Update changelog

bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh

@@ -21,8 +21,8 @@ ERRORS=0
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-
-    for GROUP in $(cut -s -d: -f4 /etc/passwd | sort -u); do
+    RESULT=$(cut -s -d: -f4 /etc/passwd | sort -u)
+    for GROUP in $RESULT; do
         debug "Working on group $GROUP"
         if ! grep -q -P "^.*?:[^:]*:$GROUP:" /etc/group; then
             crit "Group $GROUP is referenced by /etc/passwd but does not exist in /etc/group"

debian/changelog

@@ -1,3 +1,20 @@
+cis-hardening (2.1-5) unstable; urgency=medium
+
+  * Fix various shellcheck warnrings and errors
+  * Quote every variables that should be quoted SC2086
+  * Move shfmt
+  * Disable some shellcheck rules like sed replacement by shell expansion SC2001
+  * Replace egrep SC2196
+  * Fix execution of output SC2091
+  * Replace ls by glob in loop SC2045
+  * Add prefix to follow scripts SC1090
+  * Replace -a  by && SC2166
+  * Replace ! -z by -n SC2236
+  * Fix bug on race condition (shoud have been fixed in 2.0-6)
+
+
+ -- Thibault Ayanides <thibault.ayanides@ovhcloud.com>  Mon, 14 Dec 2020 16:30:32 +0100
+
 cis-hardening (2.1-4) unstable; urgency=medium
 
   * Quoting variables to commply with shellcheck SC2086

lib/utils.sh

@@ -302,8 +302,7 @@ is_kernel_option_enabled() {
 
 # Verify $1 is a partition declared in fstab
 is_a_partition() {
-
-    local PARTITION_NAME=$1
+    local PARTITION=$1
     FNRET=128
     if grep "[[:space:]]$1[[:space:]]" /etc/fstab | grep -vqE "^#"; then
         debug "$PARTITION found in fstab"
@@ -316,7 +315,7 @@ is_a_partition() {
 
 # Verify that $1 is mounted at runtime
 is_mounted() {
-    local PARTITION_NAME=$1
+    local PARTITION=$1
     if grep -q "[[:space:]]$1[[:space:]]" /proc/mounts; then
         debug "$PARTITION found in /proc/mounts, it's mounted"
         FNRET=0