Fix some bugs.

hardenedlinux · Aug 31, 2019 · 6fab8a8 · 6fab8a8
1 parent 81d6f39
commit 6fab8a8
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 13 deletions.
diff --git a/bin/hardening/10.1.11_ensure_no_shosts_cfg_on_system.sh b/bin/hardening/10.1.11_ensure_no_shosts_cfg_on_system.sh
@@ -19,8 +19,8 @@ FILENAME1='shosts.equiv'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
-    COUNT=$(find / -name "${FILENAME}" | wc -l)
-    COUNT1=$(find / -name "${FILENAME1}" | wc -l)
+    COUNT=$(find / -xdev -name "${FILENAME}" | wc -l)
+    COUNT1=$(find / -xdev -name "${FILENAME1}" | wc -l)
     if [ "$COUNT" -ne 0 -o "$COUNT1" -ne 0 ]; then
         crit "$FILENAME or $FILENAME1 file is exist on system."
         FNRET=1

diff --git a/bin/hardening/12.10_find_suid_files.sh b/bin/hardening/12.10_find_suid_files.sh
@@ -7,9 +7,10 @@
 #
 # 12.10 Find SUID System Executables (Not Scored)
 #
+# set -e # One error, it's over, for some user to audit desktop evn  
 
-set -e # One error, it's over
-set -u # One variable unset, it's over
+# One variable unset, it's over
+set -u
 
 HARDENING_LEVEL=2
 

diff --git a/bin/hardening/12.11_find_sgid_files.sh b/bin/hardening/12.11_find_sgid_files.sh
@@ -8,8 +8,10 @@
 # 12.11 Find SGID System Executables (Not Scored)
 #
 
-set -e # One error, it's over
-set -u # One variable unset, it's over
+#set -e # One error, it's over, for some user to audit desktop evn 
+
+# One variable unset, it's over
+set -u
 
 HARDENING_LEVEL=2
 

diff --git a/bin/hardening/8.1.19_record_sshkeysign_usage.sh b/bin/hardening/8.1.19_record_sshkeysign_usage.sh
@@ -14,7 +14,7 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=4
 
 
-AUDIT_PARAMS="-a always,exit -F path=$(find / -name "ssh-keysign") -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
+AUDIT_PARAMS="-a always,exit -F path=$(find /usr/ -name "ssh-keysign") -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
 -a always,exit -F path=$(which ssh-agent 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
 
 set -e # One error, it's over

diff --git a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
@@ -13,13 +13,13 @@ set -u # One variable unset, it's over
 
 HARDENING_LEVEL=4
 
-AUDIT_PARAMS='-a always,exit -F path=$(find / -name audisp-remote.conf) -F perm=wa -k config_file_change
--a always,exit -F path=$(find / -name auditd.conf) -F perm=wa -k config_file_change
+AUDIT_PARAMS='-a always,exit -F path=$(find /etc/ -name audisp-remote.conf) -F perm=wa -k config_file_change
+-a always,exit -F path=$(find /etc/ -name auditd.conf) -F perm=wa -k config_file_change
 -a always,exit -F dir=$(find /etc/audit/ -name rules.d) -F perm=wa -k config_file_change
--a always,exit -F path=$(find / -name grub) -F perm=wa -k config_file_change
--a always,exit -F path=$(find / -name fstab) -F perm=wa -k config_file_change
--a always,exit -F path=$(find / -name hosts.deny) -F perm=wa -k config_file_change
--a always,exit -F path=$(find / -name login.defs) -F perm=wa -k config_file_change
+-a always,exit -F path=$(find /etc/ -name grub) -F perm=wa -k config_file_change
+-a always,exit -F path=$(find /etc/ -name fstab) -F perm=wa -k config_file_change
+-a always,exit -F path=$(find /etc/ -name hosts.deny) -F perm=wa -k config_file_change
+-a always,exit -F path=$(find /etc/ -name login.defs) -F perm=wa -k config_file_change
 -a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
 -a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
 -a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change