ardecy 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd867dd6f7fb9d68567b4e7b78f7317e37fd159929bb3b7c2ca9beb11563146a
-  data.tar.gz: 6ad77f7b0cb309d9e51257e08b921fc66ea11a7a9264b77bb1465a14ca1f31e2
+  metadata.gz: dfee812e31a5a1dc6f31eaa70fb6837459732157ef174fd215eb215ea299f0c7
+  data.tar.gz: 5933831912f0b6770be89ba4bf9821aa12503600ca9e4e23d90df35837d453d6
 SHA512:
-  metadata.gz: a66daa605946c1efe73c4521763cf29d0e40af2f942eeaa8777cac93db149f1e917147ed1ba3387c1bed71f6565b67a0311edd461499a572960ef7ceec0623c4
-  data.tar.gz: 28f36c476b37939e238affce67650e665a2ceae73bb3dc1a54c3e1b6dc6bcf44ee633d42bf18fef94d2d92aaee50be8bf5bada8e789ddee9776196002d9dea6e
+  metadata.gz: 3d2145fe504aa730c778092360531ec37da9e72c12e7c1edfcf66f8a459dd7b02188defe1fa3572c1931e7422bad12bdba19ca124f7164025c336c4c340c7f2f
+  data.tar.gz: 9032e9a78441de631fb46bd03ad47fb3770815f229a8c2b2200e161bb12581f95f49e623e7a6d7ef2e69bdd0b18f7034c116f8f9b92b9a58fcc2b9cf51a27637

data/README.md

@@ -1,16 +1,32 @@
 # Ardecy
-Awesome ruby gem to build: ardecy !
 
-## Gem build
+<div align="center">
+<br/>
+[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
+[![Gem Version](https://badge.fury.io/rb/ardecy.svg)](https://badge.fury.io/rb/ardecy)
+</div>
 
-    gem build ardecy.gemspec
-
-## Gem push
-
-    gem login
-    gem push ardecy-0.0.1.gem
+Ardecy is a security, privacy auditing, fixing and hardening tool for Linux.
 
 ## Install ardecy locally
 
+With gem:
+
+    gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/ardecy/master/certs/szorfein.pem)
     gem install ardecy-0.0.1.gem -P HighSecurity
+    ardecy -h
+
+With github:
+
+    git clone https://github.com/szorfein/ardecy
+    cd ardecy
+    ruby -I lib bin/ardecy -h
+
+## Usage
+Audit your system
+
+    ardecy --audit
+
+Correct errors found
 
+    ardecy --fix

data/bin/ardecy

@@ -1,4 +1,10 @@
 #!/usr/bin/env ruby
-require "ardecy"
-puts "Ardecy v." + Ardecy::VERSION
+
+require 'ardecy'
+
+ardecy = Ardecy::Main.new(ARGV)
+
+ardecy.scan
+
+ardecy.bye
 

data/lib/ardecy.rb

@@ -1,4 +1,50 @@
+# frozen_string_literal: true
+
 require_relative 'ardecy/version'
+require_relative 'ardecy/options'
+require_relative 'ardecy/harden'
+require_relative 'ardecy/privacy'
+require_relative 'ardecy/guard'
+
 module Ardecy
+  class Main
+    def initialize(args)
+      @cli = Options.new(args).options
+      show_intent
+      permission
+    end
+
+    def scan
+      Harden.sysctl({
+        audit: @cli[:audit],
+        fix: @cli[:fix]
+      })
+    end
+
+    def bye
+      puts
+      puts " -[ Bye - Ardecy v." + Ardecy::VERSION + " ]- "
+      exit
+    end
+
+    def permission
+      return unless @cli[:fix]
+
+      Ardecy::Guard.perm
+    end
+
+    def show_intent
+      audit = @cli[:audit] ||= false
+      fixing = @cli[:fix] ||= false
+      puts
+      if audit || fixing
+        print ' ====> '
+        print 'Audit ' if audit
+        print 'Fixing ' if fixing
+        print "System\n"
+      end
+      puts
+    end
+  end
 end
 

data/lib/ardecy/guard.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Ardecy
+  class BadPerm < StandardError
+  end
+
+  module Guard
+    def self.perm
+      uid = Process.uid
+      raise BadPerm, 'Please, run this program as a root.' unless uid === 0
+    rescue BadPerm => e
+      warn "\n#{e.class} > #{e}"
+      exit 1
+    end
+  end
+end

data/lib/ardecy/harden.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require 'display'
+require_relative 'harden/sysctl'
+
+module Ardecy
+  module Harden
+    extend Display
+
+    def self.sysctl(args)
+      sysctl_kernel(args)
+      puts
+      sysctl_network(args)
+    end
+
+    def self.sysctl_kernel(args)
+      title 'Kernel Hardening'
+
+      Sysctl::Kernel::KPointer.new(args).x
+      Sysctl::Kernel::Dmesg.new(args).x
+      Sysctl::Kernel::Printk.new(args).x
+      Sysctl::Kernel::BpfDisabled.new(args).x
+      Sysctl::Kernel::BpfJitHarden.new(args).x
+      Sysctl::Kernel::LdiskAutoload.new(args).x
+      Sysctl::Kernel::UserFaultFd.new(args).x
+      Sysctl::Kernel::KExecLoadDisabled.new(args).x
+      Sysctl::Kernel::SysRQ.new(args).x
+      Sysctl::Kernel::UsernsClone.new(args).x
+      Sysctl::Kernel::MaxUserNameSpace.new(args).x
+      Sysctl::Kernel::PerfEventParanoid.new(args).x
+      Sysctl::Kernel::YamaPtrace.new(args).x
+      Sysctl::Kernel::VmMmapRndBits.new(args).x
+      Sysctl::Kernel::VmMmapRndCompatBits.new(args).x
+      Sysctl::Kernel::FsProtectedSymlinks.new(args).x
+      Sysctl::Kernel::FsProtectedHardlinks.new(args).x
+      Sysctl::Kernel::FsProtectedFifos.new(args).x
+      Sysctl::Kernel::FsProtectedRegular.new(args).x
+
+      return unless args[:fix]
+
+      conf = '/etc/sysctl.d/ardecy_kernel.conf'
+      puts if args[:audit]
+      puts " ===> Applying at #{conf}..."
+      puts
+      kernel_correct_show Sysctl::KERNEL
+      Sysctl::KERNEL << "\n"
+      if Dir.exist? '/etc/sysctl.d/'
+        File.write(conf, Sysctl::KERNEL.join("\n"), mode: 'w', chmod: 0644)
+      else
+        puts '[-] Directory /etc/sysctl.d/ no found.'
+      end
+    end
+
+    def self.sysctl_network(args)
+      title 'Network Hardening'
+
+      Sysctl::Network::TcpSynCookie.new(args).x
+      Sysctl::Network::RFC1337.new(args).x
+      Sysctl::Network::AllRpFilter.new(args).x
+      Sysctl::Network::DefaultRpFilter.new(args).x
+      Sysctl::Network::AllAcceptRedirects.new(args).x
+      Sysctl::Network::DefaultAcceptRedirects.new(args).x
+      Sysctl::Network::AllSecureRedirects.new(args).x
+      Sysctl::Network::DefaultSecureRedirects.new(args).x
+      Sysctl::Network::Ipv6AllAcceptRedirects.new(args).x
+      Sysctl::Network::Ipv6DefaultAcceptRedirects.new(args).x
+      Sysctl::Network::AllSendRedirects.new(args).x
+      Sysctl::Network::DefaultSendRedirects.new(args).x
+      Sysctl::Network::IcmpEchoIgnoreAll.new(args).x
+      Sysctl::Network::AllAcceptSourceRoute.new(args).x
+      Sysctl::Network::DefaultAcceptSourceRoute.new(args).x
+      Sysctl::Network::Ipv6AllAcceptSourceRoute.new(args).x
+      Sysctl::Network::Ipv6DefaultAcceptSourceRoute.new(args).x
+      Sysctl::Network::Ipv6ConfAllAcceptRa.new(args).x
+      Sysctl::Network::Ipv6ConfDefaultAcceptRa.new(args).x
+      Sysctl::Network::TcpSack.new(args).x
+      Sysctl::Network::TcpDSack.new(args).x
+      Sysctl::Network::TcpFack.new(args).x
+
+      return unless args[:fix]
+
+      conf = '/etc/sysctl.d/ardecy_network.conf'
+      puts if args[:audit]
+      puts " ===> Applying at #{conf}..."
+      puts
+      kernel_correct_show Sysctl::NETWORK
+      Sysctl::NETWORK << "\n"
+      if Dir.exist? '/etc/sysctl.d/'
+        File.write(conf, Sysctl::NETWORK.join("\n"), mode: 'w', chmod: 0644)
+      else
+        puts '[-] Directory /etc/sysctl.d/ no found.'
+      end
+    end
+  end
+end

data/lib/ardecy/harden/sysctl.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'display'
+
+module Ardecy
+  module Harden
+    module Sysctl
+      KERNEL = []
+      NETWORK = []
+
+      class SysKern
+        include Display
+
+        def scan
+          kernel_show(@line, @exp) if @args[:audit]
+          if File.exist? @file
+            if File.readable? @file
+              value = File.read(@file).chomp
+              @res = value.to_s =~ /#{@exp}/ ? 'OK' : 'FAIL'
+            else
+              @res = 'PROTECTED'
+            end
+          else
+            @res = 'NO FOUND'
+          end
+          if @tab
+            kernel_res(@res, @tab) if @args[:audit]
+          elsif @args[:audit]
+            kernel_res(@res)
+          end
+        end
+
+        def fix
+          return unless File.exist? @file
+
+          KERNEL << "#{@line} = #{@exp}"
+        end
+
+        def repair
+          return unless @args[:fix]
+
+          Ardecy::Guard.perm
+          if @res != 'OK' && @res != 'PROTECTED'
+            if File.exist? @file
+              File.write(@file, @exp, mode: 'w', preserve: true)
+            end
+          end
+        end
+
+        def x
+          scan
+          fix
+          repair
+        end
+      end
+
+      class SysNet < SysKern
+        def fix
+          return unless File.exist? @file
+
+          NETWORK << "#{@line} = #{@exp}"
+        end
+      end
+    end
+  end
+end
+
+require_relative 'sysctl/kernel'
+require_relative 'sysctl/network'

data/lib/ardecy/harden/sysctl/kernel.rb

@@ -0,0 +1,211 @@
+# frozen_string_literal: true
+
+module Ardecy
+  module Harden
+    module Sysctl
+      module Kernel
+        class KPointer < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/kptr_restrict'
+            @exp = '2'
+            @res = 'FALSE'
+            @line = 'kernel.kptr_restrict'
+            @args = args
+          end
+        end
+
+        class Dmesg < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/dmesg_restrict'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'kernel.dmesg_restrict'
+            @args = args
+          end
+        end
+
+        class Printk < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/printk'
+            @exp = '3 3 3 3'
+            @res = 'FALSE'
+            @line = 'kernel.printk'
+            @args = args
+          end
+
+          def scan
+            kernel_show(@line, @exp) if @args[:audit]
+            value = File.read(@file).chomp
+            @res = 'OK' if value =~ /3\s+3\s+3\s+3/
+            kernel_res(@res) if @args[:audit]
+          end
+        end
+
+        class BpfDisabled < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/unprivileged_bpf_disabled'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'kernel.unprivileged_bpf_disabled'
+            @tab = 2
+            @args = args
+          end
+        end
+
+        class BpfJitHarden < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/net/core/bpf_jit_harden'
+            @exp = '2'
+            @res = 'FALSE'
+            @line = 'net.core.bpf_jit_harden'
+            @args = args
+          end
+        end
+
+        class LdiskAutoload < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/dev/tty/ldisc_autoload'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'dev.tty.ldisc_autoload'
+            @args = args
+          end
+        end
+
+        class UserFaultFd < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/vm/unprivileged_userfaultfd'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'vm.unprivileged_userfaultfd'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class KExecLoadDisabled < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/kexec_load_disabled'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'kernel.kexec_load_disabled'
+            @args = args
+          end
+        end
+
+        class SysRQ < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/sysrq'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'kernel.sysrq'
+            @args = args
+            @tab = 4
+          end
+        end
+
+        class UsernsClone < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/unprivileged_userns_clone'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'unprivileged_userns_clone'
+            @args = args
+          end
+        end
+
+        class MaxUserNameSpace < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/user/max_user_namespaces'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'user.max_user_namespaces'
+            @args = args
+          end
+        end
+
+        class PerfEventParanoid < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/perf_event_paranoid'
+            @exp = '3'
+            @res = 'FALSE'
+            @line = 'kernel.perf_event_paranoid'
+            @args = args
+          end
+        end
+
+        class YamaPtrace < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/kernel/yama/ptrace_scope'
+            @exp = '2'
+            @res = 'FALSE'
+            @line = 'kernel.yama.ptrace_scope'
+            @args = args
+          end
+        end
+
+        class VmMmapRndBits < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/vm/mmap_rnd_bits'
+            @exp = '32'
+            @res = 'FALSE'
+            @line = 'vm.mmap_rnd_bits'
+            @args = args
+            @tab = 4
+          end
+        end
+
+        class VmMmapRndCompatBits < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/vm/mmap_rnd_compat_bits'
+            @exp = '16'
+            @res = 'FALSE'
+            @line = 'vm.mmap_rnd_compat_bits'
+            @args = args
+          end
+        end
+
+        class FsProtectedSymlinks < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/fs/protected_symlinks'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'fs.protected_symlinks'
+            @args = args
+          end
+        end
+
+        class FsProtectedHardlinks < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/fs/protected_hardlinks'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'fs.protected_hardlinks'
+            @args = args
+          end
+        end
+
+        class FsProtectedFifos < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/fs/protected_fifos'
+            @exp = '2'
+            @res = 'FALSE'
+            @line = 'fs.protected_fifos'
+            @args = args
+            @tab = 4
+          end
+        end
+
+        class FsProtectedRegular < Sysctl::SysKern
+          def initialize(args)
+            @file = '/proc/sys/fs/protected_regular'
+            @exp = '2'
+            @res = 'FALSE'
+            @line = 'fs.protected_regular'
+            @args = args
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ardecy/harden/sysctl/network.rb

@@ -0,0 +1,249 @@
+# frozen_string_literal: true
+
+module Ardecy
+  module Harden
+    module Sysctl
+      module Network
+        class TcpSynCookie < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/tcp_syncookies'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'net.ipv4.tcp_syncookies'
+            @args = args
+          end
+        end
+
+        class RFC1337 < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/tcp_rfc1337'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'net.ipv4.tcp_rfc1337'
+            @args = args
+          end
+        end
+
+        class AllRpFilter < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/all/rp_filter'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.all.rp_filter'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class DefaultRpFilter < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/default/rp_filter'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.default.rp_filter'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class AllAcceptRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/all/accept_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.all.accept_redirects'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class DefaultAcceptRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/default/accept_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.default.accept_redirects'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class AllSecureRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/all/secure_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.all.secure_redirects'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class DefaultSecureRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/default/secure_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.default.secure_redirects'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class Ipv6AllAcceptRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/all/accept_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.all.accept_redirects'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class Ipv6DefaultAcceptRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/default/accept_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.default.accept_redirects'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class AllSendRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/all/send_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.all.send_redirects'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class DefaultSendRedirects < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/default/send_redirects'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.default.send_redirects'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class IcmpEchoIgnoreAll < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/icmp_echo_ignore_all'
+            @exp = '1'
+            @res = 'FALSE'
+            @line = 'net.ipv4.icmp_echo_ignore_all'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class AllAcceptSourceRoute < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/all/accept_source_route'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.all.accept_source_route'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class DefaultAcceptSourceRoute < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/conf/default/accept_source_route'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.conf.default.accept_source_route'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class Ipv6AllAcceptSourceRoute < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/all/accept_source_route'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.all.accept_source_route'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class Ipv6DefaultAcceptSourceRoute < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/default/accept_source_route'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.default.accept_source_route'
+            @args = args
+            @tab = 1
+          end
+        end
+
+        class Ipv6ConfAllAcceptRa < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/all/accept_ra'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.all.accept_ra'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class Ipv6ConfDefaultAcceptRa < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv6/conf/default/accept_ra'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv6.conf.default.accept_ra'
+            @args = args
+            @tab = 2
+          end
+        end
+
+        class TcpSack < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/tcp_sack'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.tcp_sack'
+            @args = args
+            @tab = 4
+          end
+        end
+
+        class TcpDSack < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/tcp_dsack'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.tcp_dsack'
+            @args = args
+            @tab = 4
+          end
+        end
+
+        class TcpFack < Sysctl::SysNet
+          def initialize(args)
+            @file = '/proc/sys/net/ipv4/tcp_fack'
+            @exp = '0'
+            @res = 'FALSE'
+            @line = 'net.ipv4.tcp_fack'
+            @args = args
+            @tab = 4
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ardecy/options.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'optparse'
+
+module Ardecy
+  class Options
+    attr_reader :options
+
+    def initialize(args)
+      @options = {}
+      parse(args)
+    end
+
+    def parse(args)
+      OptionParser.new do |opts|
+        opts.on('--audit', 'Perform local security scan.') do
+          @options[:audit] = true
+        end
+
+        opts.on('--fix', 'Fix problems.') do
+          @options[:fix] = true
+        end
+
+        opts.on('-h', '--help', 'Show this message.') do
+          puts opts
+          exit
+        end
+
+        begin
+          args.push('-h') if args.empty?
+          opts.parse!(args)
+        rescue OptionParser::ParseError => e
+          warn e.message, "\n", opts
+          exit 1
+        end
+      end
+    end
+  end
+end

data/lib/ardecy/privacy.rb

@@ -0,0 +1,4 @@
+module Ardecy
+  module Privacy
+  end
+end

data/lib/ardecy/version.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 module Ardecy
-  VERSION = '0.0.1'.freeze
+  VERSION = '0.0.2'.freeze
 end
 

data/lib/display.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Display
+  def title(name)
+    l = name.length
+    puts " [+] #{name} "
+    puts '-' * l * 2.9
+    puts
+  end
+
+  def kernel_show(line, exp)
+    print "  - #{line} (exp: #{exp})"
+  end
+
+  def kernel_res(res, ntab = 3)
+    puts "\t" * ntab + "[ #{res} ]"
+  end
+
+  def kernel_correct_show(list)
+    list.each { |l| puts "  - #{l}" }
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ardecy
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - szorfein
@@ -35,9 +35,10 @@ cert_chain:
   F9Dl4EPzjBJOgQWf+NxzxNuNKI46Lp5Q8AI+xtDUHAPbSswHa40BA6ChFehP+j0L
   fg==
   -----END CERTIFICATE-----
-date: 2021-07-04 00:00:00.000000000 Z
+date: 2021-07-06 00:00:00.000000000 Z
 dependencies: []
-description: "    ardecy is just an awesome gem !\n"
+description: "    Ardecy is a security, privacy auditing, fixing and hardening tool
+  for GNU/Linux.\n"
 email: szorfein@protonmail.com
 executables:
 - ardecy
@@ -48,7 +49,15 @@ files:
 - README.md
 - bin/ardecy
 - lib/ardecy.rb
+- lib/ardecy/guard.rb
+- lib/ardecy/harden.rb
+- lib/ardecy/harden/sysctl.rb
+- lib/ardecy/harden/sysctl/kernel.rb
+- lib/ardecy/harden/sysctl/network.rb
+- lib/ardecy/options.rb
+- lib/ardecy/privacy.rb
 - lib/ardecy/version.rb
+- lib/display.rb
 homepage: https://github.com/szorfein/ardecy
 licenses:
 - MIT
@@ -72,11 +81,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-requirements:
-- 'TODO change: libmagick, v6.0'
-- 'TODO change: A good graphics card'
+requirements: []
 rubygems_version: 3.0.9
 signing_key:
 specification_version: 4
-summary: Awesome Ruby Project !
+summary: Ardecy is a security | privacy auditing tools.
 test_files: []