From 81dc3086775bf3c8534e651cedeae0e188a9baf9 Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Thu, 28 Feb 2019 17:52:47 +0100
Subject: [PATCH] FIX(8.3.2): add $SUDO_CMD to find

---
 bin/hardening/8.3.2_tripwire_cron.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/bin/hardening/8.3.2_tripwire_cron.sh b/bin/hardening/8.3.2_tripwire_cron.sh
index ba3476b..752c001 100755
--- a/bin/hardening/8.3.2_tripwire_cron.sh
+++ b/bin/hardening/8.3.2_tripwire_cron.sh
@@ -17,11 +17,13 @@ HARDENING_LEVEL=4
 # shellcheck disable=2034
 DESCRIPTION="Implemet periodic execution of file integrity."
 
-FILES="/etc/crontab $(find /etc/cron.d/ -type f)"
+FILES="/etc/crontab"
+DIRECTORY="/etc/cron.d"
 PATTERN='tripwire --check'
 
 # This function will be called if the script status is on enabled / audit mode
 audit () {
+    FILES="$FILES $($SUDO_CMD find $DIRECTORY -type f)"
     FOUND=0
     for FILE in $FILES; do
         does_pattern_exist_in_file "$FILE" "$PATTERN"
@@ -38,8 +40,15 @@ audit () {
 
 # This function will be called if the script status is on enabled mode
 apply () {
-    does_pattern_exist_in_file "$FILES" "$PATTERN"
-    if [ "$FNRET" != 0 ]; then
+    FILES="$FILES $($SUDO_CMD find $DIRECTORY -type f)"
+    FOUND=0
+    for FILE in $FILES; do
+        does_pattern_exist_in_file "$FILE" "$PATTERN"
+        if [ "$FNRET" = 0 ]; then
+            FOUND=1
+        fi
+    done
+    if [ "$FOUND" != 1 ]; then
         warn "$PATTERN is not present in $FILES, setting tripwire cron"
         echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
     else