mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-25 23:35:36 +01:00
IMP(shellcheck): replace -a in condition by && (SC2166)
This commit is contained in:
parent
d371b8d057
commit
72bb3e2b84
@ -165,7 +165,7 @@ while [[ $# > 0 ]]; do
|
||||
done
|
||||
|
||||
# if no RUN_MODE was passed, usage and quit
|
||||
if [ "$AUDIT" -eq 0 -a "$AUDIT_ALL" -eq 0 -a "$AUDIT_ALL_ENABLE_PASSED" -eq 0 -a "$APPLY" -eq 0 -a "$CREATE_CONFIG" -eq 0 ]; then
|
||||
if [ "$AUDIT" -eq 0 ] && [ "$AUDIT_ALL" -eq 0 ] && [ "$AUDIT_ALL_ENABLE_PASSED" -eq 0 ] && [ "$APPLY" -eq 0 ] && [ "$CREATE_CONFIG" -eq 0 ]; then
|
||||
usage
|
||||
fi
|
||||
|
||||
@ -198,7 +198,7 @@ if [ "$ALLOW_SERVICE_LIST" = 1 ]; then
|
||||
fi
|
||||
|
||||
# If --set-hardening-level is specified, don't run anything, just apply config for each script
|
||||
if [ -n "$SET_HARDENING_LEVEL" -a "$SET_HARDENING_LEVEL" != 0 ]; then
|
||||
if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then
|
||||
if ! grep -q "^[12345]$" <<<"$SET_HARDENING_LEVEL"; then
|
||||
echo "Bad --set-hardening-level specified ('$SET_HARDENING_LEVEL'), expected 1 to 5"
|
||||
exit 1
|
||||
|
@ -24,7 +24,7 @@ audit() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/.[A-Za-z0-9]*; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
|
||||
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
|
||||
crit "Group Write permission set on FILE $FILE"
|
||||
@ -47,7 +47,7 @@ audit() {
|
||||
apply() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
for FILE in $DIR/.[A-Za-z0-9]*; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
|
||||
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
|
||||
warn "Group Write permission set on FILE $FILE"
|
||||
|
@ -25,7 +25,7 @@ audit() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/$FILENAME; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
crit "$FILE present"
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
|
@ -25,7 +25,7 @@ audit() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/$FILENAME; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
crit "$FILE present"
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
|
@ -25,7 +25,7 @@ audit() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/.netrc; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE has correct permissions"
|
||||
@ -48,7 +48,7 @@ apply() {
|
||||
for DIR in $(cat /etc/passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/.netrc; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE has correct permissions"
|
||||
|
@ -25,7 +25,7 @@ audit() {
|
||||
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
|
||||
debug "Working on $DIR"
|
||||
for FILE in $DIR/$FILENAME; do
|
||||
if [ ! -h "$FILE" -a -f "$FILE" ]; then
|
||||
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
|
||||
crit "$FILE present"
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
|
@ -27,7 +27,7 @@ audit() {
|
||||
USER=$(awk -F: {'print $1'} <<<$LINE)
|
||||
USERID=$(awk -F: {'print $2'} <<<$LINE)
|
||||
DIR=$(awk -F: {'print $3'} <<<$LINE)
|
||||
if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
|
||||
if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
|
||||
crit "The home directory ($DIR) of user $USER does not exist."
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
|
@ -30,7 +30,7 @@ audit() {
|
||||
USER=$(awk -F: {'print $1'} <<<$LINE)
|
||||
USERID=$(awk -F: {'print $2'} <<<$LINE)
|
||||
DIR=$(awk -F: {'print $3'} <<<$LINE)
|
||||
if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
|
||||
if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
|
||||
crit "The home directory ($DIR) of user $USER does not exist."
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
|
@ -28,7 +28,7 @@ while [[ $# > 0 ]]; do
|
||||
forcedstatus=auditall
|
||||
;;
|
||||
--audit)
|
||||
if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
|
||||
if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
|
||||
debug "Audit argument detected, setting status to audit"
|
||||
forcedstatus=audit
|
||||
else
|
||||
@ -85,7 +85,7 @@ if [ "$forcedstatus" = "auditall" ]; then
|
||||
status=audit
|
||||
elif [ "$forcedstatus" = "audit" ]; then
|
||||
# We want to audit only enabled scripts
|
||||
if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
|
||||
if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
|
||||
debug "Audit argument detected, setting status to audit"
|
||||
status=audit
|
||||
else
|
||||
|
@ -270,7 +270,7 @@ is_kernel_option_enabled() {
|
||||
FNRET=2 # Not found
|
||||
fi
|
||||
|
||||
if $SUDO_CMD [ "$FNRET" -ne 0 -a -n "$MODULE_NAME" -a -d "/lib/modules/$(uname -r)" ]; then
|
||||
if $SUDO_CMD [ "$FNRET" -ne 0 ] && [ -n "$MODULE_NAME" ] && [ -d "/lib/modules/$(uname -r)" ]; then
|
||||
# also check in modules, because even if not =y, maybe
|
||||
# the admin compiled it separately later (or out-of-tree)
|
||||
# as a module (regardless of the fact that we have =m or not)
|
||||
|
Loading…
Reference in New Issue
Block a user