#!/usr/bin/env bash{# Check if GNOME Desktop Manager is installed. If package isn't installed, recommendation is Not Applicable\n# determine system's package managerl_pkgoutput=""ifcommand-vdpkg-query>/dev/null2>&1;thenl_pq="dpkg-query -W"elifcommand-vrpm>/dev/null2>&1;thenl_pq="rpm -q"fi# Check if GDM is installedl_pcl="gdm gdm3"# Space separated list of packages to checkforl_pnin$l_pcl;do$l_pq"$l_pn">/dev/null2>&1&&l_pkgoutput="$l_pkgoutput\n - Package: \"$l_pn\" exists on the system\n - checking configuration"done# Check configuration (If applicable)if[-n"$l_pkgoutput"];thenl_output=""l_output2=""# Look for idle-delay to determine profile in use, needed for remaining testsl_kfd="/etc/dconf/db/$(grep-Psril'^\h*autorun-never\b'/etc/dconf/db/*/|awk-F'/''{split($(NF-1),a,".");print a[1]}').d"#set directory of key file to be lockedif[-d"$l_kfd"];then# If key file directory doesn't exist, options can't be lockedifgrep-Piq'^\h*\/org/gnome\/desktop\/media-handling\/autorunnever\b'"$l_kfd";thenl_output="$l_output\n - \"autorun-never\" is locked in \"$(grep-Pil'^\h*\/org/gnome\/desktop\/media-handling\/autorun-never\b'"$l_kfd")\""elsel_output2="$l_output2\n - \"autorun-never\" is not locked"fielsel_output2="$l_output2\n - \"autorun-never\" is not set so it can not be locked"fielsel_output="$l_output\n - GNOME Desktop Manager package is not installed on the system\n - Recommendation is not applicable"fi# Report results. If no failures output in l_output2, we pass[-n"$l_pkgoutput"]&&echo-e"\n$l_pkgoutput"if[-z"$l_output2"];thenecho-e"\n- Audit Result:\n ** PASS **\n$l_output\n"elseecho-e"\n- Audit Result:\n ** FAIL **\n - Reason(s) for audit failure:\n$l_output2\n"[-n"$l_output"]&&echo-e"\n- Correctly set:\n$l_output\n"fi}
#!/usr/bin/env bash{# Check if GNOME Desktop Manager is installed. If package isn't installed, recommendation is Not Applicable\n# determine system's package managerl_pkgoutput=""ifcommand-vdpkg-query>/dev/null2>&1;thenl_pq="dpkg-query -W"elifcommand-vrpm>/dev/null2>&1;thenl_pq="rpm -q"fi# Check if GDM is installedl_pcl="gdm gdm3"# Space separated list of packages to checkforl_pnin$l_pcl;do$l_pq"$l_pn">/dev/null2>&1&&l_pkgoutput="y"&&echo-e"\n - Package: \"$l_pn\" exists on the system\n - remediating configuration if needed"done# Check configuration (If applicable)if[-n"$l_pkgoutput"];then# Look for autorun to determine profile in use, needed for remaining testsl_kfd="/etc/dconf/db/$(grep-Psril'^\h*autorun-never\b'/etc/dconf/db/*/|awk-F'/''{split($(NF-1),a,".");print a[1]}').d"#set directory of key file to be lockedif[-d"$l_kfd"];then# If key file directory doesn't exist, options can't be lockedifgrep-Priq'^\h*\/org/gnome\/desktop\/media-handling\/autorunnever\b'"$l_kfd";thenecho" - \"autorun-never\" is locked in \"$(grep-Pril'^\h*\/org/gnome\/desktop\/media-handling\/autorun-never\b'"$l_kfd")\""elseecho" - creating entry to lock \"autorun-never\""[!-d"$l_kfd"/locks]&&echo"creating directory $l_kfd/locks"&&mkdir"$l_kfd"/locks
{echo-e'\n# Lock desktop media-handling autorun-never setting'echo'/org/gnome/desktop/media-handling/autorun-never'}>>"$l_kfd"/locks/00-media-autorun
fielseecho-e" - \"autorun-never\" is not set so it can not be locked\n - Please follow Recommendation \"Ensure GDM autorun-never is enabled\" and follow this Recommendation again"fi# update dconf databasedconfupdate
elseecho-e" - GNOME Desktop Manager package is not installed on the system\n - Recommendation is not applicable"fi}