IMP(shellcheck): replace -a in condition by && (SC2166)

2024-11-24 06:21:24 +01:00 · 2020-12-04 15:29:19 +01:00 · 2020-12-04 15:29:19 +01:00 · 72bb3e2b84
commit 72bb3e2b84
parent d371b8d057
10 changed files with 14 additions and 14 deletions
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -165,7 +165,7 @@ while [[ $# > 0 ]]; do
 done

 # if no RUN_MODE was passed, usage and quit
-if [ "$AUDIT" -eq 0 -a "$AUDIT_ALL" -eq 0 -a "$AUDIT_ALL_ENABLE_PASSED" -eq 0 -a "$APPLY" -eq 0 -a "$CREATE_CONFIG" -eq 0 ]; then
+if [ "$AUDIT" -eq 0 ] && [ "$AUDIT_ALL" -eq 0 ] && [ "$AUDIT_ALL_ENABLE_PASSED" -eq 0 ] && [ "$APPLY" -eq 0 ] && [ "$CREATE_CONFIG" -eq 0 ]; then
    usage
 fi

@ -198,7 +198,7 @@ if [ "$ALLOW_SERVICE_LIST" = 1 ]; then
 fi

 # If --set-hardening-level is specified, don't run anything, just apply config for each script
-if [ -n "$SET_HARDENING_LEVEL" -a "$SET_HARDENING_LEVEL" != 0 ]; then
+if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then
    if ! grep -q "^[12345]$" <<<"$SET_HARDENING_LEVEL"; then
        echo "Bad --set-hardening-level specified ('$SET_HARDENING_LEVEL'), expected 1 to 5"
        exit 1
--- a/bin/hardening/6.2.10_check_user_dot_file_perm.sh
+++ b/bin/hardening/6.2.10_check_user_dot_file_perm.sh
@ -24,7 +24,7 @@ audit() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/.[A-Za-z0-9]*; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
                if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
                    crit "Group Write permission set on FILE $FILE"
@ -47,7 +47,7 @@ audit() {
 apply() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        for FILE in $DIR/.[A-Za-z0-9]*; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
                if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
                    warn "Group Write permission set on FILE $FILE"
--- a/bin/hardening/6.2.11_find_user_forward_files.sh
+++ b/bin/hardening/6.2.11_find_user_forward_files.sh
@ -25,7 +25,7 @@ audit() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                crit "$FILE present"
                ERRORS=$((ERRORS + 1))
            fi
--- a/bin/hardening/6.2.12_find_user_netrc_files.sh
+++ b/bin/hardening/6.2.12_find_user_netrc_files.sh
@ -25,7 +25,7 @@ audit() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                crit "$FILE present"
                ERRORS=$((ERRORS + 1))
            fi
--- a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
+++ b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh
@ -25,7 +25,7 @@ audit() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/.netrc; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                has_file_correct_permissions "$FILE" "$PERMISSIONS"
                if [ "$FNRET" = 0 ]; then
                    ok "$FILE has correct permissions"
@ -48,7 +48,7 @@ apply() {
    for DIR in $(cat /etc/passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/.netrc; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                has_file_correct_permissions "$FILE" "$PERMISSIONS"
                if [ "$FNRET" = 0 ]; then
                    ok "$FILE has correct permissions"
--- a/bin/hardening/6.2.14_find_user_rhosts_files.sh
+++ b/bin/hardening/6.2.14_find_user_rhosts_files.sh
@ -25,7 +25,7 @@ audit() {
    for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
        debug "Working on $DIR"
        for FILE in $DIR/$FILENAME; do
-            if [ ! -h "$FILE" -a -f "$FILE" ]; then
+            if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
                crit "$FILE present"
                ERRORS=$((ERRORS + 1))
            fi
--- a/bin/hardening/6.2.7_users_valid_homedir.sh
+++ b/bin/hardening/6.2.7_users_valid_homedir.sh
@ -27,7 +27,7 @@ audit() {
        USER=$(awk -F: {'print $1'} <<<$LINE)
        USERID=$(awk -F: {'print $2'} <<<$LINE)
        DIR=$(awk -F: {'print $3'} <<<$LINE)
-        if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
+        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
            crit "The home directory ($DIR) of user $USER does not exist."
            ERRORS=$((ERRORS + 1))
        fi
--- a/bin/hardening/6.2.9_users_valid_homedir.sh
+++ b/bin/hardening/6.2.9_users_valid_homedir.sh
@ -30,7 +30,7 @@ audit() {
        USER=$(awk -F: {'print $1'} <<<$LINE)
        USERID=$(awk -F: {'print $2'} <<<$LINE)
        DIR=$(awk -F: {'print $3'} <<<$LINE)
-        if [ $USERID -ge 1000 -a ! -d "$DIR" -a $USER != "nfsnobody" -a $USER != "nobody" -a "$DIR" != "/nonexistent" ]; then
+        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
            crit "The home directory ($DIR) of user $USER does not exist."
            ERRORS=$((ERRORS + 1))
        fi
--- a/lib/main.sh
+++ b/lib/main.sh
@ -28,7 +28,7 @@ while [[ $# > 0 ]]; do
        forcedstatus=auditall
        ;;
    --audit)
-        if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
+        if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
            debug "Audit argument detected, setting status to audit"
            forcedstatus=audit
        else
@ -85,7 +85,7 @@ if [ "$forcedstatus" = "auditall" ]; then
    status=audit
 elif [ "$forcedstatus" = "audit" ]; then
    # We want to audit only enabled scripts
-    if [ "$status" != 'disabled' -a "$status" != 'false' ]; then
+    if [ "$status" != 'disabled' ] && [ "$status" != 'false' ]; then
        debug "Audit argument detected, setting status to audit"
        status=audit
    else
--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -270,7 +270,7 @@ is_kernel_option_enabled() {
        FNRET=2 # Not found
    fi

-    if $SUDO_CMD [ "$FNRET" -ne 0 -a -n "$MODULE_NAME" -a -d "/lib/modules/$(uname -r)" ]; then
+    if $SUDO_CMD [ "$FNRET" -ne 0 ] && [ -n "$MODULE_NAME" ] && [ -d "/lib/modules/$(uname -r)" ]; then
        # also check in modules, because even if not =y, maybe
        # the admin compiled it separately later (or out-of-tree)
        # as a module (regardless of the fact that we have =m or not)