I have a long mitigation script and upon testing I noticed its not mitigation the target file I have it for any help would be great and I can take out the portion I am dealing with and run it by itself. It is an if statment and its a mystery to me. It is the part that is going to insert the sulogin string to /etc/inittab.
exec > /home/scc/stiglog.log 2>&1
#Script to mitigate common CAT I, II and III's that are common among Linux boxes.
#Insert GRUB MD5 password after "timeout" to mitigate CAT I STIG ID:
#GEN008700 Rule ID: SV-37933r1_rule
if ! grep -q "$string" "$file"
echo "The md5 hash does not exist the md5 hash will be inserted"
sed -i -e '14a\
password --md5 $1$LJU/J0$nfb5N24GCqD6EdR8UobBL.' "$file"
echo "The md5 hash exists in $file"
#Auditing must be enabled at boot by setting a kernel parameter.
#If auditing is enabled late in the boot process, the actions of startup scripts may not be audited.
#STIG ID: GEN000000-LNX00720 Rule ID: SV-27001r1_rule
echo "Doing nothing $string4 kernel parameter is enabled"
if ! grep -q "$string4" "$file"
echo "$String4 kernel parameter is missing will be enabled"
sed -i -e "/quiet/ s|$| "$string4"|" "$file"
#Remove "nullok" from system-auth to mitigate CAT I Rule or it may be possible to log into the account #without authentication.
#STIG ID: GEN000560 Rule ID: SV-37259r1_rule
if ! grep -q "$string5" "$file1"
echo "Skipping "$string5" is not found"
echo ""$string5" is found needs to be removed to avoid use of blank passwords"
sed -i -e 's/"$string5"/g' "$file1"
#Ensure the CTRL-ALT-DELETE key sequence has been disabled and attempts to use the sequence are logged
#Mitigate CAT I STIG ID: GEN000=000-LNX00580 Rule ID: SV-37327r1_rule
if grep -q "$string3" "$file0"
echo "Doing nothing "$string1" already disabled"
if grep -q "$string1" "$file0"
echo "$string1 is found must be disabled and logged"
sed -i -e "s/$string2/$string3/g" "$file0"
sed -i '33a\
ca:nil:ctrlaltdel:/usr/bin/logger -p security.info "Ctrl-Alt-Del was pressed"' "$file0"
#STIG ID: GEN000000-LNX00360 Rule ID: SV-37207r1_rule.
#The X server must have the correct options enabled.
if ! grep -q "server-Standard" "/etc/gdm/custom.conf"
echo "The X server options are not enabled in $file3 and will be inserted"