#!/bin/bash
#
# kate: tab-indents off; tab-width 4; indent-width 4;
#
# This file implements the following CIS controls
# --------------------------------------------------------------------
#  3.3.3     Ensure hosts.deny is configured
#----------------------------------------------------------------------


SELF=$(readlink -f $0)

augtool --autosave --backup --noautoload >/dev/null <<'EOD'
    transform hosts_access.lns  incl /etc/hosts.deny
    transform hosts_access.lns  incl /etc/hosts.allow
    load

    # $noentry  will expand to null if any matching entries already exist, otherwise
    # it will expand to the config file path
    defvar noentry /files/etc/hosts.allow[count(*[process='ALL'][client='ALL'])=0]
    set $noentry/01/process ALL
    set $noentry/01/client ALL

    # $noentry  will expand to null if any matching entries already exist, otherwise
    # it will expand to the config file path
    defvar noentry /files/etc/hosts.deny[count(*[process='ALL'][client='ALL'])=0]
    set $noentry/01/process ALL
    set $noentry/01/client ALL

EOD

