From 72bb3e2b84fcfe6d8fac92fcf892ae25c427ec35 Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Fri, 4 Dec 2020 15:29:19 +0100
Subject: [PATCH] IMP(shellcheck): replace -a in condition by && (SC2166)

---
 bin/hardening.sh                                 | 4 ++--
 bin/hardening/6.2.10_check_user_dot_file_perm.sh | 4 ++--
 bin/hardening/6.2.11_find_user_forward_files.sh  | 2 +-
 bin/hardening/6.2.12_find_user_netrc_files.sh    | 2 +-
 bin/hardening/6.2.13_set_perm_on_user_netrc.sh   | 4 ++--
 bin/hardening/6.2.14_find_user_rhosts_files.sh   | 2 +-
 bin/hardening/6.2.7_users_valid_homedir.sh       | 2 +-
 bin/hardening/6.2.9_users_valid_homedir.sh       | 2 +-
 lib/main.sh                                      | 4 ++--
 lib/utils.sh                                     | 2 +-
 10 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/bin/hardening.sh b/bin/hardening.sh
index 2fb4339..88e9d26 100755
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@@ -165,7 +165,7 @@ while [[ $# > 0 ]]; do
 done
 
 # if no RUN_MODE was passed, usage and quit
-if [ "$AUDIT" -eq 0 -a "$AUDIT_ALL" -eq 0 -a "$AUDIT_ALL_ENABLE_PASSED" -eq 0 -a "$APPLY" -eq 0 -a "$CREATE_CONFIG" -eq 0 ]; then
+if [ "$AUDIT" -eq 0 ] && [ "$AUDIT_ALL" -eq 0 ] && [ "$AUDIT_ALL_ENABLE_PASSED" -eq 0 ] && [ "$APPLY" -eq 0 ] && [ "$CREATE_CONFIG" -eq 0 ]; then
     usage
 fi
 
@@ -198,7 +198,7 @@ if [ "$ALLOW_SERVICE_LIST" = 1 ]; then
 fi
 
 # If --set-hardening-level is specified, don't run anything, just apply config for each script
-if [ -n "$SET_HARDENING_LEVEL" -a "$SET_HARDENING_LEVEL" != 0 ]; then
+if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then
     if ! grep -q "^[12345]$" <<<"$SET_HARDENING_LEVEL"; then
         echo "Bad --set-hardening-level specified ('$SET_HARDENING_LEVEL'), expected 1 to 5"
         exit 1
diff --git a/bin/hardening/6.2.10_check_user_dot_file_perm.sh b/bin/hardening/6.2.10_check_user_dot_file_perm.sh
index f37d208..b46b890 100755
--- a/bin/hardening/6.2.10_check_user_dot_file_perm.sh
+++ b/bin/hardening/6.2.10_check_user_dot_file_perm.sh
@@ -24,7 +24,7 @@ audit() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/.[A-Za-z0-9]*; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
                 if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
                     crit "Group Write permission set on FILE $FILE"
@@ -47,7 +47,7 @@ audit() {
 apply() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         for FILE in $DIR/.[A-Za-z0-9]*; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
                 if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
                     warn "Group Write permission set on FILE $FILE"
diff --git a/bin/hardening/6.2.11_find_user_forward_files.sh b/bin/hardening/6.2.11_find_user_forward_files.sh
index 86a085d..5cb2e72 100755
--- a/bin/hardening/6.2.11_find_user_forward_files.sh
+++ b/bin/hardening/6.2.11_find_user_forward_files.sh
@@ -25,7 +25,7 @@ audit() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 crit "$FILE present"
                 ERRORS=$((ERRORS + 1))
             fi
diff --git a/bin/hardening/6.2.12_find_user_netrc_files.sh b/bin/hardening/6.2.12_find_user_netrc_files.sh
index b653ed9..02726b8 100755
--- a/bin/hardening/6.2.12_find_user_netrc_files.sh
+++ b/bin/hardening/6.2.12_find_user_netrc_files.sh
@@ -25,7 +25,7 @@ audit() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 crit "$FILE present"
                 ERRORS=$((ERRORS + 1))
             fi
diff --git a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
index f53e089..c304e1a 100755
--- a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
+++ b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
@@ -25,7 +25,7 @@ audit() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/.netrc; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 has_file_correct_permissions "$FILE" "$PERMISSIONS"
                 if [ "$FNRET" = 0 ]; then
                     ok "$FILE has correct permissions"
@@ -48,7 +48,7 @@ apply() {
     for DIR in $(cat /etc/passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/.netrc; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 has_file_correct_permissions "$FILE" "$PERMISSIONS"
                 if [ "$FNRET" = 0 ]; then
                     ok "$FILE has correct permissions"
diff --git a/bin/hardening/6.2.14_find_user_rhosts_files.sh b/bin/hardening/6.2.14_find_user_rhosts_files.sh
index a4e28ed..157f80e 100755
--- a/bin/hardening/6.2.14_find_user_rhosts_files.sh
+++ b/bin/hardening/6.2.14_find_user_rhosts_files.sh
@@ -25,7 +25,7 @@ audit() {
     for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
         debug "Working on $DIR"
         for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                 crit "$FILE present"
                 ERRORS=$((ERRORS + 1))
             fi
diff --git a/bin/hardening/6.2.7_users_valid_homedir.sh b/bin/hardening/6.2.7_users_valid_homedir.sh
index 923f473..141bf90 100755
--- a/bin/hardening/6.2.7_users_valid_homedir.sh
+++ b/bin/hardening/6.2.7_users_valid_homedir.sh
@@ -27,7 +27,7 @@ audit() {
         USER=$(awk -F: {'print $1'} <<<$LINE)
         USERID=$(awk -F: {'print $2'} <<<$LINE)
         DIR=$(awk -F: {'print $3'} <<<$LINE)
-        if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
+        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
             crit "The home directory ($DIR) of user $USER does not exist."
             ERRORS=$((ERRORS + 1))
         fi
diff --git a/bin/hardening/6.2.9_users_valid_homedir.sh b/bin/hardening/6.2.9_users_valid_homedir.sh
index 589eda9..5dbdce4 100755
--- a/bin/hardening/6.2.9_users_valid_homedir.sh
+++ b/bin/hardening/6.2.9_users_valid_homedir.sh
@@ -30,7 +30,7 @@ audit() {
         USER=$(awk -F: {'print $1'} <<<$LINE)
         USERID=$(awk -F: {'print $2'} <<<$LINE)
         DIR=$(awk -F: {'print $3'} <<<$LINE)
-        if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
+        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
             crit "The home directory ($DIR) of user $USER does not exist."
             ERRORS=$((ERRORS + 1))
         fi
diff --git a/lib/main.sh b/lib/main.sh
index 0a81ae8..cf26272 100644
--- a/lib/main.sh
+++ b/lib/main.sh
@@ -28,7 +28,7 @@ while [[ $# > 0 ]]; do
         forcedstatus=auditall
         ;;
     --audit)
-        if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
+        if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
             debug "Audit argument detected, setting status to audit"
             forcedstatus=audit
         else
@@ -85,7 +85,7 @@ if [ "$forcedstatus" = "auditall" ]; then
     status=audit
 elif [ "$forcedstatus" = "audit" ]; then
     # We want to audit only enabled scripts
-    if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
+    if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
         debug "Audit argument detected, setting status to audit"
         status=audit
     else
diff --git a/lib/utils.sh b/lib/utils.sh
index a3828ed..5b968a0 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -270,7 +270,7 @@ is_kernel_option_enabled() {
         FNRET=2 # Not found
     fi
 
-    if $SUDO_CMD [ "$FNRET" -ne 0 -a -n "$MODULE_NAME" -a -d "/lib/modules/$(uname -r)" ]; then
+    if $SUDO_CMD [ "$FNRET" -ne 0 ] && [ -n "$MODULE_NAME" ] && [ -d "/lib/modules/$(uname -r)" ]; then
         # also check in modules, because even if not =y, maybe
         # the admin compiled it separately later (or out-of-tree)
         # as a module (regardless of the fact that we have =m or not)