Fixes for several ASB v2 remediation and audit checks plus shorter policy package names (#741)
This commit is contained in:
Marius Niculescu
GitHub
Родитель
140776a68f
Коммит
5e5a25a8b4
|
|
@ -29,8 +29,8 @@ jobs:
|
|||
]
|
||||
policy-package:
|
||||
[
|
||||
{ path: LinuxSshServerSecurityBaselinePolicy.zip, short-name: SSH, resource-count: 20 },
|
||||
{ path: LinuxSecurityBaselinePolicy.zip, short-name: ASB, resource-count: 168 },
|
||||
{ path: LinuxSshServerSecurityBaseline.zip, short-name: SSH, resource-count: 20 },
|
||||
{ path: LinuxSecurityBaseline.zip, short-name: ASB, resource-count: 168 },
|
||||
]
|
||||
arch: [amd64]
|
||||
install-osconfig: [false]
|
||||
|
|
|
|||
|
|
@ -25,13 +25,13 @@ set_target_properties(OsConfigResourceAsb PROPERTIES OUTPUT_NAME libOsConfigReso
|
|||
|
||||
add_custom_target(stage_create_zip
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/Staging
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSecurityBaselinePolicy.metaconfig.json" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSecurityBaselinePolicy.mof" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSecurityBaseline.metaconfig.json" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSecurityBaseline.mof" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different $<TARGET_FILE:OsConfigResourceAsb> ${PROJECT_BINARY_DIR}/Staging/Modules/DscNativeResources/OsConfigResource/libOsConfigResource.so
|
||||
DEPENDS OsConfigResourceAsb)
|
||||
|
||||
add_custom_target(create_zip ALL
|
||||
BYPRODUCTS ${OsConfigRootBinaryDir}/LinuxSecurityBaselinePolicy.zip
|
||||
COMMAND ${CMAKE_COMMAND} -E tar "cfv" "${OsConfigRootBinaryDir}/LinuxSecurityBaselinePolicy.zip" --format=zip .
|
||||
BYPRODUCTS ${OsConfigRootBinaryDir}/LinuxSecurityBaseline.zip
|
||||
COMMAND ${CMAKE_COMMAND} -E tar "cfv" "${OsConfigRootBinaryDir}/LinuxSecurityBaseline.zip" --format=zip .
|
||||
DEPENDS stage_create_zip
|
||||
WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/Staging/)
|
||||
|
|
@ -599,7 +599,7 @@ instance of OsConfigResource as $OsConfigResource38ref
|
|||
ReportedObjectName = "auditEnsurePermissionsOnEtcHostsAllow";
|
||||
ExpectedObjectValue = "PASS";
|
||||
DesiredObjectName = "remediateEnsurePermissionsOnEtcHostsAllow";
|
||||
DesiredObjectValue = "PASS";
|
||||
DesiredObjectValue = "644";
|
||||
ModuleName = "GuestConfiguration";
|
||||
ModuleVersion = "1.0.0";
|
||||
ConfigurationName = "LinuxSecurityBaseline";
|
||||
|
|
@ -614,7 +614,7 @@ instance of OsConfigResource as $OsConfigResource39ref
|
|||
ReportedObjectName = "auditEnsurePermissionsOnEtcHostsDeny";
|
||||
ExpectedObjectValue = "PASS";
|
||||
DesiredObjectName = "remediateEnsurePermissionsOnEtcHostsDeny";
|
||||
DesiredObjectValue = "PASS";
|
||||
DesiredObjectValue = "644";
|
||||
ModuleName = "GuestConfiguration";
|
||||
ModuleVersion = "1.0.0";
|
||||
ConfigurationName = "LinuxSecurityBaseline";
|
||||
|
|
@ -1633,7 +1633,7 @@ instance of OsConfigResource as $OsConfigResource106ref
|
|||
ComponentName = "SecurityBaseline";
|
||||
ReportedObjectName = "auditEnsureRsyslogNotAcceptingRemoteMessages";
|
||||
ExpectedObjectValue = "PASS";
|
||||
DesiredObjectName = "remediateRsyslogNotAcceptingRemoteMessages";
|
||||
DesiredObjectName = "remediateEnsureRsyslogNotAcceptingRemoteMessages";
|
||||
DesiredObjectValue = "PASS";
|
||||
ModuleName = "GuestConfiguration";
|
||||
ModuleVersion = "1.0.0";
|
||||
|
|
@ -2572,9 +2572,9 @@ instance of OsConfigResource as $OsConfigResource167ref
|
|||
|
||||
instance of OMI_ConfigurationDocument
|
||||
{
|
||||
Version="0.0.2";
|
||||
Version="0.0.3";
|
||||
CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
|
||||
Author="Microsoft";
|
||||
GenerationDate="5/3/2024 10:45:00 AM PST";
|
||||
GenerationDate="7/9/2024 16:07:00 PST";
|
||||
Name="LinuxSecurityBaseline";
|
||||
};
|
||||
|
|
@ -11,11 +11,11 @@
|
|||
"Microsoft.GuestConfiguration"
|
||||
],
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSecurityBaselinePolicy",
|
||||
"name": "LinuxSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaselinePolicy.zip",
|
||||
"contentHash": "43ABD924FD490F87A3F0198D24C65877DBBA4ADAEEACE3C4705CC8AECAD930C4",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaseline.zip",
|
||||
"contentHash": "588D662DAE1CE6959FBF6596CB65769337E7A46B8888BD25E7114BFDB54E04FF",
|
||||
"configurationParameter": {
|
||||
"accessPermissionsForSshdConfig": "Ensure that permissions on /etc/ssh/sshd_config are configured;DesiredObjectValue",
|
||||
"ignoreHosts": "Ensure that the SSH IgnoreRhosts is configured;DesiredObjectValue",
|
||||
|
|
@ -457,7 +457,7 @@
|
|||
"/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31"
|
||||
],
|
||||
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
|
||||
"name": "[concat('LinuxSecurityBaselinePolicy$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
|
||||
"name": "[concat('LinuxSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
|
||||
"existenceCondition": {
|
||||
"allOf": [
|
||||
{
|
||||
|
|
@ -484,7 +484,7 @@
|
|||
"value": "[field('type')]"
|
||||
},
|
||||
"assignmentName": {
|
||||
"value": "[concat('LinuxSecurityBaselinePolicy$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]"
|
||||
"value": "[concat('LinuxSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]"
|
||||
},
|
||||
"accessPermissionsForSshdConfig": {
|
||||
"value": "[parameters('accessPermissionsForSshdConfig')]"
|
||||
|
|
@ -621,11 +621,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSecurityBaselinePolicy",
|
||||
"name": "LinuxSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaselinePolicy.zip",
|
||||
"contentHash": "43ABD924FD490F87A3F0198D24C65877DBBA4ADAEEACE3C4705CC8AECAD930C4",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaseline.zip",
|
||||
"contentHash": "588D662DAE1CE6959FBF6596CB65769337E7A46B8888BD25E7114BFDB54E04FF",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -712,11 +712,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSecurityBaselinePolicy",
|
||||
"name": "LinuxSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaselinePolicy.zip",
|
||||
"contentHash": "43ABD924FD490F87A3F0198D24C65877DBBA4ADAEEACE3C4705CC8AECAD930C4",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaseline.zip",
|
||||
"contentHash": "588D662DAE1CE6959FBF6596CB65769337E7A46B8888BD25E7114BFDB54E04FF",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -803,11 +803,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSecurityBaselinePolicy",
|
||||
"name": "LinuxSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaselinePolicy.zip",
|
||||
"contentHash": "43ABD924FD490F87A3F0198D24C65877DBBA4ADAEEACE3C4705CC8AECAD930C4",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSecurityBaseline.zip",
|
||||
"contentHash": "588D662DAE1CE6959FBF6596CB65769337E7A46B8888BD25E7114BFDB54E04FF",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -25,13 +25,13 @@ set_target_properties(OsConfigResourceSsh PROPERTIES OUTPUT_NAME libOsConfigReso
|
|||
|
||||
add_custom_target(stage_create_zip_ssh
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/Staging
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSshServerSecurityBaselinePolicy.metaconfig.json" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSshServerSecurityBaselinePolicy.mof" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSshServerSecurityBaseline.metaconfig.json" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_CURRENT_SOURCE_DIR}/LinuxSshServerSecurityBaseline.mof" ${PROJECT_BINARY_DIR}/Staging/
|
||||
COMMAND ${CMAKE_COMMAND} -E copy_if_different $<TARGET_FILE:OsConfigResourceSsh> ${PROJECT_BINARY_DIR}/Staging/Modules/DscNativeResources/OsConfigResource/libOsConfigResource.so
|
||||
DEPENDS OsConfigResourceSsh)
|
||||
|
||||
add_custom_target(create_zip_ssh ALL
|
||||
BYPRODUCTS ${OsConfigRootBinaryDir}/LinuxSshServerSecurityBaselinePolicy.zip
|
||||
COMMAND ${CMAKE_COMMAND} -E tar "cfv" "${OsConfigRootBinaryDir}/LinuxSshServerSecurityBaselinePolicy.zip" --format=zip .
|
||||
BYPRODUCTS ${OsConfigRootBinaryDir}/LinuxSshServerSecurityBaseline.zip
|
||||
COMMAND ${CMAKE_COMMAND} -E tar "cfv" "${OsConfigRootBinaryDir}/LinuxSshServerSecurityBaseline.zip" --format=zip .
|
||||
DEPENDS stage_create_zip_ssh
|
||||
WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/Staging/)
|
||||
|
|
@ -11,11 +11,11 @@
|
|||
"Microsoft.GuestConfiguration"
|
||||
],
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSshServerSecurityBaselinePolicy",
|
||||
"name": "LinuxSshServerSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaselinePolicy.zip",
|
||||
"contentHash": "354719122019CC893CAB961414A5AA6E8D5C14F517C04C91271DDE3458668E82",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
|
||||
"contentHash": "430DA48C00BF58D9D5533AD3C3303DF466AACE3F06AFBEBF76271742DE1B5498",
|
||||
"configurationParameter": {
|
||||
"accessPermissionsForSshdConfig": "Ensure that permissions on /etc/ssh/sshd_config are configured;DesiredObjectValue",
|
||||
"ignoreHosts": "Ensure that the SSH IgnoreRhosts is configured;DesiredObjectValue",
|
||||
|
|
@ -456,7 +456,7 @@
|
|||
"/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31"
|
||||
],
|
||||
"type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
|
||||
"name": "[concat('LinuxSshServerSecurityBaselinePolicy$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
|
||||
"name": "[concat('LinuxSshServerSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]",
|
||||
"existenceCondition": {
|
||||
"allOf": [
|
||||
{
|
||||
|
|
@ -483,7 +483,7 @@
|
|||
"value": "[field('type')]"
|
||||
},
|
||||
"assignmentName": {
|
||||
"value": "[concat('LinuxSshServerSecurityBaselinePolicy$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]"
|
||||
"value": "[concat('LinuxSshServerSecurityBaseline$pid', uniqueString(policy().assignmentId, policy().definitionReferenceId))]"
|
||||
},
|
||||
"accessPermissionsForSshdConfig": {
|
||||
"value": "[parameters('accessPermissionsForSshdConfig')]"
|
||||
|
|
@ -620,11 +620,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSshServerSecurityBaselinePolicy",
|
||||
"name": "LinuxSshServerSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaselinePolicy.zip",
|
||||
"contentHash": "354719122019CC893CAB961414A5AA6E8D5C14F517C04C91271DDE3458668E82",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
|
||||
"contentHash": "430DA48C00BF58D9D5533AD3C3303DF466AACE3F06AFBEBF76271742DE1B5498",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -711,11 +711,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSshServerSecurityBaselinePolicy",
|
||||
"name": "LinuxSshServerSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaselinePolicy.zip",
|
||||
"contentHash": "354719122019CC893CAB961414A5AA6E8D5C14F517C04C91271DDE3458668E82",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
|
||||
"contentHash": "430DA48C00BF58D9D5533AD3C3303DF466AACE3F06AFBEBF76271742DE1B5498",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -802,11 +802,11 @@
|
|||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"guestConfiguration": {
|
||||
"name": "LinuxSshServerSecurityBaselinePolicy",
|
||||
"name": "LinuxSshServerSecurityBaseline",
|
||||
"version": "1.0.0",
|
||||
"contentType": "Custom",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaselinePolicy.zip",
|
||||
"contentHash": "354719122019CC893CAB961414A5AA6E8D5C14F517C04C91271DDE3458668E82",
|
||||
"contentUri": "https://github.com/Azure/azure-osconfig/releases/download/test_policy_package/LinuxSshServerSecurityBaseline.zip",
|
||||
"contentHash": "430DA48C00BF58D9D5533AD3C3303DF466AACE3F06AFBEBF76271742DE1B5498",
|
||||
"assignmentType": "ApplyAndAutoCorrect",
|
||||
"configurationParameter": [
|
||||
{
|
||||
|
|
@ -585,6 +585,8 @@ static const char* g_fsSuidDumpable = "fs.suid_dumpable = 0";
|
|||
static const char* g_bootGrubGrubConf = "/boot/grub/grub.conf";
|
||||
static const char* g_bootGrub2GrubCfg = "/boot/grub2/grub.cfg";
|
||||
static const char* g_bootGrubGrubCfg = "/boot/grub/grub.cfg";
|
||||
static const char* g_minSambaProtocol = "min protocol = SMB2";
|
||||
static const char* g_login = "login";
|
||||
|
||||
static const char* g_pass = SECURITY_AUDIT_PASS;
|
||||
static const char* g_fail = SECURITY_AUDIT_FAIL;
|
||||
|
|
@ -1492,9 +1494,9 @@ static char* AuditEnsureSystemNotActingAsNetworkSniffer(void* log)
|
|||
const char* command = "ip address";
|
||||
const char* text = "PROMISC";
|
||||
char* reason = NULL;
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckTextNotFoundInCommandOutput(command, text, &reason, log));
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckLineNotFoundOrCommentedOut(g_etcNetworkInterfaces, '#', text, &reason, log));
|
||||
CheckLineNotFoundOrCommentedOut(g_etcRcLocal, '#', text, &reason, log);
|
||||
RETURN_REASON_IF_ZERO(((0 == CheckLineNotFoundOrCommentedOut(g_etcNetworkInterfaces, '#', text, &reason, log)) &&
|
||||
(0 == CheckLineNotFoundOrCommentedOut(g_etcRcLocal, '#', text, &reason, log))) ? 0 : ENOENT);
|
||||
CheckTextNotFoundInCommandOutput(command, text, &reason, log);
|
||||
return reason;
|
||||
}
|
||||
|
||||
|
|
@ -2059,13 +2061,16 @@ static char* AuditEnsureRshClientNotInstalled(void* log)
|
|||
|
||||
static char* AuditEnsureSmbWithSambaIsDisabled(void* log)
|
||||
{
|
||||
const char* minProtocol = "min protocol = SMB2";
|
||||
char* reason = NULL;
|
||||
|
||||
if (false == CheckDaemonNotActive(g_smbd, &reason, log))
|
||||
if (IsDaemonActive(g_smbd, log))
|
||||
{
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckLineNotFoundOrCommentedOut(g_etcSambaConf, '#', minProtocol, &reason, log));
|
||||
CheckLineNotFoundOrCommentedOut(g_etcSambaConf, ';', minProtocol, &reason, log);
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckLineFoundNotCommentedOut(g_etcSambaConf, '#', g_minSambaProtocol, &reason, log));
|
||||
CheckLineFoundNotCommentedOut(g_etcSambaConf, ';', g_minSambaProtocol, &reason, log);
|
||||
}
|
||||
else
|
||||
{
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckFileNotFound(g_etcSambaConf, &reason, log));
|
||||
CheckPackageNotInstalled(g_samba, &reason, log);
|
||||
}
|
||||
return reason;
|
||||
}
|
||||
|
|
@ -2120,7 +2125,7 @@ static char* AuditEnsureRloginServiceIsDisabled(void* log)
|
|||
RETURN_REASON_IF_NOT_ZERO(CheckPackageNotInstalled(g_rlogin, &reason, log));
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckPackageNotInstalled(g_inetd, &reason, log));
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckPackageNotInstalled(g_inetUtilsInetd, &reason, log));
|
||||
CheckTextIsNotFoundInFile(g_etcInetdConf, "login", &reason, log);
|
||||
CheckLineNotFoundOrCommentedOut(g_etcInetdConf, '#', g_login, &reason, log);
|
||||
return reason;
|
||||
}
|
||||
|
||||
|
|
@ -3630,14 +3635,20 @@ static int RemediateEnsureRshClientNotInstalled(char* value, void* log)
|
|||
static int RemediateEnsureSmbWithSambaIsDisabled(char* value, void* log)
|
||||
{
|
||||
const char* command = "sed -i '/^\\[global\\]/a min protocol = SMB2' /etc/samba/smb.conf";
|
||||
const char* smb1 = "SMB1";
|
||||
int status = 0;
|
||||
|
||||
UNUSED(value);
|
||||
|
||||
if (IsDaemonActive(g_smbd, log))
|
||||
{
|
||||
status = ((0 == ReplaceMarkedLinesInFile(g_etcSambaConf, "SMB1", NULL, '#', true, log)) &&
|
||||
(0 == ExecuteCommand(NULL, command, true, false, 0, 0, NULL, NULL, log))) ? 0 : ENOENT;
|
||||
if (0 == (status = ReplaceMarkedLinesInFile(g_etcSambaConf, smb1, NULL, '#', true, log)))
|
||||
{
|
||||
if (0 != FindTextInFile(g_etcSambaConf, g_minSambaProtocol, log))
|
||||
{
|
||||
status = ExecuteCommand(NULL, command, true, false, 0, 0, NULL, NULL, log);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -3693,7 +3704,8 @@ static int RemediateEnsureRloginServiceIsDisabled(char* value, void* log)
|
|||
UninstallPackage(g_inetUtilsInetd, log);
|
||||
return ((0 == CheckPackageNotInstalled(g_rlogin, NULL, log)) &&
|
||||
(0 == CheckPackageNotInstalled(g_inetd, NULL, log)) &&
|
||||
(0 == CheckPackageNotInstalled(g_inetUtilsInetd, NULL, log))) ? 0 : ENOENT;
|
||||
(0 == CheckPackageNotInstalled(g_inetUtilsInetd, NULL, log)) &&
|
||||
(0 == ReplaceMarkedLinesInFile(g_etcInetdConf, g_login, NULL, '#', true, log))) ? 0 : ENOENT;
|
||||
}
|
||||
|
||||
static int RemediateEnsureUnnecessaryAccountsAreRemoved(char* value, void* log)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ int CheckEnsurePasswordReuseIsLimited(int remember, char** reason, void* log)
|
|||
|
||||
if (0 == CheckFileExists(g_etcPamdCommonPassword, NULL, log))
|
||||
{
|
||||
// On Debian-based systems 'etc/pam.d/common-password' is expected to exist
|
||||
// On Debian-based systems '/etc/pam.d/common-password' is expected to exist
|
||||
status = CheckIntegerOptionFromFileLessOrEqualWith(g_etcPamdCommonPassword, g_remember, '=', remember, reason, log);
|
||||
}
|
||||
else if (0 == CheckFileExists(g_etcPamdSystemAuth, NULL, log))
|
||||
|
|
|
|||
|
|
@ -2040,7 +2040,7 @@ int SetPasswordHashingAlgorithm(unsigned int algorithm, void* log)
|
|||
return EINVAL;
|
||||
}
|
||||
|
||||
if (0 != CheckPasswordHashingAlgorithm(algorithm, NULL, log))
|
||||
if (0 == CheckPasswordHashingAlgorithm(algorithm, NULL, log))
|
||||
{
|
||||
if (0 == (status = SetEtcLoginDefValue(encryptMethod, encryption, log)))
|
||||
{
|
||||
|
|
@ -2792,7 +2792,6 @@ int CheckRootPasswordForSingleUserMode(char** reason, void* log)
|
|||
{
|
||||
OsConfigLogInfo(log, "CheckRootPasswordForSingleUserMode: root appears to have a password");
|
||||
rootHasPassword = true;
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -2801,6 +2800,11 @@ int CheckRootPasswordForSingleUserMode(char** reason, void* log)
|
|||
usersWithPassword = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (rootHasPassword && usersWithPassword)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче