IMP(shellcheck): fix harmless warnings

This commit is contained in:
Thibault Ayanides 2020-12-07 14:53:10 +01:00
parent 63835dd10c
commit 8012234096
14 changed files with 43 additions and 24 deletions

View File

@ -114,7 +114,7 @@ fi
declare -a TEST_LIST ALLOWED_SERVICES_LIST
# Arguments parsing
while [[ $# > 0 ]]; do
while [[ $# -gt 0 ]]; do
ARG="$1"
case $ARG in
--audit)

View File

@ -14,6 +14,7 @@ set -u # One variable unset, it's over
# shellcheck disable=2034
HARDENING_LEVEL=3
# shellcheck disable=2034
HARDENING_EXCEPTION=gw
# shellcheck disable=2034
DESCRIPTION="Disable IP forwarding."

View File

@ -17,6 +17,7 @@ HARDENING_LEVEL=3
# shellcheck disable=2034
DESCRIPTION="Configure /etc/syslog-ng/syslog-ng.conf ."
# shellcheck disable=2034
SERVICE_NAME="syslog-ng"
# This function will be called if the script status is on enabled / audit mode

View File

@ -16,6 +16,7 @@ HARDENING_LEVEL=3
# shellcheck disable=2034
DESCRIPTION="Configure logrotate to prevent logfile from growing unmanageable."
# shellcheck disable=2034
SERVICE_NAME="syslog-ng"
# This function will be called if the script status is on enabled / audit mode

View File

@ -59,27 +59,26 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then
ok "$FILE ownership was set to $USER:$GROUP"
else
warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
done
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
warn "fixing $DIR SSH private keys ownership to $PERMISSIONS"
warn "fixing $DIR SSH private keys permissions to $PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE"
fi
done
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key'); do
has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then
ok "$FILE ownership was set to $USER:$GROUP"
else
warn "fixing $DIR SSH private keys ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
done
}
# This function will check config parameters required

View File

@ -82,7 +82,7 @@ apply() {
if [ "$FNRET" = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
warn "fixing $DIR SSH public keys permissions to $PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE"
fi
fi
@ -94,7 +94,7 @@ apply() {
if [ "$FNRET" = 0 ]; then
ok "$FILE ownership was set to $USER:$GROUP"
else
warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
warn "fixing $DIR SSH public keys ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
done

View File

@ -27,6 +27,7 @@ audit() {
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
USERNAME=$(awk -F: {'print $2'} <<<$LINE)
if [ $OCC_NUMBER -gt 1 ]; then
# shellcheck disable=2034
USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs)
ERRORS=$((ERRORS + 1))
crit "Duplicate username $USERNAME"

View File

@ -27,6 +27,7 @@ audit() {
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
GROUPNAME=$(awk -F: {'print $2'} <<<$LINE)
if [ $OCC_NUMBER -gt 1 ]; then
# shellcheck disable=2034
USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs)
ERRORS=$((ERRORS + 1))
crit "Duplicate groupname $GROUPNAME"

View File

@ -15,6 +15,7 @@ backup_file() {
TARGET="$BACKUPDIR/$TARGET"
debug "Backuping $FILE to $TARGET"
cp -a $FILE $TARGET
# shellcheck disable=2034
FNRET=0
fi
}

View File

@ -8,16 +8,26 @@ export LANG=C
#### Useful Color constants settings for loglevels
# Reset Color (for syslog)
# shellcheck disable=2034
NC='\033[0m'
# shellcheck disable=2034
WHITE='\033[0m'
# Colors
# shellcheck disable=2034
RED='\033[0;31m'
# shellcheck disable=2034
GREEN='\033[0;32m'
# shellcheck disable=2034
YELLOW='\033[0;33m'
# shellcheck disable=2034
GRAY='\033[0;40m' # Gray
# Bold
# shellcheck disable=2034
BRED='\033[1;31m' # Red
# shellcheck disable=2034
BGREEN='\033[1;32m' # Green
# shellcheck disable=2034
BYELLOW='\033[1;33m' # Yellow
# shellcheck disable=2034
BWHITE='\033[1;37m' # White

View File

@ -23,7 +23,7 @@ SUDO_CMD=""
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
# Arguments parsing
while [[ $# > 0 ]]; do
while [[ $# -gt 0 ]]; do
ARG="$1"
case $ARG in
--audit-all)

View File

@ -76,8 +76,10 @@ has_file_correct_ownership() {
local FILE=$1
local USER=$2
local GROUP=$3
local USERID=$(id -u $USER)
local GROUPID=$(getent group $GROUP | cut -d: -f3)
local USERID
local GROUPID
USERID=$(id -u $USER)
GROUPID=$(getent group $GROUP | cut -d: -f3)
debug "$SUDO_CMD stat -c '%u %g' $FILE"
if [ "$($SUDO_CMD stat -c "%u %g" $FILE)" = "$USERID $GROUPID" ]; then
FNRET=0
@ -275,7 +277,8 @@ is_kernel_option_enabled() {
# the admin compiled it separately later (or out-of-tree)
# as a module (regardless of the fact that we have =m or not)
debug "Checking if we have $MODULE_NAME.ko"
local modulefile=$($SUDO_CMD find "/lib/modules/$(uname -r)/" -type f -name "$MODULE_NAME.ko")
local modulefile
modulefile=$($SUDO_CMD find "/lib/modules/$(uname -r)/" -type f -name "$MODULE_NAME.ko")
if $SUDO_CMD [ -n "$modulefile" ]; then
debug "We do have $modulefile!"
# ... but wait, maybe it's blacklisted? check files in /etc/modprobe.d/ for "blacklist xyz"
@ -433,6 +436,7 @@ get_debian_major_version() {
if [ $FNRET ]; then
DEB_MAJ_VER=$(cut -d '.' -f1 /etc/debian_version)
else
# shellcheck disable=2034
DEB_MAJ_VER=$(lsb_release -r | cut -f2 | cut -d '.' -f 1)
fi
}

View File

@ -203,7 +203,7 @@ echo
set +e
set +u
let totalerrors=$((nbfailedret + nbfailedgrep + nbfailedconsist))
totalerrors=$((nbfailedret + nbfailedgrep + nbfailedconsist))
# leave `exit 255` for runtime errors
[ $totalerrors -ge 255 ] && totalerrors=254
exit $totalerrors