Class: Ardecy::Harden::Sysctl::SysKern
- Inherits:
-
Object
- Object
- Ardecy::Harden::Sysctl::SysKern
show all
- Includes:
- Display
- Defined in:
- lib/ardecy/harden/sysctl.rb
Direct Known Subclasses
Kernel::BpfDisabled, Kernel::BpfJitHarden, Kernel::Dmesg, Kernel::FsProtectedFifos, Kernel::FsProtectedHardlinks, Kernel::FsProtectedRegular, Kernel::FsProtectedSymlinks, Kernel::FsSuidDumpable, Kernel::KExecLoadDisabled, Kernel::KPointer, Kernel::LdiskAutoload, Kernel::MaxUserNameSpace, Kernel::PerfEventParanoid, Kernel::Printk, Kernel::SysRQ, Kernel::UserFaultFd, Kernel::UsernsClone, Kernel::VmMmapRndBits, Kernel::VmMmapRndCompatBits, Kernel::YamaPtrace, SysNet
Instance Method Summary
collapse
Methods included from Display
#display_fix_list, #kernel_show, #perm_show, #result, #show_bad_mod, #title
Constructor Details
#initialize(args) ⇒ SysKern
Returns a new instance of SysKern.
14
15
16
17
18
|
# File 'lib/ardecy/harden/sysctl.rb', line 14
def initialize(args)
@res = 'FALSE'
@args = args
@exp = '0'
end
|
Instance Method Details
#fix ⇒ Object
35
36
37
38
39
|
# File 'lib/ardecy/harden/sysctl.rb', line 35
def fix
return unless File.exist? @file
KERNEL << "#{@line} = #{@exp}"
end
|
#repair ⇒ Object
41
42
43
44
45
46
47
48
49
50
|
# File 'lib/ardecy/harden/sysctl.rb', line 41
def repair
return unless @args[:fix]
Ardecy::Guard.perm
if @res != 'OK' && @res != 'PROTECTED'
if File.exist? @file
File.write(@file, @exp, mode: 'w', preserve: true)
end
end
end
|
#scan ⇒ Object
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# File 'lib/ardecy/harden/sysctl.rb', line 20
def scan
kernel_show(@line, @exp) if @args[:audit]
if File.exist? @file
if File.readable? @file
value = File.read(@file).chomp
@res = value.to_s =~ /#{@exp}/ ? 'OK' : 'FAIL'
else
@res = 'PROTECTED'
end
else
@res = 'NO FOUND'
end
@tab ? result(@res, @tab) : result(@res) if @args[:audit]
end
|
#x ⇒ Object
52
53
54
55
56
|
# File 'lib/ardecy/harden/sysctl.rb', line 52
def x
scan
fix
repair
end
|