diff --git a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh index 228e24b..2d236f4 100755 --- a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh +++ b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh @@ -17,31 +17,53 @@ VIRULSERVER='clamav-daemon' # This function will be called if the script status is on enabled / audit mode audit () { - if [ $(dpkg -l | grep -c $VIRULSERVER) -ge 1 ]; then - if [ $(systemctl | grep $VIRULSERVER | grep -c "active running") -ne 1 ]; then - crit "$VIRULSERVER is not runing" - FNRET=2 - else - ok "$VIRULSERVER is enable" - FNRET=0 - fi - else - crit "$VIRULSERVER is not installed" - FNRET=1 - fi + if [ $OS_RELEASE -eq 1 ]; then + if [ $(dpkg -l | grep -c $VIRULSERVER) -ge 1 ]; then + if [ $(systemctl | grep $VIRULSERVER | grep -c "active running") -ne 1 ]; then + crit "$VIRULSERVER is not runing" + FNRET=2 + else + ok "$VIRULSERVER is enable" + FNRET=0 + fi + else + crit "$VIRULSERVER is not installed" + FNRET=1 + fi + elif [ $OS_RELEASE -eq 2 ]; then + if [ $(rpm -qa | grep -c clamd) -ge 1 ]; then + ok "Clamav is installed" + else + crit "Clamav is not install" + fi + else + crit "Current OS is not support!" + fi } # This function will be called if the script status is on enabled mode apply () { - if [ $FNRET = 0 ]; then - ok "$VIRULSERVER is enable" - elif [ $FNRET = 1 ]; then - warn "Install $VIRULSERVER" - apt-get install -y $VIRULSERVER - else - warn "Start server $VIRULSERVER" - systemctl start $VIRULSERVER - fi + if [ $OS_RELEASE -eq 1 ]; then + if [ $FNRET = 0 ]; then + ok "$VIRULSERVER is enable" + elif [ $FNRET = 1 ]; then + warn "Install $VIRULSERVER" + apt-get install -y $VIRULSERVER + else + warn "Start server $VIRULSERVER" + systemctl start $VIRULSERVER + fi + elif [ $OS_RELEASE -eq 2 ]; then + if [ $FNRET = 0 ]; then + ok "$VIRULSERVER is enable" + elif [ $FNRET = 1 ]; then + warn "Install $VIRULSERVER" + yum install -y $VIRULSERVER + else + warn "Start server $VIRULSERVER" + systemctl start $VIRULSERVER + fi + fi } # This function will check config parameters required diff --git a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh index ee75c75..5ed088e 100755 --- a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh +++ b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh @@ -16,8 +16,7 @@ HARDENING_LEVEL=4 CLAMAVCONF_DIR='/etc/clamav/clamd.conf' UPDATE_SERVER='clamav-freshclam' -# This function will be called if the script status is on enabled / audit mode -audit () { +audit_debian () { UPDATE_DIR=$(grep -i databasedirectory "$CLAMAVCONF_DIR" | awk '{print $2}') if [ -d $UPDATE_DIR -a -e $CLAMAVCONF_DIR ]; then NOWTIME=$(date +"%s") @@ -37,8 +36,23 @@ audit () { fi } -# This function will be called if the script status is on enabled mode -apply () { +# todo +audit_redhat () { + : +} + +# This function will be called if the script status is on enabled / audit mode +audit () { + if [ $OS_RELEASE -eq 1 ]; then + audit_debian + elif [ $OS_RELEASE -eq 1 ]; then + audit_redhat + else + crit "Current OS is not support!" + fi +} + +apply_debian () { if [ $FNRET = 0 ]; then ok "Clamav database file has a date less than seven days from the current date" elif [ $FNRET = 2 ]; then @@ -50,6 +64,22 @@ apply () { fi } +# todo +apply_redhat () { + : +} + +# This function will be called if the script status is on enabled mode +apply () { + if [ $OS_RELEASE -eq 1 ]; then + apply_debian + elif [ $OS_RELEASE -eq 1 ]; then + apply_redhat + else + crit "Current OS is not support!" + fi +} + # This function will check config parameters required check_config() { : diff --git a/lib/utils.sh b/lib/utils.sh index 78ed2c1..36ba86b 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -160,6 +160,7 @@ has_file_correct_permissions() { fi else FNRET=1 + info "$FILE is not exist!" fi }