IMP(shellcheck): fix quote placement in awk (SC1083)

2024-11-21 13:07:01 +01:00 · 2020-12-07 15:01:22 +01:00 · 2020-12-07 15:01:22 +01:00 · ac66cdacd0
commit ac66cdacd0
parent 8012234096
9 changed files with 30 additions and 30 deletions
--- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
@ -20,7 +20,7 @@ DESCRIPTION="Set sticky bit on world writable directories to prevent users from
 # This function will be called if the script status is on enabled / audit mode
 audit() {
    info "Checking if setuid is set on world writable Directories"
-    FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'})
+    FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
    RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
    if [ -n "$RESULT" ]; then
        crit "Some world writable directories are not on sticky bit mode!"
@ -33,9 +33,9 @@ audit() {

 # This function will be called if the script status is on enabled mode
 apply() {
-    RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
+    RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
    if [ -n "$RESULT" ]; then
-        df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
+        df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
    else
        ok "All world writable directories have a sticky bit, nothing to apply"
    fi
--- a/bin/hardening/6.1.10_find_world_writable_file.sh
+++ b/bin/hardening/6.1.10_find_world_writable_file.sh
@ -20,7 +20,7 @@ DESCRIPTION="Ensure no world writable files exist"
 # This function will be called if the script status is on enabled / audit mode
 audit() {
    info "Checking if there are world writable files"
-    FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'})
+    FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
    RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null)
    if [ -n "$RESULT" ]; then
        crit "Some world writable files are present"
@ -33,10 +33,10 @@ audit() {

 # This function will be called if the script status is on enabled mode
 apply() {
-    RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
+    RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
    if [ -n "$RESULT" ]; then
        warn "chmoding o-w all files in the system"
-        df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null | xargs chmod o-w
+        df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null | xargs chmod o-w
    else
        ok "No world writable files found, nothing to apply"
    fi
--- a/bin/hardening/6.1.11_find_unowned_files.sh
+++ b/bin/hardening/6.1.11_find_unowned_files.sh
@ -23,7 +23,7 @@ EXCLUDED=''
 # This function will be called if the script status is on enabled / audit mode
 audit() {
    info "Checking if there are unowned files"
-    FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'})
+    FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
    if [ -n "$EXCLUDED" ]; then
        RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
    else
@ -41,13 +41,13 @@ audit() {
 # This function will be called if the script status is on enabled mode
 apply() {
    if [ -n "$EXCLUDED" ]; then
-        RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
+        RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
    else
-        RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
+        RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
    fi
    if [ -n "$RESULT" ]; then
        warn "Applying chown on all unowned files in the system"
-        df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
+        df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
    else
        ok "No unowned files found, nothing to apply"
    fi
--- a/bin/hardening/6.1.12_find_ungrouped_files.sh
+++ b/bin/hardening/6.1.12_find_ungrouped_files.sh
@ -23,7 +23,7 @@ EXCLUDED=''
 # This function will be called if the script status is on enabled / audit mode
 audit() {
    info "Checking if there are ungrouped files"
-    FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'})
+    FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
    if [ -n "$EXCLUDED" ]; then
        RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
    else
@ -41,13 +41,13 @@ audit() {
 # This function will be called if the script status is on enabled mode
 apply() {
    if [ -n "$EXCLUDED" ]; then
-        RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
+        RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
    else
-        RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
+        RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
    fi
    if [ -n "$RESULT" ]; then
        warn "Applying chgrp on all ungrouped files in the system"
-        df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
+        df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
    else
        ok "No ungrouped files found, nothing to apply"
    fi
--- a/bin/hardening/6.2.18_check_duplicate_username.sh
+++ b/bin/hardening/6.2.18_check_duplicate_username.sh
@ -21,11 +21,11 @@ ERRORS=0

 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    RESULT=$(get_db passwd | cut -f1 -d":" | sort -n | uniq -c | awk {'print $1":"$2'})
+    RESULT=$(get_db passwd | cut -f1 -d":" | sort -n | uniq -c | awk '{print $1":"$2}')
    for LINE in $RESULT; do
        debug "Working on line $LINE"
-        OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
-        USERNAME=$(awk -F: {'print $2'} <<<$LINE)
+        OCC_NUMBER=$(awk -F: '{print $1}' <<<$LINE)
+        USERNAME=$(awk -F: '{print $2}' <<<$LINE)
        if [ $OCC_NUMBER -gt 1 ]; then
            # shellcheck disable=2034
            USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs)
--- a/bin/hardening/6.2.19_check_duplicate_groupname.sh
+++ b/bin/hardening/6.2.19_check_duplicate_groupname.sh
@ -21,11 +21,11 @@ ERRORS=0

 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    RESULT=$(get_db group | cut -f1 -d":" | sort -n | uniq -c | awk {'print $1":"$2'})
+    RESULT=$(get_db group | cut -f1 -d":" | sort -n | uniq -c | awk '{print $1":"$2}')
    for LINE in $RESULT; do
        debug "Working on line $LINE"
-        OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE)
-        GROUPNAME=$(awk -F: {'print $2'} <<<$LINE)
+        OCC_NUMBER=$(awk -F: '{print $1}' <<<$LINE)
+        GROUPNAME=$(awk -F: '{print $2}' <<<$LINE)
        if [ $OCC_NUMBER -gt 1 ]; then
            # shellcheck disable=2034
            USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs)
--- a/bin/hardening/6.2.7_users_valid_homedir.sh
+++ b/bin/hardening/6.2.7_users_valid_homedir.sh
@ -24,9 +24,9 @@ audit() {
    RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
    for LINE in $RESULT; do
        debug "Working on $LINE"
-        USER=$(awk -F: {'print $1'} <<<$LINE)
-        USERID=$(awk -F: {'print $2'} <<<$LINE)
-        DIR=$(awk -F: {'print $3'} <<<$LINE)
+        USER=$(awk -F: '{print $1}' <<<$LINE)
+        USERID=$(awk -F: '{print $2}' <<<$LINE)
+        DIR=$(awk -F: '{print $3}' <<<$LINE)
        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
            crit "The home directory ($DIR) of user $USER does not exist."
            ERRORS=$((ERRORS + 1))
--- a/bin/hardening/6.2.9_users_valid_homedir.sh
+++ b/bin/hardening/6.2.9_users_valid_homedir.sh
@ -27,9 +27,9 @@ audit() {
    RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
    for LINE in $RESULT; do
        debug "Working on $LINE"
-        USER=$(awk -F: {'print $1'} <<<$LINE)
-        USERID=$(awk -F: {'print $2'} <<<$LINE)
-        DIR=$(awk -F: {'print $3'} <<<$LINE)
+        USER=$(awk -F: '{print $1}' <<<$LINE)
+        USERID=$(awk -F: '{print $2}' <<<$LINE)
+        DIR=$(awk -F: '{print $3}' <<<$LINE)
        if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
            crit "The home directory ($DIR) of user $USER does not exist."
            ERRORS=$((ERRORS + 1))
--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -327,12 +327,12 @@ is_mounted() {
 has_mount_option() {
    local PARTITION=$1
    local OPTION=$2
-    if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $4'} | grep -q "bind"); then
-        local actual_partition="$(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $1'})"
+    if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "bind"); then
+        local actual_partition="$(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $1}')"
        debug "$PARTITION is a bind mount of $actual_partition"
        PARTITION="$actual_partition"
    fi
-    if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $4'} | grep -q "$OPTION"); then
+    if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "$OPTION"); then
        debug "$OPTION has been detected in fstab for partition $PARTITION"
        FNRET=0
    else
@ -345,7 +345,7 @@ has_mount_option() {
 has_mounted_option() {
    local PARTITION=$1
    local OPTION=$2
-    if $(grep "[[:space:]]$1[[:space:]]" /proc/mounts | awk {'print $4'} | grep -q "$2"); then
+    if $(grep "[[:space:]]$1[[:space:]]" /proc/mounts | awk '{print $4}' | grep -q "$2"); then
        debug "$OPTION has been detected in /proc/mounts for partition $PARTITION"
        FNRET=0
    else