Merge pull request #5 in IAAS/cis-hardening from dev/thibault.dewailly/fixedLicense to master
* commit 'a7f418d8a2d5b90a7257542b1dd16fd4238721ca': Corrected script names, added License, Completed README and corrected bug with too long logger messages
This commit is contained in:
commit
5cd2b48fa8
8 changed files with 41 additions and 8 deletions
25
LICENSE
Normal file
25
LICENSE
Normal file
|
@ -0,0 +1,25 @@
|
|||
Copyright (c) 2016, OVH SAS.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
* Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
* Neither the name of OVH SAS nor the
|
||||
names of its contributors may be used to endorse or promote products
|
||||
derived from this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
|
||||
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL OVH SAS AND CONTRIBUTORS BE LIABLE FOR ANY
|
||||
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
16
README
16
README
|
@ -5,9 +5,17 @@
|
|||
# Hardening scripts :
|
||||
# bin/hardening : Every script has a .cfg associated, status must be defined here
|
||||
|
||||
# Main script :
|
||||
# bin/hardening.sh : Will execute hardening according to configuration
|
||||
|
||||
# Configuration
|
||||
# etc/hardening.cfg : Global variables defined such as backup directory, or log level
|
||||
# etc/conf.d : Folder with all .cfg associated to hardenign scripts
|
||||
# etc/conf.d : Folder with all .cfg associated to hardening scripts
|
||||
|
||||
# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
|
||||
# Enabled will perform audit and most of the time correct your system accordingly.
|
||||
# There is exceptions as it is difficult to know how you want to correct that.
|
||||
|
||||
# Main script :
|
||||
# bin/hardening.sh : Will execute hardening according to configuration
|
||||
# Options are :
|
||||
# --apply : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
|
||||
# --audit : Will audit hardening when scripts have status enabled or audit (RO)
|
||||
# --audit-all : Apply audit (RO) on all scripts
|
||||
|
|
|
@ -22,7 +22,7 @@ audit () {
|
|||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||
crit "$FORMATTED_RESULT"
|
||||
else
|
||||
ok "No world writable files found"
|
||||
ok "No unowned files found"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@ apply () {
|
|||
warn "chmowing all unowned files in the system"
|
||||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
|
||||
else
|
||||
ok "No world writable files found, nothing to apply"
|
||||
ok "No unowned files found, nothing to apply"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -46,14 +46,14 @@ _logger() {
|
|||
COLOR=$1
|
||||
shift
|
||||
test -z "$SCRIPT_NAME" && SCRIPT_NAME=$(basename $0)
|
||||
/usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info" "$*"
|
||||
builtin echo "$*" | /usr/bin/logger -t "[CIS_Hardening] $SCRIPT_NAME" -p "user.info"
|
||||
test -t 1 && cecho $COLOR "$SCRIPT_NAME $*"
|
||||
}
|
||||
|
||||
cecho () {
|
||||
COLOR=$1
|
||||
shift
|
||||
echo -e "${COLOR}$*${NC}"
|
||||
builtin echo -e "${COLOR}$*${NC}"
|
||||
}
|
||||
|
||||
crit () {
|
||||
|
|
Loading…
Reference in a new issue