1.1 Install updates
This commit is contained in:
parent
5efc1d1a96
commit
6aa74d6188
4 changed files with 74 additions and 11 deletions
|
@ -13,16 +13,32 @@ set -u # One variable unset, it's over
|
|||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit () {
|
||||
:
|
||||
info "Checking if apt needs an update"
|
||||
apt_update_if_needed
|
||||
info "Fetching upgrades ..."
|
||||
apt_check_updates "CIS_APT"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
warn "$RESULT"
|
||||
FNRET=1
|
||||
else
|
||||
ok "No upgrades available"
|
||||
FNRET=0
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply () {
|
||||
:
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
info "Applying Upgrades..."
|
||||
DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y
|
||||
else
|
||||
ok "No Upgrades to apply"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
# No parameters for this function
|
||||
:
|
||||
}
|
||||
|
||||
|
@ -37,4 +53,5 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
||||
[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh
|
||||
|
|
|
@ -9,14 +9,17 @@ case $LOGLEVEL in
|
|||
warning )
|
||||
MACHINE_LOG_LEVEL=2
|
||||
;;
|
||||
info )
|
||||
ok )
|
||||
MACHINE_LOG_LEVEL=3
|
||||
;;
|
||||
debug )
|
||||
info )
|
||||
MACHINE_LOG_LEVEL=4
|
||||
;;
|
||||
debug )
|
||||
MACHINE_LOG_LEVEL=5
|
||||
;;
|
||||
*)
|
||||
MACHINE_LOG_LEVEL=3 ## Default loglevel value to info
|
||||
MACHINE_LOG_LEVEL=4 ## Default loglevel value to info
|
||||
esac
|
||||
|
||||
_logger() {
|
||||
|
@ -33,18 +36,22 @@ cecho () {
|
|||
echo -e "${COLOR}$*${NC}"
|
||||
}
|
||||
|
||||
info () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 3 ] && _logger $BWHITE "[INFO] $*"
|
||||
crit () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 1 ] && _logger $BRED "[ KO ] $*"
|
||||
}
|
||||
|
||||
warn () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 2 ] && _logger $BYELLOW "[WARN] $*"
|
||||
}
|
||||
|
||||
crit () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 1 ] && _logger $BRED "[ KO ] $*"
|
||||
ok () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 3 ] && _logger $BGREEN "[ OK ] $*"
|
||||
}
|
||||
|
||||
info () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 4 ] && _logger $BWHITE "[INFO] $*"
|
||||
}
|
||||
|
||||
debug () {
|
||||
[ $MACHINE_LOG_LEVEL -ge 4 ] && _logger $GRAY "[DBG ] $*"
|
||||
[ $MACHINE_LOG_LEVEL -ge 5 ] && _logger $GRAY "[DBG ] $*"
|
||||
}
|
||||
|
|
|
@ -22,13 +22,17 @@ if [ -z $status ]; then
|
|||
fi
|
||||
|
||||
case $status in
|
||||
enabled | true )
|
||||
enabled | true )
|
||||
info "Checking Configuration"
|
||||
check_config
|
||||
info "Performing audit"
|
||||
audit # Perform audit
|
||||
info "Applying Hardening"
|
||||
apply # Perform hardening
|
||||
;;
|
||||
audit )
|
||||
info "Checking Configuration"
|
||||
check_config
|
||||
info "Performing audit"
|
||||
audit # Perform audit
|
||||
;;
|
||||
|
|
35
lib/utils.sh
35
lib/utils.sh
|
@ -16,3 +16,38 @@ is_installed()
|
|||
}
|
||||
|
||||
|
||||
# contains helper functions to work with apt
|
||||
|
||||
apt_update_if_needed()
|
||||
{
|
||||
if [ -e /var/cache/apt/pkgcache.bin ]
|
||||
then
|
||||
UPDATE_AGE=$(( $(date +%s) - $(stat -c '%Y' /var/cache/apt/pkgcache.bin) ))
|
||||
|
||||
if [ $UPDATE_AGE -gt 21600 ]
|
||||
then
|
||||
# update too old, refresh database
|
||||
apt-get update -y >/dev/null 2>/dev/null
|
||||
fi
|
||||
else
|
||||
apt-get update -y >/dev/null 2>/dev/null
|
||||
fi
|
||||
}
|
||||
|
||||
apt_check_updates()
|
||||
{
|
||||
local NAME="$1"
|
||||
local DETAILS="/dev/shm/${NAME}"
|
||||
LANGUAGE=C apt-get upgrade -s 2>/dev/null | grep -E "^Inst" > $DETAILS || :
|
||||
local COUNT=$(wc -l < "$DETAILS")
|
||||
FNRET=128 # Unknown function return result
|
||||
RESULT="" # Result output for upgrade
|
||||
if [ $COUNT -gt 0 ]; then
|
||||
RESULT="There is $COUNT updates available :\n$(cat $DETAILS)"
|
||||
FNRET=1
|
||||
else
|
||||
RESULT="OK, no updates available"
|
||||
FNRET=0
|
||||
fi
|
||||
rm $DETAILS
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue