Skip to content

Commit

Permalink
Fix some bugs.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Samson-W
Samson-W committed May 21, 2019
1 parent c591c3f commit 70b95bd
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 22 deletions.
50 changes: 30 additions & 20 deletions bin/hardening/2.25_disable_automounting.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,33 +17,43 @@ SERVICE_NAME="autofs"

# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
is_pkg_installed $SERVICE_NAME
if [ $FNRET = 0 ]; then
crit "$SERVICE_NAME is enabled"
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then
crit "$SERVICE_NAME is enabled"
else
ok "$SERVICE_NAME is disabled"
fi
else
ok "$SERVICE_NAME is disabled"
fi
ok "$SERVICE_NAME is not installed"
fi
}

# This function will be called if the script status is on enabled mode
apply () {
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
is_pkg_installed $SERVICE_NAME
if [ $FNRET = 0 ]; then
is_debian_9
if [ $FNRET = 0 ]; then
info "Disabling $SERVICE_NAME"
systemctl stop $SERVICE_NAME
systemctl disable $SERVICE_NAME
apt-get -y purge --autoremove $SERVICE_NAME
else
info "Disabling $SERVICE_NAME"
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
fi
else
ok "$SERVICE_NAME is disabled"
fi
info "Checking if $SERVICE_NAME is enabled"
is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then
is_debian_9
if [ $FNRET = 0 ]; then
info "Disabling $SERVICE_NAME"
systemctl stop $SERVICE_NAME
systemctl disable $SERVICE_NAME
apt-get -y purge --autoremove $SERVICE_NAME
else
info "Disabling $SERVICE_NAME"
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
fi
else
ok "$SERVICE_NAME is disabled"
fi
else
ok "$SERVICE_NAME is not installed"
fi
}

# This function will check config parameters required
Expand Down
2 changes: 1 addition & 1 deletion bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ audit () {
check_ipv6_is_enable
IPV6_ENABLE=$FNRET
if [ $IPV6_ENABLE -eq 0 ]; then
if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then
crit "Ip6tables: Firewall policy is not default deny!"
FNRET=1
else
Expand Down
2 changes: 1 addition & 1 deletion bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ audit () {
info "Ip6tables: loopback traffic INPUT deny from other interfaces is not configured!"
fi

if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq -a $OUTPUT_ACCEPT -eq ]; then
if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 ]; then
ok "Loopback traffic rules were configured for v6!"
else
crit "Loopback traffic rules are not configured for v6!"
Expand Down

0 comments on commit 70b95bd

Please sign in to comment.