feat: Filter the filesystem to check when the list is built. (#156)

* feat: Attempt to filter-out filesystem that match exclusion regex.
2025-06-24 11:34:35 +02:00 · 2022-06-24 17:45:47 +02:00
parent 7a3145d7f1
commit 66ccc6316a
9 changed files with 49 additions and 18 deletions
--- a/bin/hardening/99.5.2.4_ssh_keys_from.sh
+++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh
@ -109,7 +109,7 @@ audit() {
        crit "/etc/ssh/sshd_config is not readable."
    else
        ret=$($SUDO_CMD grep -iP "^AuthorizedKeysFile" /etc/ssh/sshd_config || echo '#KO')
-        if [ "x$ret" = "x#KO" ]; then
+        if [ "$ret" = "#KO" ]; then
            debug "No AuthorizedKeysFile defined in sshd_config."
        else
            AUTHKEYFILE_PATTERN=$(echo "$ret" | sed 's/AuthorizedKeysFile//i' | sed 's#%h/##' | tr -s "[:space:]")
@ -137,7 +137,7 @@ audit() {
            continue
        else
            info "User $user has a valid shell ($shell)."
-            if [ "x$user" = "xroot" ] && [ "$user" != "$EXCEPTION_USER" ]; then
+            if [ "$user" = "root" ] && [ "$user" != "$EXCEPTION_USER" ]; then
                check_dir /root
                continue
            elif $SUDO_CMD [ ! -d /home/"$user" ]; then