Script de mise à jour ne fonctionnant pas

Bonjour à tous,
Je veux mettre en place une mise à jour de sécurité apache avec le script suivant, mais j'avoue y perdre mon latin car il ne marche pas pouvez-vous m'aider.
Le script est le suivant : un peu long j'avoue.
Merci d'avance
--------------------------------------------------------------------------------------------------------------------------------------------------------------------

#!/bin/bash 
 ##Srcipt for hardening apache   
 #
  echo -e "Stopping httpd(Apache)"
  service httpd stop
  
 ##Backup apache config
 #
 cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak 
 #
 #
APACHE_PREFIX=/etc/httpd/conf

 #Enable the Log Config Module
  
  httpd -M | egrep 'log_config'
  
 if [ $? -eq 0 ]
 then
  echo -e "OK" >> /tmp/hard_test
  else
 echo -e "LoadModule log_config_module modules/mod_log_config.so" >> /etc/httpd/conf/httpd.conf
 fi
 #
sudo service httpd restart

 #Disable WebDAV Modules
 httpd -M | grep ' dav_[[:print:]]+module'

 if [ $? -eq 0 ]
 then 
 echo -e "WebDAV is correctly disabled" >> /tmp/hard-test
 fi

 #Disable Status Module

 httpd -M | egrep 'status_module'

 if [ $? -eq 0 ]

 then echo -e " Syntax ok, status module is  disabled" >> /tmp/hard_test
 else

 echo -e "##LoadModule status_module modules/mod_status.so" >> /etc/httpd/conf/httpd/httpd.conf
 fi
  
 #Disable Autoindex Module

 httpd -M | grep autoindex_module

 if [ $? -eq -0 ]
   then echo -e "Syntax ok, Autoindex Module is disabled" >> /tmp/hard_test
 else
 echo -e "## LoadModule autoindex_module modules/mod_autoindex.so>>/etc/httpd/conf/httpd.conf
 fi
 #
 #
 #Disable Proxy Modules
 httpd -M | grep proxy_
 if [ $? -eq 0 ]
 then 
  echo -e "Syntax Ok, Proxy Modules are disabled" >> /tmp/hard_test
 fi

 if [ $? -eq 0 ]
   then 
     echo -e "syntax ok" >> /tmp/hard_test

 else 
 echo -e "LoadModule dav_module modules/mod_dav.so" >>/etc/httpd/conf/httpd.conf/httpd.conf
 fi
 then 
   echo -e "Syntax Ok, Proxy Modules are disabled" >> /tmp/hard_test
 else 
   echo -e "##LoadModule proxy_module modules/mod_proxy.so" >> /etc/httpd/conf/httpd/httpd.conf
   echo -e "##LoadModule proxy_balancer_module modules/mod_proxy_balancer.so" >> /etc/httpd/conf/httpd/httpd.conf


   echo -e "##LoadModule proxy_ftp_module modules/mod_proxy_ftp.so" >> /etc/httpd/conf/httpd/httpd.conf
   echo -e "##LoadModule proxy_http_module modules/mod_proxy_http.so " >> /etc/httpd/conf/httpd/httpd.conf
   echo -e "##LoadModule proxy_connect_module modules/mod_proxy_connect.so ">> /etc/httpd/conf/httpd/httpd.conf
   echo -e "##LoadModule proxy_ajp_module modules/mod_proxy_ajp.so"  >> /etc/httpd/conf/httpd/httpd.conf

 fi 

 #Disable User Directories Modules
   httpd -M | grep userdir_
 if [ $? -eq 0 ]
 Then
   echo -e "Modules correctly disabled " >> /tmp/hard_test

 else
   echo -e "##LoadModule userdir_module modules/mod_userdir.so" >>/etc/httpd/conf/httpd.conf
 fi
 #
 #
 #
 #Disable Info Module

 httpd -M | egrep 'info_module'
 f [ $? -eq 0 ]
 Then
   echo -e "Modules correctly disabled " >> /tmp/hard_test
   
 else
   echo -e "       ##LoadModule info_module modules/mod_info.so "  >> /etc/httpd/conf/httpd.conf
 fi
 #
 #

 #Run the Apache Web Server as a non-root user

 grep -i '^User' /etc/httpd/conf/httpd.conf
 if [ $? -eq 0 ]

 then 
   echo -e "User apache exists" >> /tmp/hard_test
 fi
 #
 #
 grep -i '^Group' /etc/httpd/conf/httpd.conf
 if [ $? -eq 0 ]
 then 
   echo -e "Group apache exists" >> /tmp/hard_test
 fi
 #
 #
 #2-Ensure the apache account is correct:
 # id apache
 sudo  grep '^UID_MIN' /etc/login.defs
 AP=`id -u apache`
 if [ $AP -lt 500 ]
 then echo -e "apache uid is les than UID_MIN"
 fi

 #apache similar to the following entries:
 #uid=48(apache) gid=48(apache) groups=48(apache)
 #APG=´id -g apache`
  
 #3. While the web server is running check the user id for the httpd processes. The user
 #name should match the configuration file.
 ps axu | grep apache | grep -v '^root' >> /tmp/hard_test
 if [ $? -eq 0 ]
 then 
  echo -e "user id is apache" >> /tmp/hard_test
 fi
 #
 #
 #
 #

 #3.2Give the Apache User Account an Invalid Shell

 #Check the apache login shell in the /etc/passwd file:
 # grep apache /etc/passwd
 #The apache account shell must be /sbin/nologin or /dev/null similar to the following:
 #/etc/passwd:apache:x:48:48:Apache:/var/www:/sbin/nologin
 #Change the apache account to use the nologin shell or an invalid shell such as /dev/null:
 # sudo chsh -s /sbin/nologin apache

 #Lock the Apache User Account
 #3.3 Lock the Apache User Account (Scored)

 #Ensure the apache account is locked using the following:
 #sudo  passwd -S apache

 #The results will be similar to the following:
 #apache LK 2010-01-28 0 99999 7 -1 (Password locked.)
 #- or -
 #apache L 07/02/2012 -1 -1 -1 -1


 #Set Ownership on Apache Directories and Files

 #Identify files in the Apache directory not owned by root:

  find /etc/httpd/conf  \! -user root -ls

 if [$? -eq 0 ]

  then 
  echo "There are no files  not owned by root in this directory" >> /tmp/hard_test
  else 

 #Set ownership on the $APACHE_PREFIX directories 
sudo chown -R root $/etc/httpd/conf 

 fi

 #Set Group Id on Apache Directories and Files
 #Identify files in the Apache directories other than htdocs with a group other than root:


  find $APACHE_PREFIX -path /etc/httpd/conf /htdocs -prune -o \! -group root -ls

 if [$? -e 0 ]

 then 
  echo -e "NO files in the Apache directories other than htdocs with a group other than root" >> /tmp/hard_test

 else

 #Set ownership on the $APACHE_PREFIX directories  :
 sudo  chgrp -R root /etc/httpd/conf
 fi 

 #Restrict Other Write Access on Apache Directories and Files
 #Identify files or directories in the Apache directory with other write access, excluding symbolic links:

  find -L /etc/httpd/conf \! -type l -perm /o=w -ls

 if [ $? -eq 0 ]
 then 
  echo -e "There are no files  with other acces in  Apache directory" >> /tmp/hard_test
 else

 #Perform the following to remove other write access on the $APACHE_PREFIX directories.

 sudo  chmod -R o-w /etc/httpd/conf

 fi

 # CoreDumpDirectory is not to be within the Apache web document root ($APACHE_PREFIX/htdocs)

 #2. must be owned by root and have a group ownership of the Apache group (as defined via the Group directive)


 #Secure the Core Dump Directory
 chown root:apache /var/log/httpd



 #must have no read-write-search access permission for other users.
  chmod o-rwx /var/log/httpd
  
  
  
 #Secure the Lock File
 #1. Find the directory in which the LockFile would be created. The default value is the ServerRoot/logs directory.
 #2. Modify the directory if the LockFile if it is a directory within the Apache DocumentRoot
 #3. Change the ownership and group to be root:root, if not already.
 #4. Change the permissions so that the directory is only writable by root, or the user under which apache initially starts up (default 
 is root),
 #5. Check that the lock file directory is on a locally mounted hard drive rather than anNFS mounted file system.
 #
 #Secure the Pid File
 #Audit:
 #1. Find the directory in which the PidFile would be created. The default value is the
 #ServerRoot/logs directory.
 #2. Verify that the process ID file directory is not a directory within the Apache DocumentRoot.
 #3. Verify that the ownership and group of the directory is root:root (or the user
 #under which apache initially starts up if not root).
 #4. Verify the permissions on the directory are only writable by root (or the startup user if not root).





 #Secure the ScoreBoard File
 #1. Check to see if the ScoreBoardFile is specified in any of the Apache configuration files. 
 #If it is not present, no changes are required.
 #2. If the directive is present, find the directory in which the ScoreBoardFile would be
 #created. The default value is the ServerRoot/logs directory.
  
 #3. Modify the directory if the ScoreBoardFile is in a directory within the Apache DocumentRoot
 #4. Change the ownership and group to be root:root, if not already.
 #5. Change the permissions so that the directory is only writable by root, or the user
 #under which apache initially starts up (default is root),
 #6. Check that the scoreboard file directory is on a locally mounted hard drive rather
 #than an NFS mounted file system.
 #Default Value:
 #The default scoreboard file is logs/apache_status
 #Restrict Group Write Access for the Apache Directories and Files
 #Identify files or directories in the Apache directory with group write access, excluding symbolic links:
 sudo find -L /etc/httpd.conf \! -type l -perm /g=w -ls
 #
 #
 #
 #Perform the following to remove group write access on the $APACHE_PREFIX directories.

 sudo chmod -R g-w /etc/httpd/conf
 #
 #
 #
 #Restrict Group Write Access for the Document Root Directories and Files
 #Identify files or directories in the Apache Document Root directory with Apache group write access.

 ## Define $GRP to be the Apache group configured

 # GRP=$(grep '^Group' /etc/httpd/conf/conf/httpd.conf | cut -d' ' -f2)

 # find -L $DOCROOT -group $GRP -perm /g=w -ls

 #Perform the following to remove group write access on the $DOCROOT directories and files with the apache group.


 #find -L $DOCROOT -group $GRP -perm /g=w -print | xargs chmod g-w


 #Deny Access to OS Root Directory

 #First extract  root directory  elements as follow:

 perl -ne 'print if /^ *<Directory *\//i .. /<\/Directory/i' $APACHE_PREFIX/httpd.conf

 #Second add the line "Require" as follow:

 sed -i '\#<Directory />#,\#</Directory># { //b;N;s/.*/Require all denied/}' $APACHE_PREFIX/httpd.conf

 #
 #
 #
 #
 #Restrict OverRide for the OS Root Directory

 sed -i '\#<Directory />#,\#</Directory># { //b;N;s/.*/AllowOverride None/}' $APACHE_PREFIX/httpd.conf
 #
 #
 #
 #Restrict OverRide for All Directories
 #
 grep -i AllowOverride $APACHE_PREFIX/conf/httpd.conf

 if [$? -eq 0]

 then
  echo -e "AllowOverride None"  >> $APACHE_PREFIX/httpd.conf
 fi
 #
 #
 #



 #Restrict Options for the OS Root Directory
 sed -i '\#<Directory />#,\#</Directory># { //b;N;s/.*/Options None/}' $APACHE_PREFIX/httpd.conf
 #
 #
 #Restrict Options for the Web Root Directory
 sed -i '\#<Directory /etc/httpd/htdocs>#,\#</Directory># { //b;N;s/.*/Options None/}' $APACHE_PREFIX/httpd.conf
 #
 #
 #
 #Minimize Options for Other Directories
 sed -i '\#<Directory /etc/httpd/conf/cgi-bin>#,\#</Directory># { //b;N;s/.*/Options None/}' $APACHE_PREFIX/httpd.conf
 #
 #
 #
 #Remove Default HTML Content
 sudo yum erase httpd-manual
 #
 #
 #
 #Remove Default CGI Content printenv
 sudo rm $APACHE_PREFIX/cgi-bin/printenv
 #
 #
 #
 #Remove Default CGI Content test-cgi
 sudo rm $APACHE_PREFIX/cgi-bin/test-cgi
 #
 #
 #




 #
 #Limit HTTP Request Methods
 sed -i '\#<Directory /etc/httpd/conf/cgi-bin>#,\#</Directory># { //b;N;s/.*<LimitExcept GET POST OPTIONS>,Require all denied,</LimitExcept>/}' $APACHE_PREFIX/httpd.conf


 #
 #Disable HTTP TRACE Method
 grep TraceEnable /etc/httpd/conf/httpd.conf

 if [ $? -eq 1]
 then
   echo -e "Trace method is not disabled" >> /tmp/hard_test
 else 
   echo -e "TraceEnable off" >> $APACHE_PREFIX/httpd.conf
 fi
 #

 #
 #
 #
 #Restrict HTTP Protocol Versions

  grep "RewriteEngine On" $APACHE_PREFIX/httpd.conf

 if [$? -eq 1 ]
 then 
   echo -e "LoadModule rewrite_module modules/mod_rewrite.so" >> $APACHE_PREFIX/httpd.conf
   echo -e "RewriteEngine On" >> $APACHE_PREFIX/httpd.conf
   echo -e "RewriteCond %{THE_REQUEST} !HTTP/1\.1$" >> $APACHE_PREFIX/httpd.conf
   echo -e "RewriteRule .* - [F]" >> $APACHE_PREFIX/httpd.conf
 fi
 #
 #Restrict Access to .ht* files



 #
 #Configure the Error Log
 grep ErrorLog $APACHE_PREFIX/httpd.con
 if [ $? -eq 0 ]
 then
   echo -e " ErrorLog directive is implemented" >> /tmp/hard_test
 fi
 #
 #
 #
 #Configure the Access Log
 grep /LogFormat $APACHE_PREFIX/httpd.conf
 if [$? -eq 0 ]
 then
   echo "Access log is  implemented" >> /tmp/hard_test
 fi

 grep CustomLog $APACHE_PREFIX/httpd.conf

 if [$? -eq 0]
 then 
   echo -e "log files, syslog are implemented" >> /tmp/hard_test
 fi
 #
 #
 #
 #Log Storage and Rotation
 if [ -f /etc/logrotate.d/htpd ]
 then 
   echo -e "web log rotation exits"
 fi
 #
 #
 #
 #Apply Applicable Patches
 #
 #Install mod_ssl and/or mod_nss

  httpd -M | grep ssl

 if [$? -eq 0 ]
 then
   echo -e " ssl is installed" >> /tmp/hard_test
 fi
 #
 #
 #
 #Install a Valid Trusted Certificate
 #
 #
 #Protect the Servers Private Key
 #
 #
 #
 #Disable Weak SSL Protocols
 grep SSLProtocol /etc/httpd/conf/httpd.conf
 if [$? -eq 1 ]
 then 
   echo -e "SSL Protocols not set " >> /tmp/hard_test
 else
   eho -e " SSLProtocol TLSv1.1 TLSv1.2"  >> $APACHE_PREFIX/httpd.conf
 fi
 #
 #Restrict Weak SSL Ciphers
 echo -e "SSLHonorCipherOrder On" >>$APACHE_PREFIX/httpd.conf
 echo -e "SSLCipherSuite ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!MD5:!RC4" >>$APACHE_PREFIX/httpd.conf
 echo -e "SSLCipherSuite ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!SSLv3:!MD5:!RC4" >>$APACHE_PREFIX/httpd.conf

 #
 #Restrict Insecure SSL Renegotiation
 echo -e "SSLInsecureRenegotiation off" >> $APACHE_PREFIX/httpd.conf
 #
 #
 #
 #Ensure SSL Compression is Not Enabled

 #
 #
 #
 #
 #Set ServerToken to 'Prod'
 grep "ServerTokens Prod" $APACHE_PREFIX/httpd.conf
 if [$? -eq 0 ]
 then 
   echo -e "the ServerTokens directive is present in the apacheconf" >> /tmp/hard_test
 else
   echo -e "ServerTokens Prod" >> $APACHE_PREFIX/httpd.conf

 #
 #
 #
 #Set ServerSignature to 'Off'
 grep "ServerSignature Off" $APACHE_PREFIX/httpd.conf
 if [$? -eq 0 ]
 then
   echo -e "ServerSignature is Off" >> /tmp/hard_test
 else
   echo -e "ServerSignature Off" $APACHE_PREFIX/httpd.conf
 fi
 #
 #
 #
 #Set the TimeOut to 10 or less
 grep "Timeout 10" $APACHE_PREFIX/httpd.conf
 if [[$? -eq 0 ]
 then 
   echo -e "Timeout set at 10" >> /tmp/hard_test
 else
   echo -e "Timeout 10" >> $APACHE_PREFIX/httpd.conf
 #
 #
 #
 #Set the KeepAlive to On
 grep "KeepAlive On" $APACHE_PREFIX/httpd.conf
 if [[$? -eq 0 ]
 then 
   echo -e "KeepAlive is set at On" >> /tmp/hard-test
 else
   echo -e "KeepAlive On" >> $APACHE_PREFIX/httpd.conf
 fi

 #
 #
 #
 #Set the MaxKeepAliveRequests to 100 or greater
  grep "MaxKeepAliveRequests"  /etc/httpd/conf/httpd.conf
 if [$? -eq 0 ]
 then
   echo -e "MaxKeepAlive is correctly set" >> /tmp/hard_test
   
   
  else
   echo -e "MaxKeepAliveRequests 100" >> /etc/httpd/conf/httpd.conf
 fi
 #
 #
 #
 #Set the KeepAliveTimeout to 15 or less
 grep "KeepAliveTimeout 15" /etc/httpd/conf/httpd.conf

 if [ $? -eq 0 ]

   echo -e " timeout is at 15" >> /etc/httpd/conf/httpd.conf

 else
   echo -e "KeepAliveTimeout 15" >> /etc/httpd/conf/httpd.conf
 fi
 #
 #
 #
 #
 #Set Timeout Limits for Request Headers

 grep "RequestReadTimeout" /etc/httpd/conf/httpd.conf

 [$? -eq 1 ]
 then
   echo -e "LoadModule reqtimeout_module modules/mod_reqtimeout.so" >> /etc/httpd/conf/httpd.conf
 fi

   echo -e "RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500" >> /etc/httpd/conf/httpd.conf
 #
 #
 #
 #Set Timeout Limits for the Request Body

 egrep "mod_requesttimeout |mod_reqtimeout" /etc/httpd/conf/httpd.conf

 if [ $? -eq 1 ]

   then echo -e "configuration does not contain any RequestReadTimeout" >> /tmp/hard_test

 else 
   echo -e "LoadModule reqtimeout_module modules/mod_reqtimeout.so" >> /etc/httpd/conf/httpd.conf
 fi
 sudo service restart httpd

-------------------------------------------------------------------------------------------------------------------------------------------------------------------