Modify : variable structure, add file custom

2025-04-24 18:46:57 +02:00 · 2025-04-24 18:46:57 +02:00 · 8b8626d035
commit 8b8626d035
parent 9db64d936e
9 changed files with 37 additions and 24 deletions
--- a/test/common.sh
+++ b/test/common.sh
@ -160,4 +160,6 @@ is_package_installed() {
 # Function to check if a service is running
 service() {
  systemctl $1 $2
+
+  log_message "SUCCESS" "Action : $1 for service : $2 successfully"
 }
--- a/test/custom/custom_dns
+++ b/test/custom/custom_dns
@ -0,0 +1 @@
+#
--- a/test/custom/custom_glpi
+++ b/test/custom/custom_glpi
@ -0,0 +1 @@
+#
--- a/test/custom/custom_key
+++ b/test/custom/custom_key
--- a/test/custom/custom_monitoring
+++ b/test/custom/custom_monitoring
@ -0,0 +1 @@
+#
--- a/test/custom/custom_wazuh
+++ b/test/custom/custom_wazuh
@ -0,0 +1 @@
+#
--- a/test/modules/additional_hardening.sh
+++ b/test/modules/additional_hardening.sh
@ -17,11 +17,11 @@ harden_system_settings() {
  backup_file "/etc/sysctl.conf"
  
  # Create custom sysctl security settings
-  local sysctl_security="/etc/sysctl.d/10-security-hardening.conf"
+  local SYSCTL_SECURITY="/etc/sysctl.d/10-security-hardening.conf"
  
  log_message "INFO" "Creating security sysctl configuration"
  
-  cat > "$sysctl_security" << EOF
+  cat > "$SYSCTL_SECURITY" << EOF
 # Security hardening sysctl settings
 # Generated by security hardening script

@ -97,11 +97,11 @@ kernel.core_pattern = |/bin/false
 # net.ipv6.conf.lo.disable_ipv6 = 1
 EOF

-  log_message "SUCCESS" "Security sysctl configuration created at $sysctl_security"
+  log_message "SUCCESS" "Security sysctl configuration created at $SYSCTL_SECURITY"
  
  # Apply sysctl settings
  log_message "INFO" "Applying sysctl settings"
-  sysctl -p "$sysctl_security"
+  sysctl -p "$SYSCTL_SECURITY"
  
  # Harden PAM configuration
  log_message "INFO" "Hardening PAM configuration"
--- a/test/modules/firewall.sh
+++ b/test/modules/firewall.sh
@ -63,7 +63,7 @@ configure_ufw() {

  # Enable UFW
  log_message "INFO" "Enabling UFW"
-  echo "y" | ufw -force enable
+  echo "y" | ufw enable

  if [ $? -eq 0 ]; then
    log_message "SUCCESS" "UFW enabled successfully"
--- a/test/modules/ssh_hardening.sh
+++ b/test/modules/ssh_hardening.sh
@ -11,31 +11,37 @@ source "./common.sh"

 # Function to create SSH keys for root user
 create_root_ssh_keys() {
-  local ssh_dir="/root/.ssh"
-  local authorized_keys="$ssh_dir/authorized_keys"
-  local ssh_key_doc="/root/root-ssh-keys-documentation.txt"
+  local SSH_DIR="/root/.ssh"
+  local SYMBOLIQUE_DIR="/etc/ssh/authorized_keys/"
+  local FILE_AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"
+  local SSH_KEY_DOC="/root/root-ssh-keys-documentation.txt"

  # Create .ssh directory if it doesn't exist
-  mkdir -p "$ssh_dir"
-  chmod 700 "$ssh_dir"
+  mkdir -p "$SSH_DIR"
+  chmod 700 "$SSH_DIR"

  # Create or backup authorized_keys file
-  if [ -f "$authorized_keys" ]; then
-    backup_file "$authorized_keys"
+  if [ -f "$FILE_AUTHORIZED_KEYS" ]; then
+    backup_file "$FILE_AUTHORIZED_KEYS"
  else
-    touch "$authorized_keys"
+    touch "$FILE_AUTHORIZED_KEYS"
  fi

-  chmod 600 "$authorized_keys"
+  chmod 600 "$FILE_AUTHORIZED_KEYS"
+
+  # 
+  mkdir -p "$SYMBOLIQUE_DIR"
+  cd "$SYMBOLIQUE_DIR"
+  ln -s "$FILE_AUTHORIZED_KEYS" root

  # Create documentation
  log_message "INFO" "Creating SSH key documentation for root user"

-  cat > "$ssh_key_doc" << EOF
+  cat > "$SSH_KEY_DOC" << EOF
 # Root SSH Keys Documentation
 # 
 # To add SSH public keys for root user, add them to the authorized_keys file:
-# $authorized_keys
+# $FILE_AUTHORIZED_KEYS
 #
 # Format:
 # ssh-rsa AAAAB3NzaC1yc2EA... comment
@ -47,16 +53,16 @@ create_root_ssh_keys() {
 # - Remove keys that are no longer needed
 #
 # Remember to maintain proper permissions:
-# chmod 700 $ssh_dir
-# chmod 600 $authorized_keys
+# chmod 700 $SSH_DIR
+# chmod 600 $FILE_AUTHORIZED_KEYS
 EOF

-  log_message "SUCCESS" "SSH key documentation for root user created at $ssh_key_doc"
+  log_message "SUCCESS" "SSH key documentation for root user created at $SSH_KEY_DOC"
 }

 # Function to create SSH keys for non-root users
 create_non_root_ssh_keys() {
-  local ssh_key_doc="/etc/skel/.ssh-documentation.txt"
+  local SSH_KEY_DOC="/etc/skel/.ssh-documentation.txt"

  # Create /etc/skel/.ssh directory
  mkdir -p "/etc/skel/.ssh"
@ -67,7 +73,7 @@ create_non_root_ssh_keys() {
  # Create documentation
  log_message "INFO" "Creating SSH key documentation for non-root users"

-  cat > "$ssh_key_doc" << EOF
+  cat > "$SSH_KEY_DOC" << EOF
 # User SSH Keys Documentation
 #
 # To add SSH public keys for this user, add them to the authorized_keys file:
@ -87,7 +93,7 @@ create_non_root_ssh_keys() {
 # chmod 600 ~/.ssh/authorized_keys
 EOF

-  log_message "SUCCESS" "SSH key documentation for non-root users created at $ssh_key_doc"
+  log_message "SUCCESS" "SSH key documentation for non-root users created at $SSH_KEY_DOC"
 }

 # Function to harden SSH configuration
@ -151,7 +157,7 @@ EOF

  # Restart SSH service to apply changes
  log_message "INFO" "Restarting SSH service"
-  systemctl restart sshd
+  service restart sshd

  if [ $? -eq 0 ]; then
    log_message "SUCCESS" "SSH service restarted successfully"
@ -159,7 +165,8 @@ EOF
    log_message "ERROR" "Failed to restart SSH service"
    # Revert to backup
    cp "$ssh_config_backup" "$ssh_config"
-    systemctl restart sshd
+    service restart sshd
+    
    log_message "WARNING" "Reverted to original SSH configuration"
  fi
 }