Scripts don't execute

[shawndwells]

[root@rhel65-ga stig-fix-el6]# ./apply.sh Red Hat Enterprise 6 Linux Hardening Scripts

These scripts will harden a system to specifications that are based upon the the following standards:

 DISA RHEL 6 STIG

 NIST 800-53 SCAP (USGCB)

 NSA SNAC Guide for Red Hat Enterprise Linux

 Aqueduct Project
 https://fedorahosted.org/aqueduct

 Tresys Certifiable Linux Integration Platform (CLIP)
 http://oss.tresys.com/projects/clip

Please snapshot or backup your system before running these scripts.

Do you want to continue? [y/n]: y

Starting Configuration Back up current configuration... cp: cannot stat /etc/pam.d/gnome-screensaver': No such file or directory Done. Applying base configuration files... cp: cannot stat./config/sshd_config': No such file or directory cp: cannot stat ./config/sysctl.conf': No such file or directory net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 cp: cannot stat./config/limits.conf': No such file or directory cp: cannot stat ./config/login.defs': No such file or directory cp: cannot stat./config/auditd.conf': No such file or directory cp: cannot stat ./config/audit.rules': No such file or directory cp: cannot stat./config/iptables': No such file or directory cp: cannot stat ./config/ip6tables': No such file or directory cp: cannot stat./config/system-auth-local': No such file or directory cp: cannot stat ./config/password-auth-local': No such file or directory cp: cannot stat./config/gnome-screensaver': No such file or directory cp: cannot stat ./config/sudoers': No such file or directory cp: cannot stat./config/ntp.conf': No such file or directory Done.

Scrub not installed. Secure /tmp and /var/tmp wipe service not installed.

CAT I Security Issues

ls: cannot access cat1/*.sh: No such file or directory

CAT II Security Issues

ls: cannot access cat2/*.sh: No such file or directory

CAT III Security Issues

ls: cannot access cat3/*.sh: No such file or directory

CAT IV Security Issues

ls: cannot access cat4/*.sh: No such file or directory

Additional Hardening

ls: cannot access misc/*.sh: No such file or directory

Configuration Complete!

[shawndwells]

While the underlying scripts are there, the apply.sh keeps erroring:

[root@rhel65-ga stig-fix-el6]# ls cat{1,2,3,4}/*.sh cat1/gen000560.sh cat2/gen001240.sh cat2/gen001760.sh cat2/gen002990.sh cat2/gen003780.sh cat2/gen005395.sh cat2/gen006320.sh cat2/lnx00360.sh cat1/gen001400.sh cat2/gen001260.sh cat2/gen001800.sh cat2/gen003040.sh cat2/gen003790.sh cat2/gen005400.sh cat2/gen006330.sh cat2/lnx00400.sh cat1/gen001640.sh cat2/gen001270.sh cat2/gen001810.sh cat2/gen003050.sh cat2/gen003810.sh cat2/gen005420.sh cat2/gen006340.sh cat2/lnx00420.sh cat1/gen002040.sh cat2/gen001300.sh cat2/gen001820.sh cat2/gen003060.sh cat2/gen003815.sh cat2/gen005480.sh cat2/gen006360.sh cat2/lnx00440.sh cat1/gen002160.sh cat2/gen001310.sh cat2/gen001830.sh cat2/gen003080.sh cat2/gen003820.sh cat2/gen005501.sh cat2/gen006400.sh cat2/lnx00480.sh cat1/gen002700.sh cat2/gen001320.sh cat2/gen001860.sh cat2/gen003090.sh cat2/gen003825.sh cat2/gen005505.sh cat2/gen006420.sh cat2/lnx00500.sh cat1/gen003840.sh cat2/gen001360.sh cat2/gen001870.sh cat2/gen003100.sh cat2/gen003830.sh cat2/gen005506.sh cat2/gen006520.sh cat2/lnx00520.sh cat1/gen003850.sh cat2/gen001361.sh cat2/gen001880.sh cat2/gen003120.sh cat2/gen003850.sh cat2/gen005507.sh cat2/gen006565.sh cat2/lnx00600.sh cat1/gen004580.sh cat2/gen001362.sh cat2/gen001890.sh cat2/gen003140.sh cat2/gen003865.sh cat2/gen005510.sh cat2/gen006580.sh cat2/lnx00620.sh cat1/gen004620.sh cat2/gen001363.sh cat2/gen001940.sh cat2/gen003160.sh cat2/gen003920.sh cat2/gen005511.sh cat2/gen006600.sh cat2/lnx00640.sh cat1/gen004640.sh cat2/gen001364.sh cat2/gen001980.sh cat2/gen003180.sh cat2/gen003940.sh cat2/gen005512.sh cat2/gen006620.sh cat2/lnx00660.sh cat1/gen005000.sh cat2/gen001365.sh cat2/gen002000.sh cat2/gen003190.sh cat2/gen003950.sh cat2/gen005522.sh cat2/gen007700.sh cat3/gen001080.sh cat1/gen005080.sh cat2/gen001366.sh cat2/gen002020.sh cat2/gen003200.sh cat2/gen003960.sh cat2/gen005523.sh cat2/gen007780.sh cat3/gen001280.sh cat1/gen005100.sh cat2/gen001367.sh cat2/gen002060.sh cat2/gen003210.sh cat2/gen003980.sh cat2/gen005536.sh cat2/gen007800.sh cat3/gen001290.sh cat1/gen005140.sh cat2/gen001368.sh cat2/gen002100.sh cat2/gen003240.sh cat2/gen004000.sh cat2/gen005537.sh cat2/gen007820.sh cat3/gen001440.sh cat1/gen005300.sh cat2/gen001369.sh cat2/gen002120.sh cat2/gen003245.sh cat2/gen004010.sh cat2/gen005538.sh cat2/gen007850.sh cat3/gen001490.sh cat1/gen005500.sh cat2/gen001371.sh cat2/gen002140.sh cat2/gen003250.sh cat2/gen004360.sh cat2/gen005539.sh cat2/gen007950.sh cat3/gen001540.sh cat1/gen006380.sh cat2/gen001372.sh cat2/gen002180.sh cat2/gen003252.sh cat2/gen004370.sh cat2/gen005550.sh cat2/gen007960.sh cat3/gen001780.sh cat1/lnx00140.sh cat2/gen001373.sh cat2/gen002200.sh cat2/gen003255.sh cat2/gen004380.sh cat2/gen005590.sh cat2/gen007980.sh cat3/gen002500.sh cat1/lnx00320.sh cat2/gen001374.sh cat2/gen002210.sh cat2/gen003260.sh cat2/gen004390.sh cat2/gen005600.sh cat2/gen008020.sh cat3/gen002715.sh cat1/lnx00580.sh cat2/gen001378.sh cat2/gen002220.sh cat2/gen003270.sh cat2/gen004480.sh cat2/gen005740.sh cat2/gen008040.sh cat3/gen002716.sh cat2/gen000020.sh cat2/gen001379.sh cat2/gen002230.sh cat2/gen003280.sh cat2/gen004500.sh cat2/gen005750.sh cat2/gen008060.sh cat3/gen002717.sh cat2/gen000120.sh cat2/gen001380.sh cat2/gen002280.sh cat2/gen003300.sh cat2/gen004510.sh cat2/gen005770.sh cat2/gen008080.sh cat3/gen002718.sh cat2/gen000300.sh cat2/gen001390.sh cat2/gen002300.sh cat2/gen003320.sh cat2/gen004540.sh cat2/gen005800.sh cat2/gen008100.sh cat3/gen003500.sh cat2/gen000360.sh cat2/gen001391.sh cat2/gen002320.sh cat2/gen003340.sh cat2/gen004560.sh cat2/gen005810.sh cat2/gen008120.sh cat3/gen003520.sh cat2/gen000400.sh cat2/gen001392.sh cat2/gen002330.sh cat2/gen003400.sh cat2/gen004710.sh cat2/gen005840.sh cat2/gen008140.sh cat3/gen003521.sh cat2/gen000440.sh cat2/gen001393.sh cat2/gen002340.sh cat2/gen003410.sh cat2/gen004800.sh cat2/gen005880.sh cat2/gen008160.sh cat3/gen003522.sh cat2/gen000460.sh cat2/gen001394.sh cat2/gen002360.sh cat2/gen003420.sh cat2/gen004880.sh cat2/gen006060.sh cat2/gen008180.sh cat3/gen003523.sh cat2/gen000480.sh cat2/gen001410.sh cat2/gen002420.sh cat2/gen003430.sh cat2/gen004900.sh cat2/gen006080.sh cat2/gen008200.sh cat3/gen003860.sh cat2/gen000500.sh cat2/gen001420.sh cat2/gen002480.sh cat2/gen003460.sh cat2/gen004920.sh cat2/gen006100.sh cat2/gen008220.sh cat3/gen004660.sh cat2/gen000540.sh cat2/gen001430.sh cat2/gen002520.sh cat2/gen003470.sh cat2/gen004930.sh cat2/gen006120.sh cat2/gen008240.sh cat3/gen004680.sh cat2/gen000580.sh cat2/gen001470.sh cat2/gen002560.sh cat2/gen003480.sh cat2/gen004940.sh cat2/gen006140.sh cat2/gen008260.sh cat3/gen004700.sh cat2/gen000600.sh cat2/gen001475.sh cat2/gen002640.sh cat2/gen003490.sh cat2/gen004950.sh cat2/gen006150.sh cat2/gen008280.sh cat3/gen005524.sh cat2/gen000700.sh cat2/gen001480.sh cat2/gen002660.sh cat2/gen003510.sh cat2/gen005120.sh cat2/gen006160.sh cat2/gen008300.sh cat3/gen005525.sh cat2/gen000800.sh cat2/gen001500.sh cat2/gen002680.sh cat2/gen003540.sh cat2/gen005180.sh cat2/gen006180.sh cat2/gen008320.sh cat3/gen005526.sh cat2/gen000920.sh cat2/gen001520.sh cat2/gen002690.sh cat2/gen003581.sh cat2/gen005190.sh cat2/gen006200.sh cat2/gen008340.sh cat3/gen005760.sh cat2/gen000940.sh cat2/gen001550.sh cat2/gen002710.sh cat2/gen003600.sh cat2/gen005280.sh cat2/gen006210.sh cat2/gen008360.sh cat3/gen006570.sh cat2/gen000960.sh cat2/gen001560.sh cat2/gen002720.sh cat2/gen003660.sh cat2/gen005305.sh cat2/gen006225.sh cat2/gen008520.sh cat3/gen006571.sh cat2/gen000980.sh cat2/gen001570.sh cat2/gen002740.sh cat2/gen003700.sh cat2/gen005306.sh cat2/gen006230.sh cat2/gen008540.sh cat3/gen006575.sh cat2/gen001120.sh cat2/gen001580.sh cat2/gen002760.sh cat2/gen003720.sh cat2/gen005307.sh cat2/gen006235.sh cat2/gen008720.sh cat3/gen008440.sh cat2/gen001140.sh cat2/gen001590.sh cat2/gen002780.sh cat2/gen003730.sh cat2/gen005320.sh cat2/gen006240.sh cat2/gen008740.sh cat3/gen008460.sh cat2/gen001160.sh cat2/gen001620.sh cat2/gen002800.sh cat2/gen003740.sh cat2/gen005340.sh cat2/gen006260.sh cat2/gen008760.sh cat3/gen008820.sh cat2/gen001180.sh cat2/gen001660.sh cat2/gen002820.sh cat2/gen003745.sh cat2/gen005350.sh cat2/gen006270.sh cat2/gen008780.sh cat4/gen001460.sh cat2/gen001190.sh cat2/gen001680.sh cat2/gen002840.sh cat2/gen003750.sh cat2/gen005360.sh cat2/gen006280.sh cat2/lnx001476.sh cat4/gen004440.sh cat2/gen001200.sh cat2/gen001720.sh cat2/gen002860.sh cat2/gen003755.sh cat2/gen005365.sh cat2/gen006290.sh cat2/lnx00160.sh cat2/gen001210.sh cat2/gen001730.sh cat2/gen002960.sh cat2/gen003760.sh cat2/gen005375.sh cat2/gen006300.sh cat2/lnx00220.sh cat2/gen001220.sh cat2/gen001740.sh cat2/gen002980.sh cat2/gen003770.sh cat2/gen005390.sh cat2/gen006310.sh cat2/lnx00340.sh

[shawndwells]

git clone generates stig-fix-el6

$ mkdir /opt/stig-fix; mv /git/stig-fix-el6/* /opt/stig-fix

Suggest fixing hard coded paths in apply.sh

[fcaviggia]

Shawn,

I'll check it out tonight - I've generally deployed everything via RPM into /opt/stig-fix/, I probably have hard coding in this that needs to be corrected. I had to totally re-write these scripts after I left Joe's shop and considering I only had a week to crank them out, there are probably a few issues like that.

-Frank

[fcaviggia]

Shawn,

Had the '/opt/sitg-fix' path coded in the BASE_DIR variable in apply.sh changed it to pwd. Should work in different directories - please test.

-Frank

[shawndwells]

works - thanks!