[10.2] Fixed result parsing in case of spaces in passwd list

2024-11-22 13:37:02 +01:00 · 2017-03-10 17:26:55 +01:00 · 2017-03-10 17:26:55 +01:00 · 0c053eef56
commit 0c053eef56
parent eb7bf7fece
1 changed files with 4 additions and 2 deletions
--- a/bin/hardening/10.2_disable_system_accounts.sh
+++ b/bin/hardening/10.2_disable_system_accounts.sh
@ -18,7 +18,8 @@ RESULT=''
 # This function will be called if the script status is on enabled / audit mode
 audit () {
    info "Checking if admin accounts have a login shell different than $SHELL"
-    RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}') 
+    RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
+    IFS=$'\n'
    for LINE in $RESULT; do
        debug "line : $LINE"
        ACCOUNT=$( echo $LINE | cut -d: -f 1 )
@ -43,6 +44,7 @@ audit () {
 # This function will be called if the script status is on enabled mode
 apply () {
    RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
+    IFS=$'\n'
    for LINE in $RESULT; do
        debug "line : $LINE"
        ACCOUNT=$( echo $LINE | cut -d: -f 1 )
@ -85,7 +87,7 @@ else
        echo "No CIS_ROOT_DIR variable, aborting"
        exit 128
    fi
-fi 
+fi

 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then