Add commentaries, renum scripts

2024-11-24 06:21:24 +01:00 · 2020-12-22 15:58:10 +01:00 · 2020-12-22 15:58:10 +01:00 · 87e242a42d
commit 87e242a42d
parent 7f990b5e53
57 changed files with 125 additions and 104 deletions
--- a/bin/hardening/1.1.1.1_disable_freevxfs.sh
+++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of freevxfs filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_VXFS_FS"
 MODULE_NAME="freevxfs"
--- a/bin/hardening/1.1.1.2_disable_jffs2.sh
+++ b/bin/hardening/1.1.1.2_disable_jffs2.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of jffs2 filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_JFFS2_FS"
 MODULE_NAME="jffs2"
--- a/bin/hardening/1.1.1.3_disable_hfs.sh
+++ b/bin/hardening/1.1.1.3_disable_hfs.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfs filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_HFS_FS"
 MODULE_FILE="hfs"
--- a/bin/hardening/1.1.1.4_disable_hfsplus.sh
+++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfsplus filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_HFSPLUS_FS"
 MODULE_FILE="hfsplus"
--- a/bin/hardening/1.1.1.5_disable_squashfs.sh
+++ b/bin/hardening/1.1.1.5_disable_squashfs.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of squashfs filesytems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_SQUASHFS"
 MODULE_FILE="squashfs"
--- a/bin/hardening/1.1.1.6_disable_udf.sh
+++ b/bin/hardening/1.1.1.6_disable_udf.sh
@ -17,6 +17,8 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable mounting of udf filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 KERNEL_OPTION="CONFIG_UDF_FS"
 MODULE_FILE="udf"
--- a/bin/hardening/1.1.1.7_restrict_fat.sh
+++ b/bin/hardening/1.1.1.7_restrict_fat.sh
@ -17,13 +17,15 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Limit mounting of FAT filesystems."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +40,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/1.1.12_var_log_audit_partition.sh
+++ b/bin/hardening/1.1.12_var_log_audit_partition.sh
@ -1,5 +1,6 @@
 #!/bin/bash
 # run-shellcheck
 #
 # CIS Debian Hardening
 #
--- a/bin/hardening/1.1.23_disable_usb_storage.sh
+++ b/bin/hardening/1.1.23_disable_usb_storage.sh
@ -17,13 +17,15 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Disable USB storage."
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +40,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/1.4.1_install_tripwire.sh
+++ b/bin/hardening/1.4.1_install_tripwire.sh
@ -6,7 +6,7 @@
 #
 #
-# 8.3.1 Install tripwire package (Scored)
+# 1.4.1 Ensure tripwire is installed (Scored)
 #
 set -e # One error, it's over
@ -17,7 +17,8 @@ HARDENING_LEVEL=4
 # shellcheck disable=2034
 DESCRIPTION="Ensure tripwire package is installed."
-# NB : in CIS, AIDE has been chosen, however we chose tripwire
+# Note : in CIS, AIDE has been chosen, however we chose tripwire
 PACKAGE='tripwire'
 # This function will be called if the script status is on enabled / audit mode
--- a/bin/hardening/1.4.2_tripwire_cron.sh
+++ b/bin/hardening/1.4.2_tripwire_cron.sh
@ -6,7 +6,7 @@
 #
 #
-# 8.3.2 Implement Periodic Execution of File Integrity (Scored)
+# 1.4.2 Ensure filesysteme integrity is regularly checked (Scored)
 #
 set -e # One error, it's over
@ -17,6 +17,8 @@ HARDENING_LEVEL=4
 # shellcheck disable=2034
 DESCRIPTION="Implemet periodic execution of file integrity."
 # Note : in CIS, AIDE has been chosen, however we chose tripwire
 FILES="/etc/crontab"
 DIRECTORY="/etc/cron.d"
 PATTERN='tripwire --check'
--- a/bin/hardening/1.7.1.1_install_apparmor.sh
+++ b/bin/hardening/1.7.1.1_install_apparmor.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Install AppArmor."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
+++ b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Enforce or complain AppArmor profiles."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/1.7.1.4_enforcing_apparmor.sh
+++ b/bin/hardening/1.7.1.4_enforcing_apparmor.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Enforce Apparmor profiles."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh
+++ b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure systemd-timesyncd."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/2.2.17_disable_nis.sh
+++ b/bin/hardening/2.2.17_disable_nis.sh
@ -24,7 +24,7 @@ audit() {
 # This function will be called if the script status is on enabled mode
 apply() {
-   :
+    :
 }
 # This function will check config parameters required
--- a/bin/hardening/3.5.1.1_enable_firewall.sh
+++ b/bin/hardening/3.5.1.1_enable_firewall.sh
@ -17,8 +17,9 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Ensure firewall is active (iptables is installed, does not check for its configuration)."
-# Quick note here : CIS recommends your iptables rules to be persistent.
+# Note: CIS recommends your iptables rules to be persistent.
 # Do as you want, but this script does not handle this
 # At OVH, we use iptables
 PACKAGE='iptables'
--- a/bin/hardening/4.1.1.1_install_auditd.sh
+++ b/bin/hardening/4.1.1.1_install_auditd.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=4
 DESCRIPTION="Install auditd."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/4.1.1.4_audit_backlog_limit.sh
+++ b/bin/hardening/4.1.1.4_audit_backlog_limit.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=4
 DESCRIPTION="Configure audit_backlog_limit to be sufficient."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/4.2.1.1_install_syslog-ng.sh
+++ b/bin/hardening/4.2.1.1_install_syslog-ng.sh
@ -17,7 +17,7 @@ HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Install syslog-ng to manage logs"
-# NB : in CIS, rsyslog has been chosen, however we chose syslog-ng
+# Note: in CIS, rsyslog has been chosen, however we chose syslog-ng
 PACKAGE='syslog-ng'
 # This function will be called if the script status is on enabled / audit mode
--- a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh
+++ b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh
@ -12,13 +12,13 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 # Note: this is not exacly the same check as the one described in CIS PDF
 # shellcheck disable=2034
 HARDENING_LEVEL=3
 # shellcheck disable=2034
 DESCRIPTION="Create and set permissions on syslog-ng logfiles."
 # Note: this is not exacly the same check as the one described in CIS PDF
 PERMISSIONS=''
 USER=''
 GROUP=''
--- a/bin/hardening/4.2.2.1_journald_logs.sh
+++ b/bin/hardening/4.2.2.1_journald_logs.sh
@ -6,7 +6,7 @@
 #
 #
-# 4.2.2.1 Ensure journald is configured to send logs to syslog-ng (Scored) 
+# 4.2.2.1 Ensure journald is configured to send logs to syslog-ng (Scored)
 #
 set -e # One error, it's over
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure journald to send logs to syslog-ng."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/4.2.2.2_journald_compress.sh
+++ b/bin/hardening/4.2.2.2_journald_compress.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure journald to send logs to syslog-ng."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 rsyslog
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/4.2.2.3_journald_write_persistent.sh
+++ b/bin/hardening/4.2.2.3_journald_write_persistent.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure journald to write to a persistent location."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/4.3_configure_logrotate.sh
+++ b/bin/hardening/4.3_configure_logrotate.sh
@ -1,5 +1,6 @@
 #!/bin/bash
 # run-shellcheck
 #
 # CIS Debian Hardening
 #
--- a/bin/hardening/4.4_logrotate_permissions.sh
+++ b/bin/hardening/4.4_logrotate_permissions.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure logrotate to assign appropriate permissions."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.2.20_enable_ssh_pam.sh
+++ b/bin/hardening/5.2.20_enable_ssh_pam.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Enable SSH PAM."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh
+++ b/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Disable SSH AllowTCPForwarding."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.2.22_configure_ssh_max_startups.sh
+++ b/bin/hardening/5.2.22_configure_ssh_max_startups.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure SSHMaxStartups."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.2.23_limit_ssh_max_sessions.sh
+++ b/bin/hardening/5.2.23_limit_ssh_max_sessions.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Limit SSH MaxSessions."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.3.4_acc_pam_sha512.sh
+++ b/bin/hardening/5.3.4_acc_pam_sha512.sh
@ -2,7 +2,7 @@
 # run-shellcheck
 #
-# OVH Security audit
+# CIS Debian Hardening
 #
 #
@ -17,7 +17,6 @@ HARDENING_LEVEL=2
 # shellcheck disable=2034
 DESCRIPTION="Check that any password that may exist in /etc/shadow is SHA512 hashed and salted"
 CONF_FILE="/etc/pam.d/common-password"
 CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*sha512"
--- a/bin/hardening/5.4.1.5_last_password_change_past.sh
+++ b/bin/hardening/5.4.1.5_last_password_change_past.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Check that user last paswword change date is in the past."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/5.4.5_default_timeout.sh
+++ b/bin/hardening/5.4.5_default_timeout.sh
@ -18,12 +18,12 @@ HARDENING_LEVEL=3
 DESCRIPTION="Configure the default user shell timeout."
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
@ -38,8 +38,8 @@ if [ -r /etc/default/cis-hardening ]; then
    . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
-     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+    echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
-     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    echo "Cannot source CIS_ROOT_DIR variable, aborting."
    exit 128
 fi
--- a/bin/hardening/6.1.8_etc_group-_permissions.sh
+++ b/bin/hardening/6.1.8_etc_group-_permissions.sh
@ -6,7 +6,7 @@
 #
 #
-# 6.1.2 Ensure permissions on /etc/group- are configured (Scored)
+# 6.1.8 Ensure permissions on /etc/group- are configured (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/6.1.9_etc_gshadow_permissions.sh
+++ b/bin/hardening/6.1.9_etc_gshadow_permissions.sh
@ -6,7 +6,7 @@
 #
 #
-# 6.1.2 Ensure permissions on /etc/passwd are configured (Scored)
+# 6.1.9 Ensure permissions on /etc/gshadow are configured (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/99.4.0_enable_auditd_kernel.sh
+++ b/bin/hardening/99.4.0_enable_auditd_kernel.sh
--- a/src/skel
+++ b/src/skel
@ -13,12 +13,12 @@ set -e # One error, it's over
 set -u # One variable unset, it's over
 # This function will be called if the script status is on enabled / audit mode
-audit () {
+audit() {
    :
 }
 # This function will be called if the script status is on enabled mode
-apply () {
+apply() {
    :
 }
--- a/tests/hardening/1.1.1.7_restrict_fat.sh
+++ b/tests/hardening/1.1.1.7_restrict_fat.sh
@ -17,4 +17,4 @@ test_audit() {
    # the apply function because it can't be automated or it is very #
    # long to test and not very useful.                              #
    ##################################################################
-}
+}
--- a/tests/hardening/1.1.23_disable_usb_storage.sh
+++ b/tests/hardening/1.1.23_disable_usb_storage.sh
@ -13,4 +13,4 @@ test_audit() {
    # the apply function because it can't be automated or it is very #
    # long to test and not very useful.                              #
    ##################################################################
-}
+}
--- a/tests/hardening/1.4.1_install_tripwire.sh
+++ b/tests/hardening/1.4.1_install_tripwire.sh
--- a/tests/hardening/1.4.2_tripwire_cron.sh
+++ b/tests/hardening/1.4.2_tripwire_cron.sh
--- a/tests/hardening/1.7.1.1_install_apparmor.sh
+++ b/tests/hardening/1.7.1.1_install_apparmor.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
+++ b/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/1.7.1.4_enforcing_apparmor.sh
+++ b/tests/hardening/1.7.1.4_enforcing_apparmor.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh
+++ b/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/4.1.1.1_install_auditd.sh
+++ b/tests/hardening/4.1.1.1_install_auditd.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/4.2.2.1_journald_logs.sh
+++ b/tests/hardening/4.2.2.1_journald_logs.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/4.2.2.2_journald_compress.sh
+++ b/tests/hardening/4.2.2.2_journald_compress.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/4.2.2.3_journald_write_persistent.sh
+++ b/tests/hardening/4.2.2.3_journald_write_persistent.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/4.4_logrotate_permissions.sh
+++ b/tests/hardening/4.4_logrotate_permissions.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.2.20_enable_ssh_pam.sh
+++ b/tests/hardening/5.2.20_enable_ssh_pam.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh
+++ b/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.2.22_configure_ssh_max_startups.sh
+++ b/tests/hardening/5.2.22_configure_ssh_max_startups.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.2.23_limit_ssh_max_sessions.sh
+++ b/tests/hardening/5.2.23_limit_ssh_max_sessions.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.4.1.5_last_password_change_past.sh
+++ b/tests/hardening/5.4.1.5_last_password_change_past.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/5.4.5_default_timeout.sh
+++ b/tests/hardening/5.4.5_default_timeout.sh
@ -8,4 +8,4 @@ test_audit() {
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
    # TODO fill comprehensive tests
-}
+}
--- a/tests/hardening/99.4.0_enable_auditd_kernel.sh
+++ b/tests/hardening/99.4.0_enable_auditd_kernel.sh