diff --git a/bin/hardening/2.25_disable_automounting.sh b/bin/hardening/2.25_disable_automounting.sh index b2099c0..ffe4f55 100755 --- a/bin/hardening/2.25_disable_automounting.sh +++ b/bin/hardening/2.25_disable_automounting.sh @@ -17,33 +17,43 @@ SERVICE_NAME="autofs" # This function will be called if the script status is on enabled / audit mode audit () { - info "Checking if $SERVICE_NAME is enabled" - is_service_enabled $SERVICE_NAME + is_pkg_installed $SERVICE_NAME if [ $FNRET = 0 ]; then - crit "$SERVICE_NAME is enabled" + info "Checking if $SERVICE_NAME is enabled" + is_service_enabled $SERVICE_NAME + if [ $FNRET = 0 ]; then + crit "$SERVICE_NAME is enabled" + else + ok "$SERVICE_NAME is disabled" + fi else - ok "$SERVICE_NAME is disabled" - fi + ok "$SERVICE_NAME is not installed" + fi } # This function will be called if the script status is on enabled mode apply () { - info "Checking if $SERVICE_NAME is enabled" - is_service_enabled $SERVICE_NAME + is_pkg_installed $SERVICE_NAME if [ $FNRET = 0 ]; then - is_debian_9 - if [ $FNRET = 0 ]; then - info "Disabling $SERVICE_NAME" - systemctl stop $SERVICE_NAME - systemctl disable $SERVICE_NAME - apt-get -y purge --autoremove $SERVICE_NAME - else - info "Disabling $SERVICE_NAME" - update-rc.d $SERVICE_NAME remove > /dev/null 2>&1 - fi - else - ok "$SERVICE_NAME is disabled" - fi + info "Checking if $SERVICE_NAME is enabled" + is_service_enabled $SERVICE_NAME + if [ $FNRET = 0 ]; then + is_debian_9 + if [ $FNRET = 0 ]; then + info "Disabling $SERVICE_NAME" + systemctl stop $SERVICE_NAME + systemctl disable $SERVICE_NAME + apt-get -y purge --autoremove $SERVICE_NAME + else + info "Disabling $SERVICE_NAME" + update-rc.d $SERVICE_NAME remove > /dev/null 2>&1 + fi + else + ok "$SERVICE_NAME is disabled" + fi + else + ok "$SERVICE_NAME is not installed" + fi } # This function will check config parameters required diff --git a/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh b/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh index 95ac7e4..5c57854 100755 --- a/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh +++ b/bin/hardening/7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh @@ -23,7 +23,7 @@ audit () { check_ipv6_is_enable IPV6_ENABLE=$FNRET if [ $IPV6_ENABLE -eq 0 ]; then - if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS4} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then + if [ $(${IPS6} -S | grep -c "\-P INPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P OUTPUT DROP") -eq 0 -o $(${IPS6} -S | grep -c "\-P FORWARD DROP") -eq 0 ]; then crit "Ip6tables: Firewall policy is not default deny!" FNRET=1 else diff --git a/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh b/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh index 5099d99..033f469 100755 --- a/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh +++ b/bin/hardening/7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh @@ -54,7 +54,7 @@ audit () { info "Ip6tables: loopback traffic INPUT deny from other interfaces is not configured!" fi - if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq -a $OUTPUT_ACCEPT -eq ]; then + if [ $INPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 -a $OUTPUT_ACCEPT -eq 0 ]; then ok "Loopback traffic rules were configured for v6!" else crit "Loopback traffic rules are not configured for v6!"