mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
IMP(shellcheck): fix harmless warnings
This commit is contained in:
@ -114,7 +114,7 @@ fi
|
||||
declare -a TEST_LIST ALLOWED_SERVICES_LIST
|
||||
|
||||
# Arguments parsing
|
||||
while [[ $# > 0 ]]; do
|
||||
while [[ $# -gt 0 ]]; do
|
||||
ARG="$1"
|
||||
case $ARG in
|
||||
--audit)
|
||||
|
@ -14,6 +14,7 @@ set -u # One variable unset, it's over
|
||||
|
||||
# shellcheck disable=2034
|
||||
HARDENING_LEVEL=3
|
||||
# shellcheck disable=2034
|
||||
HARDENING_EXCEPTION=gw
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="Disable IP forwarding."
|
||||
|
@ -17,6 +17,7 @@ HARDENING_LEVEL=3
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="Configure /etc/syslog-ng/syslog-ng.conf ."
|
||||
|
||||
# shellcheck disable=2034
|
||||
SERVICE_NAME="syslog-ng"
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
|
@ -46,7 +46,7 @@ apply() {
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE permissions were set to $PERMISSIONS"
|
||||
else
|
||||
warn "fixing $DIRlogs ownership to $PERMISSIONS"
|
||||
warn "fixing $DIR logs ownership to $PERMISSIONS"
|
||||
chmod 0"$PERMISSIONS" "$FILE"
|
||||
fi
|
||||
done
|
||||
|
@ -16,6 +16,7 @@ HARDENING_LEVEL=3
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="Configure logrotate to prevent logfile from growing unmanageable."
|
||||
|
||||
# shellcheck disable=2034
|
||||
SERVICE_NAME="syslog-ng"
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
|
@ -59,27 +59,26 @@ audit() {
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
|
||||
has_file_correct_ownership "$FILE" "$USER" "$GROUP"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE ownership was set to $USER:$GROUP"
|
||||
else
|
||||
warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE permissions were set to $PERMISSIONS"
|
||||
else
|
||||
warn "fixing $DIR SSH private keys ownership to $PERMISSIONS"
|
||||
warn "fixing $DIR SSH private keys permissions to $PERMISSIONS"
|
||||
chmod 0"$PERMISSIONS" "$FILE"
|
||||
fi
|
||||
done
|
||||
|
||||
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
|
||||
has_file_correct_ownership "$FILE" "$USER" "$GROUP"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE ownership was set to $USER:$GROUP"
|
||||
else
|
||||
warn "fixing $DIR SSH private keys ownership to $USER:$GROUP"
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
|
@ -82,7 +82,7 @@ apply() {
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE permissions were set to $PERMISSIONS"
|
||||
else
|
||||
warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
|
||||
warn "fixing $DIR SSH public keys permissions to $PERMISSIONS"
|
||||
chmod 0"$PERMISSIONS" "$FILE"
|
||||
fi
|
||||
fi
|
||||
@ -94,7 +94,7 @@ apply() {
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$FILE ownership was set to $USER:$GROUP"
|
||||
else
|
||||
warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
|
||||
warn "fixing $DIR SSH public keys ownership to $USER:$GROUP"
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
done
|
||||
|
@ -27,6 +27,7 @@ audit() {
|
||||
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
|
||||
USERNAME=$(awk -F: {'print $2'} <<<$LINE)
|
||||
if [ $OCC_NUMBER -gt 1 ]; then
|
||||
# shellcheck disable=2034
|
||||
USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs)
|
||||
ERRORS=$((ERRORS + 1))
|
||||
crit "Duplicate username $USERNAME"
|
||||
|
@ -27,6 +27,7 @@ audit() {
|
||||
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
|
||||
GROUPNAME=$(awk -F: {'print $2'} <<<$LINE)
|
||||
if [ $OCC_NUMBER -gt 1 ]; then
|
||||
# shellcheck disable=2034
|
||||
USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs)
|
||||
ERRORS=$((ERRORS + 1))
|
||||
crit "Duplicate groupname $GROUPNAME"
|
||||
|
Reference in New Issue
Block a user