From ed23d23c481571a78e3294be9a0af047fe98fdb7 Mon Sep 17 00:00:00 2001 From: Guillaume ASTIER Date: Tue, 4 Feb 2025 11:36:37 +0100 Subject: [PATCH] [UPDATE] - base function check --- Apply/server/1/1.1.1.1.0/run.sh | 5 +++ Apply/workstation/1/1.1.1.1.0 | 1 + Check/server/1/1.1.1.1.0/run.sh | 7 ++++ Check/workstation/1/1.1.1.1.0 | 1 + pem-cyber-linux.d/config | 6 ++++ pem-cyber-linux.d/function | 57 ++++++++++++++++++++++++++++++++ pem-cyber-linux.d/function_Apply | 0 pem-cyber-linux.d/function_Check | 9 +++++ pem-cyber-linux.sh | 43 ++++++++++++++++++++++++ 9 files changed, 129 insertions(+) create mode 100644 Apply/server/1/1.1.1.1.0/run.sh create mode 120000 Apply/workstation/1/1.1.1.1.0 create mode 100644 Check/server/1/1.1.1.1.0/run.sh create mode 120000 Check/workstation/1/1.1.1.1.0 create mode 100644 pem-cyber-linux.d/config create mode 100644 pem-cyber-linux.d/function create mode 100644 pem-cyber-linux.d/function_Apply create mode 100644 pem-cyber-linux.d/function_Check create mode 100755 pem-cyber-linux.sh diff --git a/Apply/server/1/1.1.1.1.0/run.sh b/Apply/server/1/1.1.1.1.0/run.sh new file mode 100644 index 0000000..05ee10b --- /dev/null +++ b/Apply/server/1/1.1.1.1.0/run.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +## 1.1.1.1 Ensure cramfs kernel module is not available (Automated) + +echo '/bin/true' > /etc/modprobe.d/cramfs.conf diff --git a/Apply/workstation/1/1.1.1.1.0 b/Apply/workstation/1/1.1.1.1.0 new file mode 120000 index 0000000..21784a5 --- /dev/null +++ b/Apply/workstation/1/1.1.1.1.0 @@ -0,0 +1 @@ +../../server/1/1.1.1.1.0/ \ No newline at end of file diff --git a/Check/server/1/1.1.1.1.0/run.sh b/Check/server/1/1.1.1.1.0/run.sh new file mode 100644 index 0000000..337bcde --- /dev/null +++ b/Check/server/1/1.1.1.1.0/run.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +## 1.1.1.1 Ensure cramfs kernel module is not available (Automated) + +[[ ! -f /etc/modprobe.d/cramfs.conf ]] && ((CptErr++)) +[[ -z $(cat /etc/modprobe.d/cramfs.conf|grep '/bin/true') ]] && ((CptErr++)) +Check ${CptErr} diff --git a/Check/workstation/1/1.1.1.1.0 b/Check/workstation/1/1.1.1.1.0 new file mode 120000 index 0000000..faf174e --- /dev/null +++ b/Check/workstation/1/1.1.1.1.0 @@ -0,0 +1 @@ +../../server/1/1.1.1.1.0 \ No newline at end of file diff --git a/pem-cyber-linux.d/config b/pem-cyber-linux.d/config new file mode 100644 index 0000000..254a0c7 --- /dev/null +++ b/pem-cyber-linux.d/config @@ -0,0 +1,6 @@ +#!/bin/bash +DirFct=$(realpath $(dirname $0))/$(echo $(basename $0)| sed 's/.sh/.d/g')/ +DirCheck=$(realpath $(dirname $0))/Check +DirApply=$(realpath $(dirname $0))/Apply +Debug='-x' +LogDir=/var/log/$(echo $(basename $0) |sed 's/.sh//g')/$(date +%H%m%d%H%M%S)/ diff --git a/pem-cyber-linux.d/function b/pem-cyber-linux.d/function new file mode 100644 index 0000000..d9f071d --- /dev/null +++ b/pem-cyber-linux.d/function @@ -0,0 +1,57 @@ +#!/bin/bash +function Usage(){ + echo "$(basename $0) [-c/-a] -l [1/2]" + echo "-c : Check the system" + echo "-a : Apply cyber" + echo "-l : Level (1 or 2)" + echo "-t : Type (desktop/server)" + + [[ ! -z $1 ]] && echo "ERROR [$1] $2" + exit $1 + +} + + +function LogTest() { + # LogTest ${Res} ${Action} ${TEST} + if [[ ${1} -ne 0 ]] + then + echo -e "\n### ${2} - [RESULT] - ${3} : FAILED" + else + echo -e "\n### ${2} - [RESULT] - ${3} : SUCESS" + fi | tee -a ${LogDir}/${3}.log +} + +function GetArg(){ + OPTSTRING="hcal:t:" + while getopts ${OPTSTRING} opt; do + case ${opt} in + a) Action=Apply;; + c) Action=Check;; + l) Level=${OPTARG};; + t) Type=${OPTARG};; + h) Usage;; + ?) echo "Invalid option: -${OPTARG}."; exit 1;; + esac + done +} + + +function CheckArg(){ + + [[ -z ${Level} ]] && Usage 2 ": No Level selected" + [[ -z ${Action} ]] && Usage 1 ": No action selected" + [[ -z ${Type} ]] && Usage 3 ": No Type selected" + [[ ${Level} -gt 2 ]] && Usage 4 ": Level need to be 1 or 2" + true + +} + + +function GetRoot() { + + if [[ $(id -u) -ne 0 ]] + then + Usage 5 ": You need to be root" + fi +} diff --git a/pem-cyber-linux.d/function_Apply b/pem-cyber-linux.d/function_Apply new file mode 100644 index 0000000..e69de29 diff --git a/pem-cyber-linux.d/function_Check b/pem-cyber-linux.d/function_Check new file mode 100644 index 0000000..d88cca1 --- /dev/null +++ b/pem-cyber-linux.d/function_Check @@ -0,0 +1,9 @@ +function Check(){ + CheckRes=0 + if [[ $1 -ne 0 ]] + then + CheckRes=1 + return 1 + fi +} +export -f Check diff --git a/pem-cyber-linux.sh b/pem-cyber-linux.sh new file mode 100755 index 0000000..119a49a --- /dev/null +++ b/pem-cyber-linux.sh @@ -0,0 +1,43 @@ +#!/bin/bash + + +## source de la configuration + +source $(realpath $(dirname $0))/$(echo $(basename $0)| sed 's/.sh/.d/g')/config + +## source des functions de base + +source ${DirFct}/function + + +GetRoot +OPTSTRING="hcal:t:" +while getopts ${OPTSTRING} opt; do + case ${opt} in + a) Action=Apply;; + c) Action=Check;; + l) Level=${OPTARG};; + t) Type=${OPTARG};; + h) Usage;; + ?) echo "Invalid option: -${OPTARG}."; exit 1;; + esac +done + +CheckArg + + +source ${DirFct}/function_${Action} + +[[ $Level -eq 2 ]] && RealLevel=\* || RealLevel=1 +DirAction=$(realpath $(dirname $0))/${Action}/${Type}/${RealLevel} + +[[ ! -d ${LogDir} ]] && mkdir -p ${LogDir} || true + +for File in $(find ${DirAction} -type f -name run.sh| sort -n) + do + cd $(dirname ${File}) + Test=$(basename $(dirname ${File})) + export CptErr=0 + bash ${Debug} ./run.sh &> ${LogDir}/${Test}.log + LogTest ${?} ${Action} ${Test} + done