From 467e5f178cecba74407807eb4d85e12af4942bc8 Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Tue, 17 Nov 2020 13:02:02 +0100
Subject: [PATCH] fixup! IMP(4.5): rename to 1.6.1.2 improve test

---
 bin/hardening/1.6.2.1_enable_apparmor.sh | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/1.6.2.1_enable_apparmor.sh b/bin/hardening/1.6.2.1_enable_apparmor.sh
index 469ab25..a468130 100755
--- a/bin/hardening/1.6.2.1_enable_apparmor.sh
+++ b/bin/hardening/1.6.2.1_enable_apparmor.sh
@@ -27,12 +27,18 @@ audit () {
 
     ERROR=0
     RESULT=$($SUDO_CMD grep "^\s*linux" /boot/grub/grub.cfg)
+    
+    # define custom IFS and save default one
+    d_IFS=$IFS
+    c_IFS=$'\n'
+    IFS=$c_IFS
     for line in $RESULT; do
         if [[ ! $line =~ "apparmor=1" ]] || [[ ! $line =~ "security=apparmor" ]]; then
             crit "$line is not configured"
             ERROR=1
         fi
     done
+    IFS=$d_IFS
     if [ $ERROR = 0 ]; then
         ok "$PACKAGE is configured"
     
@@ -47,15 +53,22 @@ apply () {
     else
         ok "$PACKAGE is installed"
     fi
-    
+
     ERROR=0
     RESULT=$($SUDO_CMD grep "^\s*linux" /boot/grub/grub.cfg)
+    
+    # define custom IFS and save default one
+    d_IFS=$IFS
+    c_IFS=$'\n'
+    IFS=$c_IFS
     for line in $RESULT; do
         if [[ ! $line =~ "apparmor=1" ]] || [[ ! $line =~ "security=apparmor" ]]; then
             crit "$line is not configured"
             ERROR=1
         fi
     done
+    IFS=$d_IFS
+    
     if [ $ERROR = 1 ]; then
         $SUDO_CMD sed -i "s/GRUB_CMDLINE_LINUX=\"/GRUB_CMDLINE_LINUX=\"apparmor=1 security=apparmor/" /etc/default/grub
         $SUDO_CMD update-grub