From 08652eaa9577c4f8bddf81e54fe5a7c9a0ab0537 Mon Sep 17 00:00:00 2001 From: Kevin Reeuwijk Date: Wed, 8 May 2024 15:41:02 +0200 Subject: [PATCH 1/2] Don't install libpam-pwquality twice --- cis-harden/harden.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/cis-harden/harden.sh b/cis-harden/harden.sh index 4fc7dba..105f96f 100755 --- a/cis-harden/harden.sh +++ b/cis-harden/harden.sh @@ -731,10 +731,6 @@ harden_log() { ########################################################################## harden_auth() { - #Install the pam_pwquality module - apt-get update -y - apt-get install -y libpam-pwquality - # Define the new values for minlen and minclass new_minlen="minlen = 14" new_minclass="minclass = 4" @@ -848,7 +844,7 @@ harden_auth() { update_config_files 'PASS_MAX_DAYS' 'PASS_MAX_DAYS 365' ${config_file} update_config_files 'PASS_WARN_AGE' 'PASS_WARN_AGE 7' ${config_file} - echo "Password expiry policy updated to PASS_MIN_DAYS 1 & PASS_MAX_DAYS 365" + echo "Password expiry policy updated to PASS_MIN_DAYS 1 & PASS_MAX_DAYS 365 & PASS_WARN_AGE 7" #####################Password encryption standards########## From 6f1d8291a5aaabdb9edcd1d6c14c1ee4bb64d458 Mon Sep 17 00:00:00 2001 From: Kevin Reeuwijk Date: Wed, 8 May 2024 16:31:14 +0200 Subject: [PATCH 2/2] Install correct yum packages --- cis-harden/harden.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/cis-harden/harden.sh b/cis-harden/harden.sh index 105f96f..2e44318 100755 --- a/cis-harden/harden.sh +++ b/cis-harden/harden.sh @@ -73,6 +73,9 @@ get_os() { elif [ -f /etc/centos-release ]; then OS='CentOS Linux' VER=$(cat /etc/centos-release | sed 's/.*\( [0-9][^ ]\+\) .*/\1/') + elif [ -f /etc/rocky-release ]; then + OS='Rocky Linux' + VER=$(cat /etc/rocky-release | sed 's/.*\( [0-9][^ ]\+\) .*/\1/') elif [ -f /etc/redhat-release ]; then OS='Red Hat Enterprise Linux' VER=$(cat /etc/redhat-release | sed 's/.*\( [0-9][^ ]\+\) .*/\1/') @@ -85,6 +88,8 @@ get_os() { OS_FLAVOUR="rhel" elif [[ $OS =~ 'CentOS' ]]; then OS_FLAVOUR="centos" + elif [[ $OS =~ 'Rocky' ]]; then + OS_FLAVOUR="centos" elif [[ $OS =~ 'Ubuntu' ]]; then OS_FLAVOUR="ubuntu" else @@ -116,14 +121,16 @@ upgrade_packages() { if [[ ${OS_FLAVOUR} == "centos" ]]; then yum -y update - yum install -y auditd apparmor-utils libpam-pwquality + yum install -y audit libpwquality check_error $? "Failed upgrading packages" 1 + yum clean all fi if [[ ${OS_FLAVOUR} == "rhel" ]]; then yum -y update - yum install -y auditd apparmor-utils libpam-pwquality + yum install -y audit libpwquality check_error $? "Failed upgrading packages" 1 + yum clean all fi # Placeholder for supporting other linux OS