IMP(shellcheck): fix harmless warnings

2025-06-24 11:34:35 +02:00 · 2020-12-07 14:53:10 +01:00
parent 63835dd10c
commit 8012234096
14 changed files with 43 additions and 24 deletions
--- a/bin/hardening.sh
+++ b/bin/hardening.sh
@ -114,7 +114,7 @@ fi
 declare -a TEST_LIST ALLOWED_SERVICES_LIST

 # Arguments parsing
-while [[ $# > 0 ]]; do
+while [[ $# -gt 0 ]]; do
    ARG="$1"
    case $ARG in
    --audit)
--- a/bin/hardening/3.1.1_disable_ip_forwarding.sh
+++ b/bin/hardening/3.1.1_disable_ip_forwarding.sh
@ -14,6 +14,7 @@ set -u # One variable unset, it's over

 # shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 HARDENING_EXCEPTION=gw
 # shellcheck disable=2034
 DESCRIPTION="Disable IP forwarding."
--- a/bin/hardening/4.2.2.2_configure_syslog-ng.sh
+++ b/bin/hardening/4.2.2.2_configure_syslog-ng.sh
@ -17,6 +17,7 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Configure /etc/syslog-ng/syslog-ng.conf ."

+# shellcheck disable=2034
 SERVICE_NAME="syslog-ng"

 # This function will be called if the script status is on enabled / audit mode
--- a/bin/hardening/4.2.4_logs_permissions.sh
+++ b/bin/hardening/4.2.4_logs_permissions.sh
@ -46,7 +46,7 @@ apply() {
        if [ "$FNRET" = 0 ]; then
            ok "$FILE permissions were set to $PERMISSIONS"
        else
-            warn "fixing $DIRlogs ownership to $PERMISSIONS"
+            warn "fixing $DIR logs ownership to $PERMISSIONS"
            chmod 0"$PERMISSIONS" "$FILE"
        fi
    done
--- a/bin/hardening/4.3_configure_logrotate.sh
+++ b/bin/hardening/4.3_configure_logrotate.sh
@ -16,6 +16,7 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Configure logrotate to prevent logfile from growing unmanageable."

+# shellcheck disable=2034
 SERVICE_NAME="syslog-ng"

 # This function will be called if the script status is on enabled / audit mode
--- a/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh
+++ b/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh
@ -59,27 +59,26 @@ audit() {

 # This function will be called if the script status is on enabled mode
 apply() {
-    for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
-        has_file_correct_ownership "$FILE" "$USER" "$GROUP"
-        if [ "$FNRET" = 0 ]; then
-            ok "$FILE ownership was set to $USER:$GROUP"
-        else
-            warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
-            chown "$USER":"$GROUP" "$FILE"
-
-        fi
-    done
-
    for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
        has_file_correct_permissions "$FILE" "$PERMISSIONS"
        if [ "$FNRET" = 0 ]; then
            ok "$FILE permissions were set to $PERMISSIONS"
        else
-            warn "fixing $DIR SSH private keys ownership to $PERMISSIONS"
+            warn "fixing $DIR SSH private keys permissions to $PERMISSIONS"
            chmod 0"$PERMISSIONS" "$FILE"
        fi
    done

+    for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
+        has_file_correct_ownership "$FILE" "$USER" "$GROUP"
+        if [ "$FNRET" = 0 ]; then
+            ok "$FILE ownership was set to $USER:$GROUP"
+        else
+            warn "fixing $DIR SSH private keys ownership to $USER:$GROUP"
+            chown "$USER":"$GROUP" "$FILE"
+
+        fi
+    done
 }

 # This function will check config parameters required
--- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
+++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
@ -82,7 +82,7 @@ apply() {
                if [ "$FNRET" = 0 ]; then
                    ok "$FILE permissions were set to $PERMISSIONS"
                else
-                    warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
+                    warn "fixing $DIR SSH public keys permissions to $PERMISSIONS"
                    chmod 0"$PERMISSIONS" "$FILE"
                fi
            fi
@ -94,7 +94,7 @@ apply() {
        if [ "$FNRET" = 0 ]; then
            ok "$FILE ownership was set to $USER:$GROUP"
        else
-            warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
+            warn "fixing $DIR SSH public keys ownership to $USER:$GROUP"
            chown "$USER":"$GROUP" "$FILE"
        fi
    done
--- a/bin/hardening/6.2.18_check_duplicate_username.sh
+++ b/bin/hardening/6.2.18_check_duplicate_username.sh
@ -27,6 +27,7 @@ audit() {
        OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
        USERNAME=$(awk -F: {'print $2'} <<<$LINE)
        if [ $OCC_NUMBER -gt 1 ]; then
+            # shellcheck disable=2034
            USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs)
            ERRORS=$((ERRORS + 1))
            crit "Duplicate username $USERNAME"
--- a/bin/hardening/6.2.19_check_duplicate_groupname.sh
+++ b/bin/hardening/6.2.19_check_duplicate_groupname.sh
@ -27,6 +27,7 @@ audit() {
        OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
        GROUPNAME=$(awk -F: {'print $2'} <<<$LINE)
        if [ $OCC_NUMBER -gt 1 ]; then
+            # shellcheck disable=2034
            USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs)
            ERRORS=$((ERRORS + 1))
            crit "Duplicate groupname $GROUPNAME"