From 17d272420ab065a27c1a826b0f7c50fc88830854 Mon Sep 17 00:00:00 2001
From: Tarik Megzari <tarik@megzari.ovh>
Date: Mon, 27 Dec 2021 15:40:55 +0100
Subject: [PATCH] feat: Dissociate iptables pkg name from command (#137)

Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>

Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
---
 bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
index 1373682..5ae49a8 100755
--- a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
+++ b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
@@ -20,6 +20,7 @@ DESCRIPTION="Check iptables firewall default policy for DROP on INPUT and FORWAR
 PACKAGE="iptables"
 FW_CHAINS="INPUT FORWARD"
 FW_POLICY="DROP"
+FW_CMD="iptables"
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
@@ -27,9 +28,9 @@ audit() {
     if [ "$FNRET" != 0 ]; then
         crit "$PACKAGE is not installed!"
     else
-        ipt=$($SUDO_CMD "$PACKAGE" -nL 2>/dev/null || true)
+        ipt=$($SUDO_CMD "$FW_CMD" -nL 2>/dev/null || true)
         if [[ -z "$ipt" ]]; then
-            crit "Empty return from $PACKAGE command. Aborting..."
+            crit "Empty return from $FW_CMD command. Aborting..."
             return
         fi
         for chain in $FW_CHAINS; do