some minor ubuntu default cleanup

ProjectCode/Modules/OAM/oam-librenms.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export PROJECT_ROOT_PATH
-PROJECT_ROOT_PATH="$(realpath ../../)"
+PROJECT_ROOT_PATH="$(realpath ../../../)"
 
 #Framework variables are read from hee
 
@@ -13,11 +13,11 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 
-for project_include_file in ../Project-Includes/*; do
+for project_include_file in ../../../Project-Includes/*; do
   source "$project_include_file"
 done
 

ProjectCode/Modules/Security/secharden-2fa.sh

@@ -4,19 +4,35 @@
 # Implements 2FA for SSH, Cockpit, and Webmin services
 # Uses Google Authenticator (TOTP) for time-based tokens
 
-set -euo pipefail
 
-# Source framework functions
-# Script can be called from different contexts, so use absolute path resolution
-SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
-PROJECT_ROOT="$(dirname "$(dirname "$(dirname "$SCRIPT_DIR")")")"
+#####
+#Core framework functions...
+#####
 
-# Set up framework variables expected by includes
-export PROJECT_ROOT_PATH="$PROJECT_ROOT"
+export PROJECT_ROOT_PATH
+PROJECT_ROOT_PATH="$(realpath ../../../)"
 
-source "$PROJECT_ROOT/Framework-Includes/PrettyPrint.sh"
-source "$PROJECT_ROOT/Framework-Includes/Logging.sh"
-source "$PROJECT_ROOT/Framework-Includes/ErrorHandling.sh"
+#Framework variables are read from hee
+
+
+export GIT_VENDOR_PATH_ROOT
+GIT_VENDOR_PATH_ROOT="$PROJECT_ROOT_PATH/vendor/git@git.knownelement.com/29418/"
+
+export KNELShellFrameworkRoot
+KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
+
+source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
+
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
+  source "$framework_include_file"
+done
+
+for project_include_file in ../../../Project-Includes/*; do
+  source "$project_include_file"
+done
+
+#Framework variables are read from hee
+source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
 # 2FA Configuration
 BACKUP_DIR="/root/backup/2fa"

ProjectCode/Modules/Security/secharden-audit-agents.sh

@@ -17,7 +17,7 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 

ProjectCode/Modules/Security/secharden-scap-stig.sh

@@ -1,14 +1,16 @@
 #!/bin/bash
 
-#####
+
+#########################################
 #Core framework functions...
-#####
+#########################################
 
 export PROJECT_ROOT_PATH
-PROJECT_ROOT_PATH="$(realpath ../../)"
+PROJECT_ROOT_PATH="$(realpath ../../../)"
 
 #Framework variables are read from hee
 
+
 export GIT_VENDOR_PATH_ROOT
 GIT_VENDOR_PATH_ROOT="$PROJECT_ROOT_PATH/vendor/git@git.knownelement.com/29418/"
 
@@ -17,17 +19,22 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 
-for project_include_file in ../Project-Includes/*; do
+for project_include_file in ../../../Project-Includes/*; do
   source "$project_include_file"
 done
 
-# Actual script logic starts here
+#Framework variables are read from hee
+source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
 
+#########################################
+# Core script code begins here
+#########################################
+
 # Sourced from
 
 # https://complianceascode.readthedocs.io/en/latest/manual/developer/01_introduction.html

ProjectCode/Modules/Security/secharden-ssh.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
 
-#####
+#########################################
 #Core framework functions...
-#####
+#########################################
 
 export PROJECT_ROOT_PATH
-PROJECT_ROOT_PATH="$(realpath ../)"
+PROJECT_ROOT_PATH="$(realpath ../../../)"
 
-#Framework variables are read from hee
+#Framework variables are read from here
 
 
 export GIT_VENDOR_PATH_ROOT
@@ -18,16 +18,21 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 
-for project_include_file in ../Project-Includes/*; do
+for project_include_file in ../../../Project-Includes/*; do
   source "$project_include_file"
 done
 
 #Framework variables are read from hee
-source $PROJECT_ROOT_PATH/Framework-ConfigFiles/FrameworkVars
+source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
+
+
+#########################################
+# Core script code begins here
+#########################################
 
 export SUBODEV_CHECK
 SUBODEV_CHECK="$(getent passwd | grep -c subodev || true)"

ProjectCode/Modules/Security/secharden-wazuh.sh

@@ -1,13 +1,13 @@
 #!/bin/bash
 
-#####
+#########################################
 #Core framework functions...
-#####
+#########################################
 
 export PROJECT_ROOT_PATH
-PROJECT_ROOT_PATH="$(realpath ../../)"
+PROJECT_ROOT_PATH="$(realpath ../../../)"
 
-#Framework variables are read from hee
+#Framework variables are read from here
 
 export GIT_VENDOR_PATH_ROOT
 GIT_VENDOR_PATH_ROOT="$PROJECT_ROOT_PATH/vendor/git@git.knownelement.com/29418/"
@@ -17,14 +17,21 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 
-for project_include_file in ../Project-Includes/*; do
+for project_include_file in ../../../Project-Includes/*; do
   source "$project_include_file"
 done
 
+#Framework variables are read from hee
+source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
+
+
+#########################################
+# Core script code begins here
+#########################################
 
 # We don't want to run this on the wazuh server, otherwise bad things happen...
 

ProjectCode/SetupNewSystem.sh

@@ -4,6 +4,7 @@
 #Core framework functions...
 #####
 
+
 export PROJECT_ROOT_PATH
 PROJECT_ROOT_PATH="$(realpath ../)"
 
@@ -18,7 +19,7 @@ KNELShellFrameworkRoot="$GIT_VENDOR_PATH_ROOT/KNEL/KNELShellFramework"
 
 source $KNELShellFrameworkRoot/Framework-ConfigFiles/FrameworkVars
 
-for framework_include_file in $KNELShellFrameworkRoot/framework-includes/*; do
+for framework_include_file in $KNELShellFrameworkRoot/Framework-Includes/*; do
   source "$framework_include_file"
 done
 
@@ -34,6 +35,9 @@ done
 
 apt-get -y install git sudo dmidecode curl
 
+export UBUNTU_CHECK
+UBUNTU_CHECK="$(distro | grep -c Ubuntu || true)"
+
 export IS_PHYSICAL_HOST
 IS_PHYSICAL_HOST="$(/usr/sbin/dmidecode -t System | grep -c Dell || true)"
 
@@ -105,18 +109,16 @@ function global-installPackages() {
 
   #Remove stuff we don't want
 
-  export UBUNTU_CHECK
-  UBUNTU_CHECK="$(distro | grep -c Ubuntu || true)"
-
-  if [ "$UBUNTU_CHECK" -eq 1 ]; then
-    apt-get --yes --purge remove chrony telnet inetutils-telnet
-  fi
-
-  if [ "$UBUNTU_CHECK" -eq 0 ]; then
-    apt-get --yes --purge remove systemd-timesyncd chrony telnet inetutils-telnet
-  fi
-
-  #export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes -o Dpkg::Options::="--force-confold" --purge remove nano
+  export DEBIAN_FRONTEND="noninteractive" \
+  && apt-get -qq --yes --purge \
+  remove \
+    systemd-timesyncd \
+    chrony \
+    telnet \
+    inetutils-telnet \
+    nano \
+    multipath-tools \
+    || true
 
   # add stuff we want
 
@@ -156,6 +158,7 @@ function global-installPackages() {
     vim \
     command-not-found \
     lldpd \
+    ansible-core \
     net-tools \
     dos2unix \
     gpg \
@@ -345,7 +348,7 @@ function global-postPackageConfiguration() {
 function secharden-ssh() {
   print_info "Now running $FUNCNAME"
 
-  cd ./Modules/Security
+  cd ./Modules/Security || exit
   bash ./secharden-ssh.sh
   cd -
 
@@ -354,7 +357,33 @@ function secharden-ssh() {
 
 function secharden-wazuh() {
   print_info "Now running $FUNCNAME"
-  bash ./Modules/Security/secharden-wazuh.sh
+  cd ./Modules/Security || exit
+  bash ./secharden-wazuh.sh
+  cd -
+  print_info "Completed running $FUNCNAME"
+}
+
+function secharden-2fa() {
+  print_info "Now running $FUNCNAME"
+  cd ./Modules/Security || exit
+  bash ./secharden-2fa.sh
+  cd -
+  print_info "Completed running $FUNCNAME"
+}
+
+function secharden-scap-stig() {
+  print_info "Now running $FUNCNAME"
+  cd ./Modules/Security || exit
+  bash ./secharden-scap-stig.sh
+  cd -
+  print_info "Completed running $FUNCNAME"
+}
+
+function secharden-agents() {
+  print_info "Now running $FUNCNAME"
+  cd ./Modules/Security || exit
+  bash ./secharden-audit-agents.sh
+  cd -
   print_info "Completed running $FUNCNAME"
 }
 
@@ -364,23 +393,8 @@ function secharden-auto-upgrades() {
   print_info "Completed running $FUNCNAME"
 }
 
-function secharden-2fa() {
-  print_info "Now running $FUNCNAME"
-  bash ./Modules/Security/secharden-2fa.sh
-  print_info "Completed running $FUNCNAME"
-}
 
-function secharden-agents() {
-  print_info "Now running $FUNCNAME"
-  #curl --silent ${DL_ROOT}/Modules/Security/secharden-audit-agents.sh|$(which bash)
-  print_info "Completed running $FUNCNAME"
-}
 
-function secharden-scap-stig() {
-  print_info "Now running $FUNCNAME"
-  bash ./Modules/Security/secharden-scap-stig.sh
-  print_info "Completed running $FUNCNAME"
-}
 
 ####################################################################################################
 # Authentication