module Ardecy::Harden
Public Class Methods
cmdline(args)
click to toggle source
# File lib/ardecy/harden.rb, line 46 def self.cmdline(args) puts title 'Kernel Cmdline' CmdLine.exec(args) end
modules(args)
click to toggle source
# File lib/ardecy/harden.rb, line 20 def self.modules(args) puts title 'Kernel Modules' Modules::Blacklist.exec(args) return unless args[:fix] if Dir.exist? '/etc/modprobe.d/' conf = '/etc/modprobe.d/ardecy_blacklist.conf' writing(conf, Modules::BLACKLIST, args[:audit]) else puts "[-] Directory /etc/modprobe.d/ no found..." end end
mountpoint(args)
click to toggle source
# File lib/ardecy/harden.rb, line 40 def self.mountpoint(args) puts title 'Mountpoint' Mountpoint.exec(args) end
permissions(args)
click to toggle source
# File lib/ardecy/harden.rb, line 34 def self.permissions(args) puts title 'Directory Permissions' Perms::Directory.exec(args) end
sysctl(args)
click to toggle source
# File lib/ardecy/harden.rb, line 14 def self.sysctl(args) sysctl_kernel(args) puts sysctl_network(args) end
sysctl_kernel(args)
click to toggle source
# File lib/ardecy/harden.rb, line 65 def self.sysctl_kernel(args) title 'Kernel Hardening' Sysctl::Kernel.exec(args) return unless args[:fix] if Dir.exist? '/etc/sysctl.d/' conf = '/etc/sysctl.d/ardecy_kernel.conf' writing(conf, Sysctl::KERNEL, args[:audit]) else puts '[-] Directory /etc/sysctl.d/ no found.' end end
sysctl_network(args)
click to toggle source
# File lib/ardecy/harden.rb, line 78 def self.sysctl_network(args) title 'Network Hardening' Sysctl::Network.exec(args) return unless args[:fix] if Dir.exist? '/etc/sysctl.d/' conf = '/etc/sysctl.d/ardecy_network.conf' writing(conf, Sysctl::NETWORK, args[:audit]) else puts '[-] Directory /etc/sysctl.d/ no found.' end end
writing(file, list, audit = false)
click to toggle source
# File lib/ardecy/harden.rb, line 52 def self.writing(file, list, audit = false) return unless list.length >= 1 puts if audit puts " ===> Applying at #{file}..." display_fix_list list list << "\n" list_f = list.freeze File.write(file, list_f.join("\n"), mode: 'w', chmod: 644) end