Skip to content

Commit be4cad7

Browse files
StrangeRangerStrangeRanger
committed
Fix trapping logic and clean_exit function
1 parent 7d386d1 commit be4cad7

1 file changed

Lines changed: 20 additions & 8 deletions

File tree

hardening/SSHD Hardening/harden-sshd.bash

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,14 @@
22
#
33
# This script hardens the ssh server by modifying its configuration file, 'sshd_config'.
44
#
5-
# Note:
5+
# NOTE:
66
# These configurations align with the recommendations of the security auditing tool
77
# known as Lynis (https://github.com/CISOfy/lynis).
88
#
9-
# Version: v2.0.0
9+
# TODO:
10+
# - Impliment functionality to revert changes if the script fails.
11+
#
12+
# Version: v2.0.1
1013
# License: MIT License
1114
# Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
1215
#
@@ -33,7 +36,7 @@ readonly C_ERROR="${C_RED}ERROR:${C_NC} "
3336
readonly C_INFO="${C_BLUE}==>${C_NC} "
3437
readonly C_NOTE="${C_CYAN}==>${C_NC} "
3538

36-
# Associative array containing the configuration settings for sshd_config.
39+
# Associative array containing the configuration settings for 'sshd_config'.
3740
declare -A C_SSHD_CONFIG=(
3841
["LogLevel"]="VERBOSE"
3942
["LogLevelRegex"]='^#?LogLevel\s+.*$'
@@ -87,23 +90,32 @@ readonly C_SSHD_CONFIG
8790
clean_exit() {
8891
local exit_code="$1"
8992

93+
# Unset the EXIT trap to prevent re-entry.
94+
trap - EXIT
95+
9096
case "$exit_code" in
9197
0) exit 0 ;;
9298
1) echo "" ;;
93-
130) echo -e "\n${C_WARNING}User interrupt detected" ;;
94-
*) echo -e "\n${C_RED}==>${C_NC} Exiting with code: $exit_code" ;;
99+
130) echo -e "\n${C_WARNING}User interrupt detected (SIGINT)" ;;
100+
143) echo -e "\n${C_WARNING}Termination signal detected (SIGTERM)" ;;
101+
129) echo -e "\n${C_WARNING}Hangup signal detected (SIGHUP)" ;;
102+
131) echo -e "\n${C_WARNING}Quit signal detected (SIGQUIT)" ;;
103+
*) echo -e "\n${C_WARNING}Exiting with code: $exit_code" ;;
95104
esac
96105

97-
echo -e "${C_INFO}Exiting..."
106+
echo "Exiting..."
98107
exit "$exit_code"
99108
}
100109

101110

102111
####[ Trapping Logic ]##################################################################
103112

104113

105-
# Catch some of the most common signals.
106-
trap 'clean_exit $?' EXIT INT TERM HUP QUIT ERR
114+
trap 'clean_exit 130' SIGINT
115+
trap 'clean_exit 143' SIGTERM
116+
trap 'clean_exit 129' SIGHUP
117+
trap 'clean_exit 131' SIGQUIT
118+
trap 'clean_exit $?' EXIT
107119

108120

109121
####[ Prepping ]########################################################################

0 commit comments

Comments
 (0)