Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools

Adding DESCRIPTION field in tests and [INFO] DESCRIPTION in main Update README with --batch mode info Add --batch mode in hardening.sh Change summary to make it oneliner when batch mode AUDIT_SUMMARY PASSED_CHECKS:95 RUN_CHECKS:191 TOTAL_CHECKS_AVAIL:191 CONFORMITY_PERCENTAGE:49.74
2025-06-22 02:33:42 +02:00 · 2017-10-31 17:44:15 +01:00
parent 8a7f9ddad5
commit 67df4da781
195 changed files with 283 additions and 28 deletions
--- a/lib/common.sh
+++ b/lib/common.sh
@ -58,17 +58,29 @@ cecho () {
 }

 crit () {
-    if [ $MACHINE_LOG_LEVEL -ge 1 ]; then _logger $BRED "[ KO ] $*"; fi
+    if [ ${BATCH_MODE:-0} -eq 1 ]; then
+        BATCH_OUTPUT="$BATCH_OUTPUT KO{$*}"
+    else
+        if [ $MACHINE_LOG_LEVEL -ge 1 ]; then _logger $BRED "[ KO ] $*"; fi
+    fi
    # This variable incrementation is used to measure failure or success in tests
    CRITICAL_ERRORS_NUMBER=$((CRITICAL_ERRORS_NUMBER+1))
 }

 warn () {
-    if [ $MACHINE_LOG_LEVEL -ge 2 ]; then _logger $BYELLOW "[WARN] $*"; fi
+    if [ ${BATCH_MODE:-0} -eq 1 ]; then
+        BATCH_OUTPUT="$BATCH_OUTPUT WARN{$*}"
+    else
+        if [ $MACHINE_LOG_LEVEL -ge 2 ]; then _logger $BYELLOW "[WARN] $*"; fi
+    fi
 }

 ok () {
-    if [ $MACHINE_LOG_LEVEL -ge 3 ]; then _logger $BGREEN "[ OK ] $*"; fi
+    if [ ${BATCH_MODE:-0} -eq 1 ]; then
+        BATCH_OUTPUT="$BATCH_OUTPUT OK{$*}"
+    else
+        if [ $MACHINE_LOG_LEVEL -ge 3 ]; then _logger $BGREEN "[ OK ] $*"; fi
+    fi
 }

 info () {
--- a/lib/main.sh
+++ b/lib/main.sh
@ -2,6 +2,8 @@ LONG_SCRIPT_NAME=$(basename $0)
 SCRIPT_NAME=${LONG_SCRIPT_NAME%.sh}
 # Variable initialization, to avoid crash
 CRITICAL_ERRORS_NUMBER=0 # This will be used to see if a script failed, or passed
+BATCH_MODE=0
+BATCH_OUTPUT=""
 status=""
 forcedstatus=""
 SUDO_CMD=""
@ -14,8 +16,6 @@ SUDO_CMD=""
 # Environment Sanitizing
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

-info "Working on $SCRIPT_NAME"
-
 # Arguments parsing
 while [[ $# > 0 ]]; do
    ARG="$1"
@ -35,6 +35,12 @@ while [[ $# > 0 ]]; do
        --sudo)
        SUDO_CMD="sudo -n"
        ;;
+        --batch)
+            debug "Auditing in batch mode, will limit output by setting LOGLEVEL to 'ok'."
+            BATCH_MODE=1
+            LOGLEVEL=ok
+            [ -r $CIS_ROOT_DIR/lib/common.sh     ] && . $CIS_ROOT_DIR/lib/common.sh
+        ;;
        *)
            debug "Unknown option passed"
        ;;
@ -42,6 +48,9 @@ while [[ $# > 0 ]]; do
    shift
 done

+info "Working on $SCRIPT_NAME"
+info "[DESCRIPTION] $DESCRIPTION"
+
 # Source specific configuration file
 if ! [ -r $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg ] ; then
    # If it doesn't exist, create it with default values
@ -72,9 +81,11 @@ fi

 if [ -z $status ]; then
    crit "Could not find status variable for $SCRIPT_NAME, considered as disabled"
+
    exit 2
 fi

+
 case $status in
    enabled | true )
        info "Checking Configuration"
@ -99,10 +110,20 @@ case $status in
        ;;
 esac

-if [ $CRITICAL_ERRORS_NUMBER = 0 ]; then
-    ok "Check Passed"
+if [ $CRITICAL_ERRORS_NUMBER -eq 0 ]; then
+    if [ $BATCH_MODE -eq 1 ]; then
+        BATCH_OUTPUT="OK $SCRIPT_NAME $BATCH_OUTPUT"
+        echo $BATCH_OUTPUT
+    else
+        ok "Check Passed"
+    fi
    exit 0 # Means ok status
 else
-    crit "Check Failed"
+    if [ $BATCH_MODE -eq 1 ]; then
+        BATCH_OUTPUT="KO $SCRIPT_NAME $BATCH_OUTPUT"
+        echo $BATCH_OUTPUT
+    else
+        crit "Check Failed"
+    fi
    exit 1 # Means critical status
 fi