mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-24 22:41:24 +01:00
IMP(shellcheck): replace deprecated egrep (SC2196)
This commit is contained in:
parent
1c56bd9930
commit
36528b55e0
@ -27,7 +27,7 @@ ACCEPTED_SHELLS_GREP=''
|
|||||||
audit() {
|
audit() {
|
||||||
shells_to_grep_helper
|
shells_to_grep_helper
|
||||||
info "Checking if admin accounts have a login shell different than $ACCEPTED_SHELLS"
|
info "Checking if admin accounts have a login shell different than $ACCEPTED_SHELLS"
|
||||||
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 ) {print}' | grep -v $ACCEPTED_SHELLS_GREP || true)
|
RESULT=$(grep -Ev "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 ) {print}' | grep -v $ACCEPTED_SHELLS_GREP || true)
|
||||||
IFS_BAK=$IFS
|
IFS_BAK=$IFS
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
@ -54,7 +54,7 @@ audit() {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 ) {print}' | grep -v $ACCEPTED_SHELLS_GREP || true)
|
RESULT=$(grep -Ev "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 ) {print}' | grep -v $ACCEPTED_SHELLS_GREP || true)
|
||||||
IFS_BAK=$IFS
|
IFS_BAK=$IFS
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
for LINE in $RESULT; do
|
for LINE in $RESULT; do
|
||||||
|
@ -21,7 +21,7 @@ ERRORS=0
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in "$DIR"/.[A-Za-z0-9]*; do
|
for FILE in "$DIR"/.[A-Za-z0-9]*; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
@ -45,7 +45,7 @@ audit() {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
for FILE in "$DIR"/.[A-Za-z0-9]*; do
|
for FILE in "$DIR"/.[A-Za-z0-9]*; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
|
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
|
||||||
|
@ -22,7 +22,7 @@ FILENAME='.forward'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in $DIR/$FILENAME; do
|
for FILE in $DIR/$FILENAME; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
|
@ -22,7 +22,7 @@ FILENAME='.netrc'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in $DIR/$FILENAME; do
|
for FILE in $DIR/$FILENAME; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
|
@ -22,7 +22,7 @@ ERRORS=0
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in $DIR/.netrc; do
|
for FILE in $DIR/.netrc; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
@ -45,7 +45,7 @@ audit() {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
for DIR in $(cat /etc/passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(cat /etc/passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in $DIR/.netrc; do
|
for FILE in $DIR/.netrc; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
|
@ -22,7 +22,7 @@ FILENAME=".rhosts"
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $DIR"
|
debug "Working on $DIR"
|
||||||
for FILE in $DIR/$FILENAME; do
|
for FILE in $DIR/$FILENAME; do
|
||||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||||
|
@ -21,7 +21,7 @@ ERRORS=0
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
for dir in $(get_db passwd | /bin/egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for dir in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $dir"
|
debug "Working on $dir"
|
||||||
debug "Exceptions : $EXCEPTIONS"
|
debug "Exceptions : $EXCEPTIONS"
|
||||||
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
|
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
|
||||||
@ -60,7 +60,7 @@ audit() {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
for dir in $(get_db passwd | /bin/egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
for dir in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||||
debug "Working on $dir"
|
debug "Working on $dir"
|
||||||
debug "Exceptions : $EXCEPTIONS"
|
debug "Exceptions : $EXCEPTIONS"
|
||||||
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
|
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
|
||||||
|
Loading…
Reference in New Issue
Block a user