # One error, it's over
 set -u # One variable unset, it's over
diff --git a/bin/hardening/8.1.8_record_login_logout.sh b/bin/hardening/8.1.8_record_login_logout.sh
index bfaac91..1633ad9 100755
--- a/bin/hardening/8.1.8_record_login_logout.sh
+++ b/bin/hardening/8.1.8_record_login_logout.sh
@@ -1,9 +1,11 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS  Hardening
+# Modify by: Samson-W (samson@hardenedlinux.org)
 #
 
+
 #
 # 8.1.8 Collect Login and Logout Events (Scored)
 #
@@ -16,10 +18,15 @@ HARDENING_LEVEL=4
 AUDIT_PARAMS='-w /var/log/faillog -p wa -k logins
 -w /var/log/lastlog -p wa -k logins
 -w /var/log/tallylog -p wa -k logins'
+AUDIT_PARAMS_REDHAT='-w /var/log/lastlog -p wa -k logins
+-w /var/log/tallylog -p wa -k logins'
 FILE='/etc/audit/rules.d/audit.rules'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
+	fi
     # define custom IFS and save default one
     d_IFS=$IFS
     IFS=$'\n'
@@ -37,6 +44,9 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
+	fi
     d_IFS=$IFS
     IFS=$'\n'
     for AUDIT_VALUE in $AUDIT_PARAMS; do
diff --git a/bin/hardening/8.1.9_record_session_init.sh b/bin/hardening/8.1.9_record_session_init.sh
index 96de42d..a2ada80 100755
--- a/bin/hardening/8.1.9_record_session_init.sh
+++ b/bin/hardening/8.1.9_record_session_init.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
+# Modify by: Samson-W (samson@hardenedlinux.org)
 #
 
 #
@@ -16,10 +17,15 @@ HARDENING_LEVEL=4
 AUDIT_PARAMS='-w /var/run/utmp -p wa -k session
 -w /var/log/wtmp -p wa -k session
 -w /var/log/btmp -p wa -k session'
+AUDIT_PARAMS_REDHAT='-w /var/log/wtmp -p wa -k session
+-w /var/log/btmp -p wa -k session'
 FILE='/etc/audit/rules.d/audit.rules'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
+	fi
     # define custom IFS and save default one
     d_IFS=$IFS
     IFS=$'\n'
@@ -37,6 +43,9 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
+	if [ $OS_RELEASE -eq 2 ]; then
+		AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
+	fi
     d_IFS=$IFS
     IFS=$'\n'
     for AUDIT_VALUE in $AUDIT_PARAMS; do