ardecy 0.0.2 → 0.0.3

data/lib/ardecy/harden/sysctl/network.rb

@@ -4,243 +4,229 @@ module Ardecy
   module Harden
     module Sysctl
       module Network
+        def self.exec(args)
+          Network::TcpSynCookie.new(args).x
+          Network::RFC1337.new(args).x
+          Network::AllRpFilter.new(args).x
+          Network::DefaultRpFilter.new(args).x
+          Network::AllAcceptRedirects.new(args).x
+          Network::DefaultAcceptRedirects.new(args).x
+          Network::AllSecureRedirects.new(args).x
+          Network::DefaultSecureRedirects.new(args).x
+          Network::Ipv6AllAcceptRedirects.new(args).x
+          Network::Ipv6DefaultAcceptRedirects.new(args).x
+          Network::AllSendRedirects.new(args).x
+          Network::DefaultSendRedirects.new(args).x
+          Network::IcmpEchoIgnoreAll.new(args).x
+          Network::AllAcceptSourceRoute.new(args).x
+          Network::DefaultAcceptSourceRoute.new(args).x
+          Network::Ipv6AllAcceptSourceRoute.new(args).x
+          Network::Ipv6DefaultAcceptSourceRoute.new(args).x
+          Network::Ipv6ConfAllAcceptRa.new(args).x
+          Network::Ipv6ConfDefaultAcceptRa.new(args).x
+          Network::TcpSack.new(args).x
+          Network::TcpDSack.new(args).x
+          Network::TcpFack.new(args).x
+        end
+
         class TcpSynCookie < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/tcp_syncookies'
-            @exp = '1'
-            @res = 'FALSE'
             @line = 'net.ipv4.tcp_syncookies'
-            @args = args
+            super
+            @exp = '1'
           end
         end
 
         class RFC1337 < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/tcp_rfc1337'
-            @exp = '1'
-            @res = 'FALSE'
             @line = 'net.ipv4.tcp_rfc1337'
-            @args = args
+            super
+            @exp = '1'
           end
         end
 
         class AllRpFilter < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/all/rp_filter'
-            @exp = '1'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.all.rp_filter'
-            @args = args
             @tab = 2
+            super
+            @exp = '1'
           end
         end
 
         class DefaultRpFilter < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/default/rp_filter'
-            @exp = '1'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.default.rp_filter'
-            @args = args
             @tab = 2
+            super
+            @exp = '1'
           end
         end
 
         class AllAcceptRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/all/accept_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.all.accept_redirects'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class DefaultAcceptRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/default/accept_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.default.accept_redirects'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class AllSecureRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/all/secure_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.all.secure_redirects'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class DefaultSecureRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/default/secure_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.default.secure_redirects'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class Ipv6AllAcceptRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/all/accept_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.all.accept_redirects'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class Ipv6DefaultAcceptRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/default/accept_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.default.accept_redirects'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class AllSendRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/all/send_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.all.send_redirects'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class DefaultSendRedirects < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/default/send_redirects'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.default.send_redirects'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class IcmpEchoIgnoreAll < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/icmp_echo_ignore_all'
-            @exp = '1'
-            @res = 'FALSE'
             @line = 'net.ipv4.icmp_echo_ignore_all'
-            @args = args
             @tab = 2
+            super
+            @exp = '1'
           end
         end
 
         class AllAcceptSourceRoute < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/all/accept_source_route'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.all.accept_source_route'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class DefaultAcceptSourceRoute < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/conf/default/accept_source_route'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.conf.default.accept_source_route'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class Ipv6AllAcceptSourceRoute < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/all/accept_source_route'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.all.accept_source_route'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class Ipv6DefaultAcceptSourceRoute < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/default/accept_source_route'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.default.accept_source_route'
-            @args = args
             @tab = 1
+            super
           end
         end
 
         class Ipv6ConfAllAcceptRa < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/all/accept_ra'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.all.accept_ra'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class Ipv6ConfDefaultAcceptRa < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv6/conf/default/accept_ra'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv6.conf.default.accept_ra'
-            @args = args
             @tab = 2
+            super
           end
         end
 
         class TcpSack < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/tcp_sack'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.tcp_sack'
-            @args = args
             @tab = 4
+            super
           end
         end
 
         class TcpDSack < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/tcp_dsack'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.tcp_dsack'
-            @args = args
             @tab = 4
+            super
           end
         end
 
         class TcpFack < Sysctl::SysNet
           def initialize(args)
             @file = '/proc/sys/net/ipv4/tcp_fack'
-            @exp = '0'
-            @res = 'FALSE'
             @line = 'net.ipv4.tcp_fack'
-            @args = args
             @tab = 4
+            super
           end
         end
       end

data/lib/ardecy/options.rb

@@ -21,6 +21,18 @@ module Ardecy
           @options[:fix] = true
         end
 
+        opts.on('--path-bootctl PATH', String, 'Path for bootctl, esp should be mounted') do |f|
+          raise "No file #{f}" unless File.exists? f
+
+          @options[:bootctl] = f
+        end
+
+        opts.on('--path-syslinux PATH', String, 'Path for syslinux if not /boot/syslinux/syslinux.cfg') do |f|
+          raise "No file #{f}" unless File.exists? f
+
+          @options[:syslinux] = f
+        end
+
         opts.on('-h', '--help', 'Show this message.') do
           puts opts
           exit

data/lib/ardecy/privacy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Ardecy
   module Privacy
   end

data/lib/ardecy/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module Ardecy
-  VERSION = '0.0.2'.freeze
+  VERSION = '0.0.3'.freeze
 end
 

data/lib/display.rb

@@ -12,11 +12,21 @@ module Display
     print "  - #{line} (exp: #{exp})"
   end
 
-  def kernel_res(res, ntab = 3)
+  def perm_show(line, exp)
+    print "  - #{line} (exp: < "
+    printf "%04o", exp
+    print ")"
+  end
+
+  def result(res, ntab = 3)
     puts "\t" * ntab + "[ #{res} ]"
   end
 
-  def kernel_correct_show(list)
-    list.each { |l| puts "  - #{l}" }
+  def display_fix_list(list)
+    list.each { |l| puts "  - #{l}" } if list.length >= 2
+  end
+
+  def show_bad_mod(name)
+    print "  - Checking if #{name} is not available"
   end
 end

data/lib/nito.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'tempfile'
+require 'fileutils'
+
+# Nito for Nix Tools
+module NiTo
+
+  # sed
+  # Like sed from Unix
+  # e.g > sed(/^GRUB_CMDLINE/, '', '/etc/default/grub)
+  def sed(regex, replacement, file)
+    tmp = Tempfile.new('tmp_sed')
+    File.open(file).each do |l|
+      if l.match regex
+        File.write(tmp, "#{replacement}\n", mode: 'a')
+      else
+        File.write(tmp, l, mode: 'a')
+      end
+    end
+    mv tmp, file
+  end
+
+  # mv (move file || directory)
+  # e.g > mv /home/user/lab, /tmp/lab, 0750
+  def mv(src, dest, perm = 0644)
+    FileUtils.mv src, dest
+    File.chmod perm, dest
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ardecy
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - szorfein
@@ -35,7 +35,7 @@ cert_chain:
   F9Dl4EPzjBJOgQWf+NxzxNuNKI46Lp5Q8AI+xtDUHAPbSswHa40BA6ChFehP+j0L
   fg==
   -----END CERTIFICATE-----
-date: 2021-07-06 00:00:00.000000000 Z
+date: 2021-07-10 00:00:00.000000000 Z
 dependencies: []
 description: "    Ardecy is a security, privacy auditing, fixing and hardening tool
   for GNU/Linux.\n"
@@ -51,6 +51,10 @@ files:
 - lib/ardecy.rb
 - lib/ardecy/guard.rb
 - lib/ardecy/harden.rb
+- lib/ardecy/harden/cmdline.rb
+- lib/ardecy/harden/modules.rb
+- lib/ardecy/harden/mountpoint.rb
+- lib/ardecy/harden/perms.rb
 - lib/ardecy/harden/sysctl.rb
 - lib/ardecy/harden/sysctl/kernel.rb
 - lib/ardecy/harden/sysctl/network.rb
@@ -58,6 +62,7 @@ files:
 - lib/ardecy/privacy.rb
 - lib/ardecy/version.rb
 - lib/display.rb
+- lib/nito.rb
 homepage: https://github.com/szorfein/ardecy
 licenses:
 - MIT