mirror of
https://github.com/m8tin/cis.git
synced 2026-06-02 14:56:58 +02:00
m8in
58 lines
1.6 KiB
Bash
Executable File
58 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
source /cis/core/base.module.sh
|
|
|
|
|
|
|
|
function run_as_root() {
|
|
[ "0" == "$(id -u)" ] \
|
|
&& echo OK \
|
|
&& return 0
|
|
|
|
echo FAIL
|
|
return 1
|
|
}
|
|
|
|
function scripts_are_updateable_by_git() {
|
|
git -C "${CIS[SCRIPTDIR]?"Missing CIS_SCRIPTDIR"}" pull > /dev/null 2>&1 \
|
|
&& echo OK \
|
|
&& return 0
|
|
|
|
echo FAIL
|
|
return 1
|
|
}
|
|
|
|
function allChecks() {
|
|
local _CHECK_PATH _MODE_PATH _CHECK_FILES
|
|
_CHECK_PATH="${1:?"allChecks(): Missing first parameter CHECK_PATH"}check/"
|
|
_MODE_PATH="${2:-all}/"
|
|
_CHECK_FILES="${_CHECK_PATH}${_MODE_PATH}"
|
|
readonly _CHECK_PATH _MODE_PATH _CHECK_FILES
|
|
|
|
local _CHECK_FOUND="false"
|
|
echo " - ${_CHECK_FILES}*.check.sh"
|
|
for _CURRENT_CHECK in "${_CHECK_FILES}"*.check.sh; do
|
|
! [ -x "${_CURRENT_CHECK}" ] \
|
|
&& continue
|
|
_CHECK_FOUND="true"
|
|
_NAME="$(echo ${_CURRENT_CHECK##*/} | cut -d'.' -f1)"
|
|
_CONTEXT="$(echo ${_NAME} | cut -d'_' -f1)"
|
|
_CHECK="$(echo ${_NAME} | cut -d'_' -f2- | tr '_' ' ')"
|
|
_RESULT="$("${_CURRENT_CHECK}" && echo OK || echo FAIL)"
|
|
echo " ${_CONTEXT^^} ${_CHECK}: ${_RESULT}"
|
|
done
|
|
|
|
[ "${_CHECK_FOUND}" == "false" ] \
|
|
&& echo " nothing to do" \
|
|
&& return 0
|
|
}
|
|
|
|
echo "PRECONDITION run as root: $(run_as_root)"
|
|
echo "PRECONDITION scripts are updateable by git: $(scripts_are_updateable_by_git)"
|
|
echo
|
|
echo "Check all (common):"
|
|
allChecks "${CIS[DEFAULTDEFINITIONS]?"Missing CIS_DEFAULTDEFINITIONS"}"
|
|
echo "Check all (own):"
|
|
allChecks "${CIS[DOMAINDEFINITIONS]?"Missing CIS_DOMAINDEFINITIONS"}"
|
|
echo "Check this host:"
|
|
allChecks "${CIS[DOMAINDEFINITIONS]}" "$(hostname -s)"
|