Update changelog

This commit is contained in:
Thibault Ayanides 2020-12-14 16:56:09 +01:00
parent f4ba90352b
commit 3560f67e3f
3 changed files with 21 additions and 5 deletions

View File

@ -21,8 +21,8 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
RESULT=$(cut -s -d: -f4 /etc/passwd | sort -u)
for GROUP in $(cut -s -d: -f4 /etc/passwd | sort -u); do for GROUP in $RESULT; do
debug "Working on group $GROUP" debug "Working on group $GROUP"
if ! grep -q -P "^.*?:[^:]*:$GROUP:" /etc/group; then if ! grep -q -P "^.*?:[^:]*:$GROUP:" /etc/group; then
crit "Group $GROUP is referenced by /etc/passwd but does not exist in /etc/group" crit "Group $GROUP is referenced by /etc/passwd but does not exist in /etc/group"

17
debian/changelog vendored
View File

@ -1,3 +1,20 @@
cis-hardening (2.1-5) unstable; urgency=medium
* Fix various shellcheck warnrings and errors
* Quote every variables that should be quoted SC2086
* Move shfmt
* Disable some shellcheck rules like sed replacement by shell expansion SC2001
* Replace egrep SC2196
* Fix execution of output SC2091
* Replace ls by glob in loop SC2045
* Add prefix to follow scripts SC1090
* Replace -a by && SC2166
* Replace ! -z by -n SC2236
* Fix bug on race condition (shoud have been fixed in 2.0-6)
-- Thibault Ayanides <thibault.ayanides@ovhcloud.com> Mon, 14 Dec 2020 16:30:32 +0100
cis-hardening (2.1-4) unstable; urgency=medium cis-hardening (2.1-4) unstable; urgency=medium
* Quoting variables to commply with shellcheck SC2086 * Quoting variables to commply with shellcheck SC2086

View File

@ -302,8 +302,7 @@ is_kernel_option_enabled() {
# Verify $1 is a partition declared in fstab # Verify $1 is a partition declared in fstab
is_a_partition() { is_a_partition() {
local PARTITION=$1
local PARTITION_NAME=$1
FNRET=128 FNRET=128
if grep "[[:space:]]$1[[:space:]]" /etc/fstab | grep -vqE "^#"; then if grep "[[:space:]]$1[[:space:]]" /etc/fstab | grep -vqE "^#"; then
debug "$PARTITION found in fstab" debug "$PARTITION found in fstab"
@ -316,7 +315,7 @@ is_a_partition() {
# Verify that $1 is mounted at runtime # Verify that $1 is mounted at runtime
is_mounted() { is_mounted() {
local PARTITION_NAME=$1 local PARTITION=$1
if grep -q "[[:space:]]$1[[:space:]]" /proc/mounts; then if grep -q "[[:space:]]$1[[:space:]]" /proc/mounts; then
debug "$PARTITION found in /proc/mounts, it's mounted" debug "$PARTITION found in /proc/mounts, it's mounted"
FNRET=0 FNRET=0