From 8b8626d0356c2d36f61edece432ab359bc80441e Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Thu, 24 Apr 2025 18:46:57 +0200
Subject: [PATCH] Modify : variable structure, add file custom

---
 test/common.sh                       |  2 ++
 test/custom/custom_dns               |  1 +
 test/custom/custom_glpi              |  1 +
 test/custom/custom_key               |  0
 test/custom/custom_monitoring        |  1 +
 test/custom/custom_wazuh             |  1 +
 test/modules/additional_hardening.sh |  8 ++---
 test/modules/firewall.sh             |  2 +-
 test/modules/ssh_hardening.sh        | 45 ++++++++++++++++------------
 9 files changed, 37 insertions(+), 24 deletions(-)
 create mode 100644 test/custom/custom_dns
 create mode 100644 test/custom/custom_glpi
 create mode 100644 test/custom/custom_key
 create mode 100644 test/custom/custom_monitoring
 create mode 100644 test/custom/custom_wazuh

diff --git a/test/common.sh b/test/common.sh
index cb2ca08..dae174d 100644
--- a/test/common.sh
+++ b/test/common.sh
@@ -160,4 +160,6 @@ is_package_installed() {
 # Function to check if a service is running
 service() {
   systemctl $1 $2
+
+  log_message "SUCCESS" "Action : $1 for service : $2 successfully"
 }
\ No newline at end of file
diff --git a/test/custom/custom_dns b/test/custom/custom_dns
new file mode 100644
index 0000000..4287ca8
--- /dev/null
+++ b/test/custom/custom_dns
@@ -0,0 +1 @@
+#
\ No newline at end of file
diff --git a/test/custom/custom_glpi b/test/custom/custom_glpi
new file mode 100644
index 0000000..4287ca8
--- /dev/null
+++ b/test/custom/custom_glpi
@@ -0,0 +1 @@
+#
\ No newline at end of file
diff --git a/test/custom/custom_key b/test/custom/custom_key
new file mode 100644
index 0000000..e69de29
diff --git a/test/custom/custom_monitoring b/test/custom/custom_monitoring
new file mode 100644
index 0000000..4287ca8
--- /dev/null
+++ b/test/custom/custom_monitoring
@@ -0,0 +1 @@
+#
\ No newline at end of file
diff --git a/test/custom/custom_wazuh b/test/custom/custom_wazuh
new file mode 100644
index 0000000..4287ca8
--- /dev/null
+++ b/test/custom/custom_wazuh
@@ -0,0 +1 @@
+#
\ No newline at end of file
diff --git a/test/modules/additional_hardening.sh b/test/modules/additional_hardening.sh
index b277207..98ccbea 100644
--- a/test/modules/additional_hardening.sh
+++ b/test/modules/additional_hardening.sh
@@ -17,11 +17,11 @@ harden_system_settings() {
   backup_file "/etc/sysctl.conf"
   
   # Create custom sysctl security settings
-  local sysctl_security="/etc/sysctl.d/10-security-hardening.conf"
+  local SYSCTL_SECURITY="/etc/sysctl.d/10-security-hardening.conf"
   
   log_message "INFO" "Creating security sysctl configuration"
   
-  cat > "$sysctl_security" << EOF
+  cat > "$SYSCTL_SECURITY" << EOF
 # Security hardening sysctl settings
 # Generated by security hardening script
 
@@ -97,11 +97,11 @@ kernel.core_pattern = |/bin/false
 # net.ipv6.conf.lo.disable_ipv6 = 1
 EOF
 
-  log_message "SUCCESS" "Security sysctl configuration created at $sysctl_security"
+  log_message "SUCCESS" "Security sysctl configuration created at $SYSCTL_SECURITY"
   
   # Apply sysctl settings
   log_message "INFO" "Applying sysctl settings"
-  sysctl -p "$sysctl_security"
+  sysctl -p "$SYSCTL_SECURITY"
   
   # Harden PAM configuration
   log_message "INFO" "Hardening PAM configuration"
diff --git a/test/modules/firewall.sh b/test/modules/firewall.sh
index e1fc163..25bba07 100644
--- a/test/modules/firewall.sh
+++ b/test/modules/firewall.sh
@@ -63,7 +63,7 @@ configure_ufw() {
 
   # Enable UFW
   log_message "INFO" "Enabling UFW"
-  echo "y" | ufw -force enable
+  echo "y" | ufw enable
 
   if [ $? -eq 0 ]; then
     log_message "SUCCESS" "UFW enabled successfully"
diff --git a/test/modules/ssh_hardening.sh b/test/modules/ssh_hardening.sh
index 51e343f..adf8fd7 100644
--- a/test/modules/ssh_hardening.sh
+++ b/test/modules/ssh_hardening.sh
@@ -11,31 +11,37 @@ source "./common.sh"
 
 # Function to create SSH keys for root user
 create_root_ssh_keys() {
-  local ssh_dir="/root/.ssh"
-  local authorized_keys="$ssh_dir/authorized_keys"
-  local ssh_key_doc="/root/root-ssh-keys-documentation.txt"
+  local SSH_DIR="/root/.ssh"
+  local SYMBOLIQUE_DIR="/etc/ssh/authorized_keys/"
+  local FILE_AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"
+  local SSH_KEY_DOC="/root/root-ssh-keys-documentation.txt"
 
   # Create .ssh directory if it doesn't exist
-  mkdir -p "$ssh_dir"
-  chmod 700 "$ssh_dir"
+  mkdir -p "$SSH_DIR"
+  chmod 700 "$SSH_DIR"
 
   # Create or backup authorized_keys file
-  if [ -f "$authorized_keys" ]; then
-    backup_file "$authorized_keys"
+  if [ -f "$FILE_AUTHORIZED_KEYS" ]; then
+    backup_file "$FILE_AUTHORIZED_KEYS"
   else
-    touch "$authorized_keys"
+    touch "$FILE_AUTHORIZED_KEYS"
   fi
 
-  chmod 600 "$authorized_keys"
+  chmod 600 "$FILE_AUTHORIZED_KEYS"
+
+  # 
+  mkdir -p "$SYMBOLIQUE_DIR"
+  cd "$SYMBOLIQUE_DIR"
+  ln -s "$FILE_AUTHORIZED_KEYS" root
 
   # Create documentation
   log_message "INFO" "Creating SSH key documentation for root user"
 
-  cat > "$ssh_key_doc" << EOF
+  cat > "$SSH_KEY_DOC" << EOF
 # Root SSH Keys Documentation
 # 
 # To add SSH public keys for root user, add them to the authorized_keys file:
-# $authorized_keys
+# $FILE_AUTHORIZED_KEYS
 #
 # Format:
 # ssh-rsa AAAAB3NzaC1yc2EA... comment
@@ -47,16 +53,16 @@ create_root_ssh_keys() {
 # - Remove keys that are no longer needed
 #
 # Remember to maintain proper permissions:
-# chmod 700 $ssh_dir
-# chmod 600 $authorized_keys
+# chmod 700 $SSH_DIR
+# chmod 600 $FILE_AUTHORIZED_KEYS
 EOF
 
-  log_message "SUCCESS" "SSH key documentation for root user created at $ssh_key_doc"
+  log_message "SUCCESS" "SSH key documentation for root user created at $SSH_KEY_DOC"
 }
 
 # Function to create SSH keys for non-root users
 create_non_root_ssh_keys() {
-  local ssh_key_doc="/etc/skel/.ssh-documentation.txt"
+  local SSH_KEY_DOC="/etc/skel/.ssh-documentation.txt"
 
   # Create /etc/skel/.ssh directory
   mkdir -p "/etc/skel/.ssh"
@@ -67,7 +73,7 @@ create_non_root_ssh_keys() {
   # Create documentation
   log_message "INFO" "Creating SSH key documentation for non-root users"
 
-  cat > "$ssh_key_doc" << EOF
+  cat > "$SSH_KEY_DOC" << EOF
 # User SSH Keys Documentation
 #
 # To add SSH public keys for this user, add them to the authorized_keys file:
@@ -87,7 +93,7 @@ create_non_root_ssh_keys() {
 # chmod 600 ~/.ssh/authorized_keys
 EOF
 
-  log_message "SUCCESS" "SSH key documentation for non-root users created at $ssh_key_doc"
+  log_message "SUCCESS" "SSH key documentation for non-root users created at $SSH_KEY_DOC"
 }
 
 # Function to harden SSH configuration
@@ -151,7 +157,7 @@ EOF
 
   # Restart SSH service to apply changes
   log_message "INFO" "Restarting SSH service"
-  systemctl restart sshd
+  service restart sshd
 
   if [ $? -eq 0 ]; then
     log_message "SUCCESS" "SSH service restarted successfully"
@@ -159,7 +165,8 @@ EOF
     log_message "ERROR" "Failed to restart SSH service"
     # Revert to backup
     cp "$ssh_config_backup" "$ssh_config"
-    systemctl restart sshd
+    service restart sshd
+    
     log_message "WARNING" "Reverted to original SSH configuration"
   fi
 }