Class: Ardecy::Harden::CmdLine::LineInc

Inherits:
Object
  • Object
show all
Includes:
Display, NiTo
Defined in:
lib/ardecy/harden/cmdline.rb

Instance Method Summary collapse

Methods included from NiTo

#mv, #sed

Methods included from Display

#display_fix_list, #kernel_show, #perm_show, #result, #show_bad_mod, #title

Constructor Details

#initialize(args) ⇒ LineInc

Returns a new instance of LineInc.



28
29
30
31
32
33
 
# File 'lib/ardecy/harden/cmdline.rb', line 28

def initialize(args)
  @name = 'pti=on'
  @res = 'FAIL'
  @tab = 4
  @args = args
end

Instance Method Details

#apply_bootctl(conf) ⇒ Object

conf path can be something like: /efi/loader/entries/gentoo.conf



67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/ardecy/harden/cmdline.rb', line 67

def apply_bootctl(conf)
  line = get_bootctl_line(conf)
  args = []
  line.split(' ').each { |a| args << a if a =~ /[a-z0-9=]+/ }
  args << @name
  args = args.uniq()
  args.delete('options')
  @final_line = 'options ' + args.join(' ')
  print " ===> Adding #{@name} \n\n"
  sed(/^options/, "#{@final_line}", conf)
end

#apply_grub(conf) ⇒ Object

apply_grub Get all the current arguments from config file And reinject them with new @name Build the variable @final_line



99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/ardecy/harden/cmdline.rb', line 99

def apply_grub(conf)
  line = get_grub_line(conf)
  args = []

  line_split = line.split("GRUB_CMDLINE_LINUX_DEFAULT=\"")
  args_split = line_split[1].split(' ')
  args_split.each { |a| args << a.tr('"', '') if a =~ /[a-z0-9=]+/ }
  args << @name
  args = args.uniq()

  @final_line = "GRUB_CMDLINE_LINUX_DEFAULT=\"" + args.join(' ') + "\""
  print " ===> Adding #{@name} \n\n"
  write_to_grub(conf)
end

#apply_syslinux(conf) ⇒ Object 



84
85
86
87
88
89
90
91
92
93
 
# File 'lib/ardecy/harden/cmdline.rb', line 84

def apply_syslinux(conf)
  line = get_syslinux_line(conf)
  args = []
  line.split(' ').each { |a| args << a if a =~ /[a-z0-9=]+/ }
  args << @name
  args = args.uniq()
  @final_line = 'APPEND ' + args.join(' ')
  print " ===> Adding #{@name} \n\n"
  sed(/\s+APPEND/, "    #{@final_line}", conf) # with 4 spaces
end

#fixObject 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/ardecy/harden/cmdline.rb', line 47

def fix
  return unless @args[:fix]
  return if @res =~ /OK/

  if File.exist? '/etc/default/grub'
    apply_grub '/etc/default/grub'
  elsif @args[:syslinux]
    apply_syslinux @args[:syslinux]
  elsif File.exist? '/boot/syslinux/syslinux.cfg'
    apply_syslinux '/boot/syslinux/syslinux.cfg'
  elsif @args[:bootctl]
    apply_bootctl @args[:bootctl]
  else
    puts
    puts "[-] No config file supported yet to applying #{@name}."
  end
end

#get_bootctl_line(conf) ⇒ Object 



79
80
81
82
 
# File 'lib/ardecy/harden/cmdline.rb', line 79

def get_bootctl_line(conf)
  File.readlines(conf).each { |l| return l if l =~ /^options/ }
  'options'
end

#get_grub_line(conf) ⇒ Object 



118
119
120
121
 
# File 'lib/ardecy/harden/cmdline.rb', line 118

def get_grub_line(conf)
  File.readlines(conf).each { |l| return l if l =~ /^GRUB_CMDLINE_LINUX_DEFAULT/ }
  "GRUB_CMDLINE_LINUX_DEFAULT=\"\""
end

#get_syslinux_line(conf) ⇒ Object 



123
124
125
126
 
# File 'lib/ardecy/harden/cmdline.rb', line 123

def get_syslinux_line(conf)
  File.readlines(conf).each { |l| return l if l =~ /\s+APPEND/ }
  'APPEND'
end

#scanObject 



40
41
42
43
44
45
 
# File 'lib/ardecy/harden/cmdline.rb', line 40

def scan
  curr_line = File.readlines('/proc/cmdline')
  curr_line.each { |l| @res = 'OK' if l =~ /#{@name}/ }
  print "  - include #{@name}" if @args[:audit]
  @tab ? result(@res, @tab) : result(@res) if @args[:audit]
end

#write_to_grub(conf) ⇒ Object 



114
115
116
 
# File 'lib/ardecy/harden/cmdline.rb', line 114

def write_to_grub(conf)
  sed(/^GRUB_CMDLINE_LINUX_DEFAULT/, @final_line, conf)
end

#xObject 



35
36
37
38
 
# File 'lib/ardecy/harden/cmdline.rb', line 35

def x
  scan
  fix
end