diff --git a/bin/hardening/99.1.1.23_disable_usb_devices.sh b/bin/hardening/99.1.1.23_disable_usb_devices.sh index 85754b2..13da243 100755 --- a/bin/hardening/99.1.1.23_disable_usb_devices.sh +++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh @@ -13,6 +13,9 @@ set -e # One error, it's over set -u # One variable unset, it's over USER='root' + +# shellcheck disable=2034 +HARDENING_LEVEL=2 # shellcheck disable=2034 DESCRIPTION="USB devices are disabled." diff --git a/bin/hardening/99.1.3_acc_sudoers_no_all.sh b/bin/hardening/99.1.3_acc_sudoers_no_all.sh index e67239f..d12fb42 100755 --- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh @@ -12,6 +12,8 @@ set -e # One error, it's over set -u # One variable unset, it's over +# shellcheck disable=2034 +HARDENING_LEVEL=2 # shellcheck disable=2034 DESCRIPTION="Checks there are no carte-blanche authorization in sudoers file(s)." diff --git a/bin/hardening/99.5.2.3_ssh_disable_features.sh b/bin/hardening/99.5.2.3_ssh_disable_features.sh index 8428f69..4e57b66 100755 --- a/bin/hardening/99.5.2.3_ssh_disable_features.sh +++ b/bin/hardening/99.5.2.3_ssh_disable_features.sh @@ -13,6 +13,7 @@ set -e # One error, it's over set -u # One variable unset, it's over # shellcheck disable=2034 +HARDENING_LEVEL=3 # shellcheck disable=2034 DESCRIPTION="Check all special features in sshd_config are disabled" diff --git a/bin/hardening/99.5.2.4_ssh_keys_from.sh b/bin/hardening/99.5.2.4_ssh_keys_from.sh index 3e36c2c..6377a44 100755 --- a/bin/hardening/99.5.2.4_ssh_keys_from.sh +++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh @@ -12,6 +12,8 @@ set -e # One error, it is over set -u # One variable unset, it is over +# shellcheck disable=2034 +HARDENING_LEVEL=3 # shellcheck disable=2034 DESCRIPTION="Check field in ssh authorized keys files for users with login shell, and allowed IP if available." diff --git a/bin/hardening/99.5.2.5_ssh_strict_modes.sh b/bin/hardening/99.5.2.5_ssh_strict_modes.sh index acde7e3..f373e56 100755 --- a/bin/hardening/99.5.2.5_ssh_strict_modes.sh +++ b/bin/hardening/99.5.2.5_ssh_strict_modes.sh @@ -13,7 +13,9 @@ set -e # One error, it's over set -u # One variable unset, it's over # shellcheck disable=2034 -DESCRIPTION="Ensure home directory and ssh sensitive files are verified (not publicly readable) before connecting." +HARDENING_LEVEL=2 +# shellcheck disable=2034 +DESCRIPTION="Ensure home directory and ssh sensitive files are verified (not publicly readable) before connecting." PACKAGE='openssh-server' OPTIONS='StrictModes=yes' diff --git a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh index 24d9cb6..1c57951 100755 --- a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh +++ b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh @@ -12,8 +12,11 @@ set -e # One error, it's over set -u # One variable unset, it's over +# shellcheck disable=2034 +HARDENING_LEVEL=3 # shellcheck disable=2034 DESCRIPTION="Ensure that legacy services rlogin, rlogind and rcp are disabled and not installed" + # shellcheck disable=2034 SERVICES="rlogin rlogind rcp" diff --git a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh index 57fdd87..a706c8b 100755 --- a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh +++ b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh @@ -6,14 +6,16 @@ # # -# 99.5.4.5.1 Check that any password that may exist in /etc/shadow is SHA512 hashed and salted +# 99.5.4.5.1 Check that any password that will be created will be SHA512 hashed and salted # set -e # One error, it's over set -u # One variable unset, it's over # shellcheck disable=2034 -DESCRIPTION="Check that any password that may exist in /etc/shadow is SHA512 hashed and salted" +HARDENING_LEVEL=2 +# shellcheck disable=2034 +DESCRIPTION="Check that any password that will be created will be SHA512 hashed and salted" CONF_FILE="/etc/login.defs" CONF_LINE="ENCRYPT_METHOD SHA512" diff --git a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh index 93c7179..9613aa3 100755 --- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh +++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh @@ -12,6 +12,8 @@ set -e # One error, it's over set -u # One variable unset, it's over +# shellcheck disable=2034 +HARDENING_LEVEL=2 # shellcheck disable=2034 DESCRIPTION="Check that any password that may exist in /etc/shadow is SHA512 hashed and salted" FILE="/etc/shadow"