@@ -17,64 +17,48 @@ HARDENING_LEVEL=4
1717# shellcheck disable=2034
1818DESCRIPTION=" Record events that modify the system's mandatory access controls (MAC)."
1919
20- AUDIT_PARAMS=' -w /etc/selinux/ -p wa -k MAC-policy'
21- FILES_TO_SEARCH=' /etc/audit/audit.rules /etc/audit/rules.d/audit.rules'
22- FILE=' /etc/audit/rules.d/audit.rules'
20+ AUDIT_PARAMS=(" -w /etc/apparmor/ -p wa -k MAC-policy" " -w /etc/apparmor.d/ -p wa -k MAC-policy"
21+ AUDIT_FILE=' /etc/audit/audit.rules'
22+ ADDITIONAL_PATH=" /etc/audit/rules.d"
23+ FILE_TO_WRITE=' /etc/audit/rules.d/audit.rules'
2324
2425# This function will be called if the script status is on enabled / audit mode
2526audit () {
26- # define custom IFS and save default one
27- d_IFS=$IFS
28- c_IFS=$' \n '
29- IFS=$c_IFS
30- for AUDIT_VALUE in $AUDIT_PARAMS ; do
31- debug " $AUDIT_VALUE should be in file $FILES_TO_SEARCH "
32- IFS=$d_IFS
27+ MISSING_PARAMS=()
28+ index=0
29+ # use find here in order to simplify test usage with sudo using secaudit user
30+ FILES_TO_SEARCH=" $( sudo_wrapper find $ADDITIONAL_PATH -name ' *.rules' | paste -s) $AUDIT_FILE "
31+ for i in " ${! AUDIT_PARAMS[@]} " ; do
32+ debug " ${AUDIT_PARAMS[i]} should be in file $FILES_TO_SEARCH "
3333 SEARCH_RES=0
3434 for FILE_SEARCHED in $FILES_TO_SEARCH ; do
35- does_pattern_exist_in_file " $FILE_SEARCHED " " $AUDIT_VALUE "
36- IFS=$c_IFS
35+ does_pattern_exist_in_file " $FILE_SEARCHED " " ${AUDIT_PARAMS[i]} "
3736 if [ " $FNRET " != 0 ]; then
38- debug " $AUDIT_VALUE is not in file $FILE_SEARCHED "
37+ debug " ${AUDIT_PARAMS[i]} is not in file $FILE_SEARCHED "
3938 else
40- ok " $AUDIT_VALUE is present in $FILE_SEARCHED "
39+ ok " ${AUDIT_PARAMS[i]} is present in $FILE_SEARCHED "
4140 SEARCH_RES=1
4241 fi
4342 done
4443 if [ " $SEARCH_RES " = 0 ]; then
45- crit " $AUDIT_VALUE is not present in $FILES_TO_SEARCH "
44+ crit " ${AUDIT_PARAMS[i]} is not present in $FILES_TO_SEARCH "
45+ MISSING_PARAMS[i]=" ${AUDIT_PARAMS[i]} "
46+ index=$(( index + 1 ))
4647 fi
4748 done
48- IFS=$d_IFS
4949}
5050
5151# This function will be called if the script status is on enabled mode
5252apply () {
53- # define custom IFS and save default one
54- d_IFS=$IFS
55- c_IFS=$' \n '
56- IFS=$c_IFS
57- for AUDIT_VALUE in $AUDIT_PARAMS ; do
58- debug " $AUDIT_VALUE should be in file $FILES_TO_SEARCH "
59- IFS=$d_IFS
60- SEARCH_RES=0
61- for FILE_SEARCHED in $FILES_TO_SEARCH ; do
62- does_pattern_exist_in_file " $FILE_SEARCHED " " $AUDIT_VALUE "
63- IFS=$c_IFS
64- if [ " $FNRET " != 0 ]; then
65- debug " $AUDIT_VALUE is not in file $FILE_SEARCHED "
66- else
67- ok " $AUDIT_VALUE is present in $FILE_SEARCHED "
68- SEARCH_RES=1
69- fi
70- done
71- if [ " $SEARCH_RES " = 0 ]; then
72- warn " $AUDIT_VALUE is not present in $FILES_TO_SEARCH , adding it to $FILE "
73- add_end_of_file " $FILE " " $AUDIT_VALUE "
74- eval " $( pkill -HUP -P 1 auditd) "
75- fi
53+ audit
54+ changes=0
55+ for i in " ${! MISSING_PARAMS[@]} " ; do
56+ info " ${MISSING_PARAMS[i]} is not present in $FILES_TO_SEARCH , adding it"
57+ add_end_of_file " $FILE_TO_WRITE " " ${MISSING_PARAMS[i]} "
58+ changes=1
7659 done
77- IFS=$d_IFS
60+
61+ [ " $changes " -eq 0 ] || eval " $( pkill -HUP -P 1 auditd) "
7862}
7963
8064# This function will check config parameters required
0 commit comments