From 02673826a08ab72fe26e41e56cdebf1eddbd7ddb Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Mon, 18 Mar 2019 16:19:05 +0100
Subject: [PATCH] FIX(8.2.x): fix grep and find in audit scripts

---
 bin/hardening/8.2.4_set_logfile_perm.sh        | 4 ++--
 bin/hardening/8.2.5_syslog-ng_remote_host.sh   | 2 +-
 tests/hardening/8.2.5_syslog-ng_remote_host.sh | 1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/bin/hardening/8.2.4_set_logfile_perm.sh b/bin/hardening/8.2.4_set_logfile_perm.sh
index b7c6de6..e2815ff 100755
--- a/bin/hardening/8.2.4_set_logfile_perm.sh
+++ b/bin/hardening/8.2.4_set_logfile_perm.sh
@@ -31,7 +31,7 @@ audit () {
             warn "$FILE does not exist"
         else
             FOUND_EXC=0
-            if grep "$FILE" <(tr ' ' '\n' <<< "$EXCEPTIONS" | cut -d ":" -f 1); then
+            if grep -q "$FILE" <(tr ' ' '\n' <<< "$EXCEPTIONS" | cut -d ":" -f 1); then
                 debug "$FILE is found in exceptions"
                 debug "Setting special user:group:perm"
                 FOUND_EXC=1
@@ -73,7 +73,7 @@ apply () {
             filedir=$(dirname "${FILE#/var/log/}")
             if [ ! "$filedir" = "." ] && [ ! -d /var/log/"$filedir" ]; then
                 debug "Creating /var/log/$filedir for $FILE"
-                debug "mkdir -p /var/log/"$filedir""
+                debug "mkdir -p /var/log/$filedir"
                 mkdir -p /var/log/"$filedir"
             fi
             touch "$FILE"
diff --git a/bin/hardening/8.2.5_syslog-ng_remote_host.sh b/bin/hardening/8.2.5_syslog-ng_remote_host.sh
index ebd85e6..f623c76 100755
--- a/bin/hardening/8.2.5_syslog-ng_remote_host.sh
+++ b/bin/hardening/8.2.5_syslog-ng_remote_host.sh
@@ -19,7 +19,7 @@ PATTERN='destination[[:alnum:][:space:]*{]+(tcp|udp)[[:space:]]*\(\"[[:alnum:].]
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     FOUND=0
-    FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find -L $SYSLOG_BASEDIR/conf.d/ -type f)"
+    FILES="$SYSLOG_BASEDIR/syslog-ng.conf $($SUDO_CMD find -L $SYSLOG_BASEDIR/conf.d/ -type f)"
     for FILE in $FILES; do
        does_pattern_exist_in_file_multiline "$FILE" "$PATTERN"
         if [ $FNRET = 0 ]; then
diff --git a/tests/hardening/8.2.5_syslog-ng_remote_host.sh b/tests/hardening/8.2.5_syslog-ng_remote_host.sh
index a2ab0f6..fc63839 100644
--- a/tests/hardening/8.2.5_syslog-ng_remote_host.sh
+++ b/tests/hardening/8.2.5_syslog-ng_remote_host.sh
@@ -1,6 +1,5 @@
 # run-shellcheck
 test_audit() {
-#set -x
 
     describe Running on blank host
     register_test retvalshouldbe 1