Class: Ardecy::Harden::Mountpoint::MountInc

Inherits:
Object
  • Object
show all
Includes:
Display, NiTo
Defined in:
lib/ardecy/harden/mountpoint.rb

Direct Known Subclasses

ProcHidepid

Instance Method Summary collapse

Methods included from NiTo

#mv, #sed

Methods included from Display

#display_fix_list, #kernel_show, #perm_show, #result, #show_bad_mod, #title

Constructor Details

#initialize(args) ⇒ MountInc

Returns a new instance of MountInc.



18
19
20
21
22
 
# File 'lib/ardecy/harden/mountpoint.rb', line 18

def initialize(args)
  @res = 'FAIL'
  @args = args
  @tab = 2
end

Instance Method Details

#add_groupObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/ardecy/harden/mountpoint.rb', line 32

def add_group
  return unless @args[:fix] && @group

  has_group = group_search
  unless has_group
    if File.exists? '/usr/sbin/groupadd'
      puts " => Group #{@group} added." if system("/usr/sbin/groupadd #{@group}")
    elsif File.exists? '/usr/bin/groupadd'
      puts " => Group #{@group} added." if system("/usr/bin/groupadd #{@group}")
    else
      puts '[-] Can\'t find command groupadd'
    end
  end
end

#build_argsObject 



71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/ardecy/harden/mountpoint.rb', line 71

def build_args
  return unless @args[:fix]
  return if @res =~ /OK/

  v = @val.split ' '
  @ensure.each do |e|
    o = e.split('=')
    v[3] += ",#{e}" unless v[3] =~ /#{o[0]}=[a-z0-9]+/
  end
  @new = v.join(' ')
end

#edit_fstabObject 



108
109
110
 
# File 'lib/ardecy/harden/mountpoint.rb', line 108

def edit_fstab
  sed(/^#{@name}/, @new, '/etc/fstab')
end

#fixObject 



83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/ardecy/harden/mountpoint.rb', line 83

def fix
  return unless @args[:fix]
  return if @res =~ /OK/

  if mount_match('/etc/fstab')
    edit_fstab
  else
    File.write('/etc/fstab', "\n#{@new}\n", mode: 'a')
  end

  puts "old -> " + @val
  puts "new -> " + @new
  puts
end

#group_searchObject 



47
48
49
50
51
52
53
54
55
 
# File 'lib/ardecy/harden/mountpoint.rb', line 47

def group_search
  if File.readable? '/etc/group'
    etc_group = File.readlines('/etc/group')
    etc_group.each { |l| return true if l =~ /#{@group}/ }
  else
    puts " [-] /etc/group is not readable"
  end
  false
end

#mount_match(file) ⇒ Object 



98
99
100
101
102
103
104
105
106
 
# File 'lib/ardecy/harden/mountpoint.rb', line 98

def mount_match(file)
  File.readlines(file).each do |l|
    if l =~ /^#{@name}/
      @val = l
      return true
    end
  end
  false
end

#scanObject 



57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/ardecy/harden/mountpoint.rb', line 57

def scan
  return unless mount_match('/proc/mounts')

  print "  - Checking #{@name} contain " + @ensure.join(',') if @args[:audit]
  res_a = []
  @ensure.each do |v|
    o = v.split('=')
    res_a << true if @val =~ /#{o[0]}=[a-z0-9]+/
  end
  @res = 'OK' if res_a.length == @ensure.length

  @tab ? result(@res, @tab) : result(@res) if @args[:audit]
end

#systemd_caseObject 



112
113
 
# File 'lib/ardecy/harden/mountpoint.rb', line 112

def systemd_case
end

#xObject 



24
25
26
27
28
29
30
 
# File 'lib/ardecy/harden/mountpoint.rb', line 24

def x
  scan
  add_group
  build_args
  fix
  systemd_case
end