#!/bin/sh #DEFINISI FUNGSI function exectest() { if [ -x $1 ] then echo "Checking for $1 ... [OK]"; else echo "Checking for $1 ... [NOT FOUND]"; exit; fi } function filetest() { if [ -f $1 ] then echo "Checking for $1 ... [OK]"; else echo "Checking for $1 ... [NOT FOUND]"; exit; fi } echo "Checking for Operating System ... `uname` " #LINUX if [ `uname` == "Linux" ] then exectest /bin/cp exectest /bin/cat exectest /bin/mv exectest /usr/bin/chattr exectest /bin/kill exectest /bin/mkdir exectest /bin/touch filetest /etc/securetty filetest linux/etc/securetty filetest /etc/sysctl.conf filetest linux/etc/sysctl.conf filetest /etc/profile filetest linux/etc/profile sleep 2 #Hardening securetty mv /etc/securetty /etc/securetty.old cp linux/etc/securetty /etc/securetty echo "Hardening /etc/securetty ... [OK]"; sleep 1 #Hardening Sysctl cp /etc/sysctl.conf /etc/sysctl.conf.old cat linux/etc/sysctl.conf >> /etc/sysctl.conf echo "Hardening /etc/sysctl.conf ... [OK]" sleep 1 #Hardening syslog chattr -a /var/auditlog/messages chattr -a /var/auditlog/secure rm -rf /var/auditlog cp /etc/syslog.conf /etc/syslog.conf.old cat linux/etc/syslog.conf >> /etc/syslog.conf mkdir /var/auditlog touch /var/auditlog/messages touch /var/auditlog/secure kill -HUP `cat /var/run/syslogd.pid` chattr +a /var/auditlog/messages chattr +a /var/auditlog/secure echo "Hardening syslog and log files ... [OK]" sleep 1 #Hardening profile rm -rf /var/histfile/ mkdir /var/histfile/ chmod 1777 /var/histfile/ cp /etc/profile /etc/profile.old cat linux/etc/profile >> /etc/profile echo "Hardening /etc/profile ... [OK]" sleep 1 #Finish echo echo "You need manually hardening /etc/fstab" echo "You nedd manually hardening /etc/security/limits.conf" echo "Status Hardening : FINISH" echo #OpenBSD elif [ `uname` == "OpenBSD" ];then echo "For OpenBSD"; #Not Supported else echo "Operating system is not supported"; exit; fi