ardecy 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,243 +4,229 @@ module Ardecy
4
4
  module Harden
5
5
  module Sysctl
6
6
  module Network
7
+ def self.exec(args)
8
+ Network::TcpSynCookie.new(args).x
9
+ Network::RFC1337.new(args).x
10
+ Network::AllRpFilter.new(args).x
11
+ Network::DefaultRpFilter.new(args).x
12
+ Network::AllAcceptRedirects.new(args).x
13
+ Network::DefaultAcceptRedirects.new(args).x
14
+ Network::AllSecureRedirects.new(args).x
15
+ Network::DefaultSecureRedirects.new(args).x
16
+ Network::Ipv6AllAcceptRedirects.new(args).x
17
+ Network::Ipv6DefaultAcceptRedirects.new(args).x
18
+ Network::AllSendRedirects.new(args).x
19
+ Network::DefaultSendRedirects.new(args).x
20
+ Network::IcmpEchoIgnoreAll.new(args).x
21
+ Network::AllAcceptSourceRoute.new(args).x
22
+ Network::DefaultAcceptSourceRoute.new(args).x
23
+ Network::Ipv6AllAcceptSourceRoute.new(args).x
24
+ Network::Ipv6DefaultAcceptSourceRoute.new(args).x
25
+ Network::Ipv6ConfAllAcceptRa.new(args).x
26
+ Network::Ipv6ConfDefaultAcceptRa.new(args).x
27
+ Network::TcpSack.new(args).x
28
+ Network::TcpDSack.new(args).x
29
+ Network::TcpFack.new(args).x
30
+ end
31
+
7
32
  class TcpSynCookie < Sysctl::SysNet
8
33
  def initialize(args)
9
34
  @file = '/proc/sys/net/ipv4/tcp_syncookies'
10
- @exp = '1'
11
- @res = 'FALSE'
12
35
  @line = 'net.ipv4.tcp_syncookies'
13
- @args = args
36
+ super
37
+ @exp = '1'
14
38
  end
15
39
  end
16
40
 
17
41
  class RFC1337 < Sysctl::SysNet
18
42
  def initialize(args)
19
43
  @file = '/proc/sys/net/ipv4/tcp_rfc1337'
20
- @exp = '1'
21
- @res = 'FALSE'
22
44
  @line = 'net.ipv4.tcp_rfc1337'
23
- @args = args
45
+ super
46
+ @exp = '1'
24
47
  end
25
48
  end
26
49
 
27
50
  class AllRpFilter < Sysctl::SysNet
28
51
  def initialize(args)
29
52
  @file = '/proc/sys/net/ipv4/conf/all/rp_filter'
30
- @exp = '1'
31
- @res = 'FALSE'
32
53
  @line = 'net.ipv4.conf.all.rp_filter'
33
- @args = args
34
54
  @tab = 2
55
+ super
56
+ @exp = '1'
35
57
  end
36
58
  end
37
59
 
38
60
  class DefaultRpFilter < Sysctl::SysNet
39
61
  def initialize(args)
40
62
  @file = '/proc/sys/net/ipv4/conf/default/rp_filter'
41
- @exp = '1'
42
- @res = 'FALSE'
43
63
  @line = 'net.ipv4.conf.default.rp_filter'
44
- @args = args
45
64
  @tab = 2
65
+ super
66
+ @exp = '1'
46
67
  end
47
68
  end
48
69
 
49
70
  class AllAcceptRedirects < Sysctl::SysNet
50
71
  def initialize(args)
51
72
  @file = '/proc/sys/net/ipv4/conf/all/accept_redirects'
52
- @exp = '0'
53
- @res = 'FALSE'
54
73
  @line = 'net.ipv4.conf.all.accept_redirects'
55
- @args = args
56
74
  @tab = 2
75
+ super
57
76
  end
58
77
  end
59
78
 
60
79
  class DefaultAcceptRedirects < Sysctl::SysNet
61
80
  def initialize(args)
62
81
  @file = '/proc/sys/net/ipv4/conf/default/accept_redirects'
63
- @exp = '0'
64
- @res = 'FALSE'
65
82
  @line = 'net.ipv4.conf.default.accept_redirects'
66
- @args = args
67
83
  @tab = 1
84
+ super
68
85
  end
69
86
  end
70
87
 
71
88
  class AllSecureRedirects < Sysctl::SysNet
72
89
  def initialize(args)
73
90
  @file = '/proc/sys/net/ipv4/conf/all/secure_redirects'
74
- @exp = '0'
75
- @res = 'FALSE'
76
91
  @line = 'net.ipv4.conf.all.secure_redirects'
77
- @args = args
78
92
  @tab = 2
93
+ super
79
94
  end
80
95
  end
81
96
 
82
97
  class DefaultSecureRedirects < Sysctl::SysNet
83
98
  def initialize(args)
84
99
  @file = '/proc/sys/net/ipv4/conf/default/secure_redirects'
85
- @exp = '0'
86
- @res = 'FALSE'
87
100
  @line = 'net.ipv4.conf.default.secure_redirects'
88
- @args = args
89
101
  @tab = 1
102
+ super
90
103
  end
91
104
  end
92
105
 
93
106
  class Ipv6AllAcceptRedirects < Sysctl::SysNet
94
107
  def initialize(args)
95
108
  @file = '/proc/sys/net/ipv6/conf/all/accept_redirects'
96
- @exp = '0'
97
- @res = 'FALSE'
98
109
  @line = 'net.ipv6.conf.all.accept_redirects'
99
- @args = args
100
110
  @tab = 2
111
+ super
101
112
  end
102
113
  end
103
114
 
104
115
  class Ipv6DefaultAcceptRedirects < Sysctl::SysNet
105
116
  def initialize(args)
106
117
  @file = '/proc/sys/net/ipv6/conf/default/accept_redirects'
107
- @exp = '0'
108
- @res = 'FALSE'
109
118
  @line = 'net.ipv6.conf.default.accept_redirects'
110
- @args = args
111
119
  @tab = 1
120
+ super
112
121
  end
113
122
  end
114
123
 
115
124
  class AllSendRedirects < Sysctl::SysNet
116
125
  def initialize(args)
117
126
  @file = '/proc/sys/net/ipv4/conf/all/send_redirects'
118
- @exp = '0'
119
- @res = 'FALSE'
120
127
  @line = 'net.ipv4.conf.all.send_redirects'
121
- @args = args
122
128
  @tab = 2
129
+ super
123
130
  end
124
131
  end
125
132
 
126
133
  class DefaultSendRedirects < Sysctl::SysNet
127
134
  def initialize(args)
128
135
  @file = '/proc/sys/net/ipv4/conf/default/send_redirects'
129
- @exp = '0'
130
- @res = 'FALSE'
131
136
  @line = 'net.ipv4.conf.default.send_redirects'
132
- @args = args
133
137
  @tab = 1
138
+ super
134
139
  end
135
140
  end
136
141
 
137
142
  class IcmpEchoIgnoreAll < Sysctl::SysNet
138
143
  def initialize(args)
139
144
  @file = '/proc/sys/net/ipv4/icmp_echo_ignore_all'
140
- @exp = '1'
141
- @res = 'FALSE'
142
145
  @line = 'net.ipv4.icmp_echo_ignore_all'
143
- @args = args
144
146
  @tab = 2
147
+ super
148
+ @exp = '1'
145
149
  end
146
150
  end
147
151
 
148
152
  class AllAcceptSourceRoute < Sysctl::SysNet
149
153
  def initialize(args)
150
154
  @file = '/proc/sys/net/ipv4/conf/all/accept_source_route'
151
- @exp = '0'
152
- @res = 'FALSE'
153
155
  @line = 'net.ipv4.conf.all.accept_source_route'
154
- @args = args
155
156
  @tab = 1
157
+ super
156
158
  end
157
159
  end
158
160
 
159
161
  class DefaultAcceptSourceRoute < Sysctl::SysNet
160
162
  def initialize(args)
161
163
  @file = '/proc/sys/net/ipv4/conf/default/accept_source_route'
162
- @exp = '0'
163
- @res = 'FALSE'
164
164
  @line = 'net.ipv4.conf.default.accept_source_route'
165
- @args = args
166
165
  @tab = 1
166
+ super
167
167
  end
168
168
  end
169
169
 
170
170
  class Ipv6AllAcceptSourceRoute < Sysctl::SysNet
171
171
  def initialize(args)
172
172
  @file = '/proc/sys/net/ipv6/conf/all/accept_source_route'
173
- @exp = '0'
174
- @res = 'FALSE'
175
173
  @line = 'net.ipv6.conf.all.accept_source_route'
176
- @args = args
177
174
  @tab = 1
175
+ super
178
176
  end
179
177
  end
180
178
 
181
179
  class Ipv6DefaultAcceptSourceRoute < Sysctl::SysNet
182
180
  def initialize(args)
183
181
  @file = '/proc/sys/net/ipv6/conf/default/accept_source_route'
184
- @exp = '0'
185
- @res = 'FALSE'
186
182
  @line = 'net.ipv6.conf.default.accept_source_route'
187
- @args = args
188
183
  @tab = 1
184
+ super
189
185
  end
190
186
  end
191
187
 
192
188
  class Ipv6ConfAllAcceptRa < Sysctl::SysNet
193
189
  def initialize(args)
194
190
  @file = '/proc/sys/net/ipv6/conf/all/accept_ra'
195
- @exp = '0'
196
- @res = 'FALSE'
197
191
  @line = 'net.ipv6.conf.all.accept_ra'
198
- @args = args
199
192
  @tab = 2
193
+ super
200
194
  end
201
195
  end
202
196
 
203
197
  class Ipv6ConfDefaultAcceptRa < Sysctl::SysNet
204
198
  def initialize(args)
205
199
  @file = '/proc/sys/net/ipv6/conf/default/accept_ra'
206
- @exp = '0'
207
- @res = 'FALSE'
208
200
  @line = 'net.ipv6.conf.default.accept_ra'
209
- @args = args
210
201
  @tab = 2
202
+ super
211
203
  end
212
204
  end
213
205
 
214
206
  class TcpSack < Sysctl::SysNet
215
207
  def initialize(args)
216
208
  @file = '/proc/sys/net/ipv4/tcp_sack'
217
- @exp = '0'
218
- @res = 'FALSE'
219
209
  @line = 'net.ipv4.tcp_sack'
220
- @args = args
221
210
  @tab = 4
211
+ super
222
212
  end
223
213
  end
224
214
 
225
215
  class TcpDSack < Sysctl::SysNet
226
216
  def initialize(args)
227
217
  @file = '/proc/sys/net/ipv4/tcp_dsack'
228
- @exp = '0'
229
- @res = 'FALSE'
230
218
  @line = 'net.ipv4.tcp_dsack'
231
- @args = args
232
219
  @tab = 4
220
+ super
233
221
  end
234
222
  end
235
223
 
236
224
  class TcpFack < Sysctl::SysNet
237
225
  def initialize(args)
238
226
  @file = '/proc/sys/net/ipv4/tcp_fack'
239
- @exp = '0'
240
- @res = 'FALSE'
241
227
  @line = 'net.ipv4.tcp_fack'
242
- @args = args
243
228
  @tab = 4
229
+ super
244
230
  end
245
231
  end
246
232
  end
@@ -21,6 +21,18 @@ module Ardecy
21
21
  @options[:fix] = true
22
22
  end
23
23
 
24
+ opts.on('--path-bootctl PATH', String, 'Path for bootctl, esp should be mounted') do |f|
25
+ raise "No file #{f}" unless File.exists? f
26
+
27
+ @options[:bootctl] = f
28
+ end
29
+
30
+ opts.on('--path-syslinux PATH', String, 'Path for syslinux if not /boot/syslinux/syslinux.cfg') do |f|
31
+ raise "No file #{f}" unless File.exists? f
32
+
33
+ @options[:syslinux] = f
34
+ end
35
+
24
36
  opts.on('-h', '--help', 'Show this message.') do
25
37
  puts opts
26
38
  exit
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Ardecy
2
4
  module Privacy
3
5
  end
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Ardecy
4
- VERSION = '0.0.2'.freeze
4
+ VERSION = '0.0.3'.freeze
5
5
  end
6
6
 
data/lib/display.rb CHANGED
@@ -12,11 +12,21 @@ module Display
12
12
  print " - #{line} (exp: #{exp})"
13
13
  end
14
14
 
15
- def kernel_res(res, ntab = 3)
15
+ def perm_show(line, exp)
16
+ print " - #{line} (exp: < "
17
+ printf "%04o", exp
18
+ print ")"
19
+ end
20
+
21
+ def result(res, ntab = 3)
16
22
  puts "\t" * ntab + "[ #{res} ]"
17
23
  end
18
24
 
19
- def kernel_correct_show(list)
20
- list.each { |l| puts " - #{l}" }
25
+ def display_fix_list(list)
26
+ list.each { |l| puts " - #{l}" } if list.length >= 2
27
+ end
28
+
29
+ def show_bad_mod(name)
30
+ print " - Checking if #{name} is not available"
21
31
  end
22
32
  end
data/lib/nito.rb ADDED
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'tempfile'
4
+ require 'fileutils'
5
+
6
+ # Nito for Nix Tools
7
+ module NiTo
8
+
9
+ # sed
10
+ # Like sed from Unix
11
+ # e.g > sed(/^GRUB_CMDLINE/, '', '/etc/default/grub)
12
+ def sed(regex, replacement, file)
13
+ tmp = Tempfile.new('tmp_sed')
14
+ File.open(file).each do |l|
15
+ if l.match regex
16
+ File.write(tmp, "#{replacement}\n", mode: 'a')
17
+ else
18
+ File.write(tmp, l, mode: 'a')
19
+ end
20
+ end
21
+ mv tmp, file
22
+ end
23
+
24
+ # mv (move file || directory)
25
+ # e.g > mv /home/user/lab, /tmp/lab, 0750
26
+ def mv(src, dest, perm = 0644)
27
+ FileUtils.mv src, dest
28
+ File.chmod perm, dest
29
+ end
30
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ardecy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - szorfein
@@ -35,7 +35,7 @@ cert_chain:
35
35
  F9Dl4EPzjBJOgQWf+NxzxNuNKI46Lp5Q8AI+xtDUHAPbSswHa40BA6ChFehP+j0L
36
36
  fg==
37
37
  -----END CERTIFICATE-----
38
- date: 2021-07-06 00:00:00.000000000 Z
38
+ date: 2021-07-10 00:00:00.000000000 Z
39
39
  dependencies: []
40
40
  description: " Ardecy is a security, privacy auditing, fixing and hardening tool
41
41
  for GNU/Linux.\n"
@@ -51,6 +51,10 @@ files:
51
51
  - lib/ardecy.rb
52
52
  - lib/ardecy/guard.rb
53
53
  - lib/ardecy/harden.rb
54
+ - lib/ardecy/harden/cmdline.rb
55
+ - lib/ardecy/harden/modules.rb
56
+ - lib/ardecy/harden/mountpoint.rb
57
+ - lib/ardecy/harden/perms.rb
54
58
  - lib/ardecy/harden/sysctl.rb
55
59
  - lib/ardecy/harden/sysctl/kernel.rb
56
60
  - lib/ardecy/harden/sysctl/network.rb
@@ -58,6 +62,7 @@ files:
58
62
  - lib/ardecy/privacy.rb
59
63
  - lib/ardecy/version.rb
60
64
  - lib/display.rb
65
+ - lib/nito.rb
61
66
  homepage: https://github.com/szorfein/ardecy
62
67
  licenses:
63
68
  - MIT
metadata.gz.sig CHANGED
Binary file