IMP(shellcheck): fix quote placement in awk (SC1083)

This commit is contained in:
Thibault Ayanides 2020-12-07 15:01:22 +01:00
parent 8012234096
commit ac66cdacd0
9 changed files with 30 additions and 30 deletions

View File

@ -20,7 +20,7 @@ DESCRIPTION="Set sticky bit on world writable directories to prevent users from
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
info "Checking if setuid is set on world writable Directories" info "Checking if setuid is set on world writable Directories"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'}) FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
crit "Some world writable directories are not on sticky bit mode!" crit "Some world writable directories are not on sticky bit mode!"
@ -33,9 +33,9 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
else else
ok "All world writable directories have a sticky bit, nothing to apply" ok "All world writable directories have a sticky bit, nothing to apply"
fi fi

View File

@ -20,7 +20,7 @@ DESCRIPTION="Ensure no world writable files exist"
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
info "Checking if there are world writable files" info "Checking if there are world writable files"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'}) FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
crit "Some world writable files are present" crit "Some world writable files are present"
@ -33,10 +33,10 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
warn "chmoding o-w all files in the system" warn "chmoding o-w all files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null | xargs chmod o-w df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print 2>/dev/null | xargs chmod o-w
else else
ok "No world writable files found, nothing to apply" ok "No world writable files found, nothing to apply"
fi fi

View File

@ -23,7 +23,7 @@ EXCLUDED=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
info "Checking if there are unowned files" info "Checking if there are unowned files"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'}) FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else else
@ -41,13 +41,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
else else
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -ls 2>/dev/null)
fi fi
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
warn "Applying chown on all unowned files in the system" warn "Applying chown on all unowned files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nouser -print 2>/dev/null | xargs chown $USER
else else
ok "No unowned files found, nothing to apply" ok "No unowned files found, nothing to apply"
fi fi

View File

@ -23,7 +23,7 @@ EXCLUDED=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
info "Checking if there are ungrouped files" info "Checking if there are ungrouped files"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'}) FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else else
@ -41,13 +41,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -ls 2>/dev/null)
else else
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null) RESULT=$(df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -ls 2>/dev/null)
fi fi
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
warn "Applying chgrp on all ungrouped files in the system" warn "Applying chgrp on all ungrouped files in the system"
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP df --local -P | awk '{if (NR!=1) print $6}' | xargs -I '{}' find '{}' -xdev -nogroup -print 2>/dev/null | xargs chgrp $GROUP
else else
ok "No ungrouped files found, nothing to apply" ok "No ungrouped files found, nothing to apply"
fi fi

View File

@ -21,11 +21,11 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
RESULT=$(get_db passwd | cut -f1 -d":" | sort -n | uniq -c | awk {'print $1":"$2'}) RESULT=$(get_db passwd | cut -f1 -d":" | sort -n | uniq -c | awk '{print $1":"$2}')
for LINE in $RESULT; do for LINE in $RESULT; do
debug "Working on line $LINE" debug "Working on line $LINE"
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE) OCC_NUMBER=$(awk -F: '{print $1}' <<<$LINE)
USERNAME=$(awk -F: {'print $2'} <<<$LINE) USERNAME=$(awk -F: '{print $2}' <<<$LINE)
if [ $OCC_NUMBER -gt 1 ]; then if [ $OCC_NUMBER -gt 1 ]; then
# shellcheck disable=2034 # shellcheck disable=2034
USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs) USERS=$(awk -F: '($3 == n) { print $1 }' n=$USERNAME /etc/passwd | xargs)

View File

@ -21,11 +21,11 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
RESULT=$(get_db group | cut -f1 -d":" | sort -n | uniq -c | awk {'print $1":"$2'}) RESULT=$(get_db group | cut -f1 -d":" | sort -n | uniq -c | awk '{print $1":"$2}')
for LINE in $RESULT; do for LINE in $RESULT; do
debug "Working on line $LINE" debug "Working on line $LINE"
OCC_NUMBER=$(awk -F: {'print $1'} <<<$LINE) OCC_NUMBER=$(awk -F: '{print $1}' <<<$LINE)
GROUPNAME=$(awk -F: {'print $2'} <<<$LINE) GROUPNAME=$(awk -F: '{print $2}' <<<$LINE)
if [ $OCC_NUMBER -gt 1 ]; then if [ $OCC_NUMBER -gt 1 ]; then
# shellcheck disable=2034 # shellcheck disable=2034
USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs) USERS=$(awk -F: '($3 == n) { print $1 }' n=$GROUPNAME /etc/passwd | xargs)

View File

@ -24,9 +24,9 @@ audit() {
RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }') RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
for LINE in $RESULT; do for LINE in $RESULT; do
debug "Working on $LINE" debug "Working on $LINE"
USER=$(awk -F: {'print $1'} <<<$LINE) USER=$(awk -F: '{print $1}' <<<$LINE)
USERID=$(awk -F: {'print $2'} <<<$LINE) USERID=$(awk -F: '{print $2}' <<<$LINE)
DIR=$(awk -F: {'print $3'} <<<$LINE) DIR=$(awk -F: '{print $3}' <<<$LINE)
if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
crit "The home directory ($DIR) of user $USER does not exist." crit "The home directory ($DIR) of user $USER does not exist."
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))

View File

@ -27,9 +27,9 @@ audit() {
RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }') RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
for LINE in $RESULT; do for LINE in $RESULT; do
debug "Working on $LINE" debug "Working on $LINE"
USER=$(awk -F: {'print $1'} <<<$LINE) USER=$(awk -F: '{print $1}' <<<$LINE)
USERID=$(awk -F: {'print $2'} <<<$LINE) USERID=$(awk -F: '{print $2}' <<<$LINE)
DIR=$(awk -F: {'print $3'} <<<$LINE) DIR=$(awk -F: '{print $3}' <<<$LINE)
if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then if [ $USERID -ge 1000 ] && [ ! -d "$DIR" ] && [ $USER != "nfsnobody" ] && [ $USER != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
crit "The home directory ($DIR) of user $USER does not exist." crit "The home directory ($DIR) of user $USER does not exist."
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))

View File

@ -327,12 +327,12 @@ is_mounted() {
has_mount_option() { has_mount_option() {
local PARTITION=$1 local PARTITION=$1
local OPTION=$2 local OPTION=$2
if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $4'} | grep -q "bind"); then if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "bind"); then
local actual_partition="$(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $1'})" local actual_partition="$(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $1}')"
debug "$PARTITION is a bind mount of $actual_partition" debug "$PARTITION is a bind mount of $actual_partition"
PARTITION="$actual_partition" PARTITION="$actual_partition"
fi fi
if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk {'print $4'} | grep -q "$OPTION"); then if $(grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "$OPTION"); then
debug "$OPTION has been detected in fstab for partition $PARTITION" debug "$OPTION has been detected in fstab for partition $PARTITION"
FNRET=0 FNRET=0
else else
@ -345,7 +345,7 @@ has_mount_option() {
has_mounted_option() { has_mounted_option() {
local PARTITION=$1 local PARTITION=$1
local OPTION=$2 local OPTION=$2
if $(grep "[[:space:]]$1[[:space:]]" /proc/mounts | awk {'print $4'} | grep -q "$2"); then if $(grep "[[:space:]]$1[[:space:]]" /proc/mounts | awk '{print $4}' | grep -q "$2"); then
debug "$OPTION has been detected in /proc/mounts for partition $PARTITION" debug "$OPTION has been detected in /proc/mounts for partition $PARTITION"
FNRET=0 FNRET=0
else else