From bc1aa65b91806c2e6ac208836268c52bc313943a Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Mon, 30 Nov 2020 13:05:41 +0100 Subject: [PATCH] IMP(shellcheck): quote variable in tests (SC2086) --- .../hardening/5.1.2_crontab_perm_ownership.sh | 8 ++++---- .../5.1.3_cron_hourly_perm_ownership.sh | 8 ++++---- .../5.1.4_cron_daily_perm_ownership.sh | 8 ++++---- .../5.1.5_cron_weekly_perm_ownership.sh | 8 ++++---- .../5.1.6_cron_monthly_perm_ownership.sh | 8 ++++---- tests/hardening/5.1.7_cron_d_perm_ownership.sh | 8 ++++---- tests/hardening/5.1.8_cron_users.sh | 12 ++++++------ .../5.2.1_sshd_conf_perm_ownership.sh | 8 ++++---- ...2.2_ssh_host_private_keys_perm_ownership.sh | 10 +++++----- ....2.3_ssh_host_public_keys_perm_ownership.sh | 10 +++++----- .../5.2.8_enable_sshd_ignorerhosts.sh | 2 +- .../6.1.10_find_world_writable_file.sh | 4 ++-- tests/hardening/6.1.11_find_unowned_files.sh | 4 ++-- tests/hardening/6.1.12_find_ungrouped_files.sh | 4 ++-- tests/hardening/6.1.13_find_suid_files.sh | 4 ++-- tests/hardening/6.1.14_find_sgid_files.sh | 4 ++-- .../hardening/6.1.5_etc_passwd_permissions.sh | 8 ++++---- .../hardening/6.1.6_etc_shadow_permissions.sh | 8 ++++---- tests/hardening/6.1.7_etc_group_permissions.sh | 8 ++++---- .../6.2.10_check_user_dot_file_perm.sh | 8 ++++---- .../6.2.11_find_user_forward_files.sh | 6 +++--- .../hardening/6.2.12_find_user_netrc_files.sh | 6 +++--- .../hardening/6.2.13_set_perm_on_user_netrc.sh | 8 ++++---- .../hardening/6.2.14_find_user_rhosts_files.sh | 6 +++--- ...6.2.15_find_passwd_group_inconsistencies.sh | 4 ++-- .../6.2.18_check_duplicate_username.sh | 10 +++++----- .../6.2.19_check_duplicate_groupname.sh | 10 +++++----- .../6.2.1_remove_empty_password_field.sh | 4 ++-- tests/hardening/6.2.20_shadow_group_empty.sh | 10 +++++----- .../6.2.2_remove_legacy_passwd_entries.sh | 6 +++--- .../6.2.3_remove_legacy_shadow_entries.sh | 4 ++-- .../6.2.4_remove_legacy_group_entries.sh | 4 ++-- tests/hardening/6.2.6_sanitize_root_path.sh | 18 +++++++++--------- tests/hardening/6.2.7_users_valid_homedir.sh | 4 ++-- tests/hardening/6.2.8_check_user_dir_perm.sh | 6 +++--- tests/hardening/6.2.9_users_valid_homedir.sh | 6 +++--- 36 files changed, 127 insertions(+), 127 deletions(-) diff --git a/tests/hardening/5.1.2_crontab_perm_ownership.sh b/tests/hardening/5.1.2_crontab_perm_ownership.sh index 2bb0c2e..c0351bc 100644 --- a/tests/hardening/5.1.2_crontab_perm_ownership.sh +++ b/tests/hardening/5.1.2_crontab_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/crontab" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh index 73ad9c2..983a443 100644 --- a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh +++ b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/cron.hourly" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh index bbbd78f..d531575 100644 --- a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh +++ b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/cron.daily" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh index bf09fc8..0523685 100644 --- a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh +++ b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/cron.weekly" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh index 56ff380..ef8f8b8 100644 --- a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh +++ b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/cron.monthly" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.7_cron_d_perm_ownership.sh b/tests/hardening/5.1.7_cron_d_perm_ownership.sh index 6c653c1..d260985 100644 --- a/tests/hardening/5.1.7_cron_d_perm_ownership.sh +++ b/tests/hardening/5.1.7_cron_d_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/cron.d" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.1.8_cron_users.sh b/tests/hardening/5.1.8_cron_users.sh index 8d1ca71..ab0b2c7 100644 --- a/tests/hardening/5.1.8_cron_users.sh +++ b/tests/hardening/5.1.8_cron_users.sh @@ -22,28 +22,28 @@ test_audit() { touch /etc/cron.allow /etc/at.allow describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user /etc/cron.allow - chown $test_user:$test_user /etc/at.allow + useradd "$test_user" + chown "$test_user":"$test_user" /etc/cron.allow + chown "$test_user":"$test_user" /etc/at.allow register_test retvalshouldbe 1 register_test contain "/etc/cron.allow ownership was not set to" register_test contain "/etc/at.allow ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - userdel $test_user + userdel "$test_user" describe correcting situation sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user + useradd "$test_user" chmod 777 /etc/cron.allow chmod 777 /etc/at.allow register_test retvalshouldbe 1 register_test contain "/etc/cron.allow permissions were not set to" register_test contain "/etc/at.allow permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - userdel $test_user + userdel "$test_user" describe correcting situation sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg diff --git a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh index d2263d7..d47333f 100644 --- a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh +++ b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/ssh/sshd_config" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh index 664515b..f123371 100755 --- a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh +++ b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh @@ -10,10 +10,10 @@ test_audit() { local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key" - touch $test_file + touch "$test_file" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -23,8 +23,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -40,5 +40,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh index cb83567..5da49e7 100755 --- a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh +++ b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh @@ -10,10 +10,10 @@ test_audit() { local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key.pub" - touch $test_file + touch "$test_file" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -23,8 +23,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -40,5 +40,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh index ddaa318..7c3044f 100644 --- a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -18,5 +18,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all} + run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all } \ No newline at end of file diff --git a/tests/hardening/6.1.10_find_world_writable_file.sh b/tests/hardening/6.1.10_find_world_writable_file.sh index 5547201..f268b76 100755 --- a/tests/hardening/6.1.10_find_world_writable_file.sh +++ b/tests/hardening/6.1.10_find_world_writable_file.sh @@ -14,8 +14,8 @@ test_audit() { describe Tests purposely failing local targetfile="/home/secaudit/worldwritable" - touch $targetfile - chmod 777 $targetfile + touch "$targetfile" + chmod 777 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some world writable files are present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all diff --git a/tests/hardening/6.1.11_find_unowned_files.sh b/tests/hardening/6.1.11_find_unowned_files.sh index 5247870..b2d9b09 100755 --- a/tests/hardening/6.1.11_find_unowned_files.sh +++ b/tests/hardening/6.1.11_find_unowned_files.sh @@ -9,8 +9,8 @@ test_audit() { describe Tests purposely failing local targetfile="/home/secaudit/unowned" - touch $targetfile - chown 1200 $targetfile + touch "$targetfile" + chown 1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some unowned files are present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all diff --git a/tests/hardening/6.1.12_find_ungrouped_files.sh b/tests/hardening/6.1.12_find_ungrouped_files.sh index 19fffc7..f6bbfd1 100755 --- a/tests/hardening/6.1.12_find_ungrouped_files.sh +++ b/tests/hardening/6.1.12_find_ungrouped_files.sh @@ -9,8 +9,8 @@ test_audit() { describe Tests purposely failing local targetfile="/home/secaudit/ungrouped" - touch $targetfile - chown 1200:1200 $targetfile + touch "$targetfile" + chown 1200:1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some ungrouped files are present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all diff --git a/tests/hardening/6.1.13_find_suid_files.sh b/tests/hardening/6.1.13_find_suid_files.sh index 4655210..35c14ec 100755 --- a/tests/hardening/6.1.13_find_suid_files.sh +++ b/tests/hardening/6.1.13_find_suid_files.sh @@ -14,8 +14,8 @@ test_audit() { describe Tests purposely failing local targetfile="/home/secaudit/suid_file" - touch $targetfile - chmod 4700 $targetfile + touch "$targetfile" + chmod 4700 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some suid files are present" register_test contain "$targetfile" diff --git a/tests/hardening/6.1.14_find_sgid_files.sh b/tests/hardening/6.1.14_find_sgid_files.sh index 6dc332f..6cd67d4 100755 --- a/tests/hardening/6.1.14_find_sgid_files.sh +++ b/tests/hardening/6.1.14_find_sgid_files.sh @@ -15,8 +15,8 @@ test_audit() { describe Tests purposely failing local targetfile="/home/secaudit/sgid_file" - touch $targetfile - chmod 2700 $targetfile + touch "$targetfile" + chmod 2700 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some sgid files are present" register_test contain "$targetfile" diff --git a/tests/hardening/6.1.5_etc_passwd_permissions.sh b/tests/hardening/6.1.5_etc_passwd_permissions.sh index b52c9a3..f489eda 100644 --- a/tests/hardening/6.1.5_etc_passwd_permissions.sh +++ b/tests/hardening/6.1.5_etc_passwd_permissions.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/passwd" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.1.6_etc_shadow_permissions.sh b/tests/hardening/6.1.6_etc_shadow_permissions.sh index a7c86b9..62e2b47 100644 --- a/tests/hardening/6.1.6_etc_shadow_permissions.sh +++ b/tests/hardening/6.1.6_etc_shadow_permissions.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/shadow" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.1.7_etc_group_permissions.sh b/tests/hardening/6.1.7_etc_group_permissions.sh index 6ed5526..71ce1d7 100644 --- a/tests/hardening/6.1.7_etc_group_permissions.sh +++ b/tests/hardening/6.1.7_etc_group_permissions.sh @@ -11,7 +11,7 @@ test_audit() { local test_file="/etc/group" describe Tests purposely failing - chmod 777 $test_file + chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -21,8 +21,8 @@ test_audit() { /opt/debian-cis/bin/hardening/"${script}".sh --apply || true describe Tests purposely failing - useradd $test_user - chown $test_user:$test_user $test_file + useradd "$test_user" + chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -38,5 +38,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.10_check_user_dot_file_perm.sh b/tests/hardening/6.2.10_check_user_dot_file_perm.sh index 0f2a4ec..e61acea 100644 --- a/tests/hardening/6.2.10_check_user_dot_file_perm.sh +++ b/tests/hardening/6.2.10_check_user_dot_file_perm.sh @@ -11,9 +11,9 @@ test_audit() { local test_file=".test" describe Tests purposely failing - useradd --create-home $test_user - touch /home/$test_user/$test_file - chmod 777 /home/$test_user/$test_file + useradd --create-home "$test_user" + touch "/home/$test_user/$test_file" + chmod 777 "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "Group Write permission set on FILE" register_test contain "Other Write permission set on FILE" @@ -29,5 +29,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } diff --git a/tests/hardening/6.2.11_find_user_forward_files.sh b/tests/hardening/6.2.11_find_user_forward_files.sh index 6990827..93ee353 100644 --- a/tests/hardening/6.2.11_find_user_forward_files.sh +++ b/tests/hardening/6.2.11_find_user_forward_files.sh @@ -11,12 +11,12 @@ test_audit() { local test_file=".forward" describe Tests purposely failing - useradd --create-home $test_user - touch /home/$test_user/$test_file + useradd --create-home "$test_user" + touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } diff --git a/tests/hardening/6.2.12_find_user_netrc_files.sh b/tests/hardening/6.2.12_find_user_netrc_files.sh index ca50906..7bb7d86 100644 --- a/tests/hardening/6.2.12_find_user_netrc_files.sh +++ b/tests/hardening/6.2.12_find_user_netrc_files.sh @@ -11,12 +11,12 @@ test_audit() { local test_file=".netrc" describe Tests purposely failing - useradd --create-home $test_user - touch /home/$test_user/$test_file + useradd --create-home "$test_user" + touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } diff --git a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh index 5d86d81..8dd788e 100644 --- a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -11,9 +11,9 @@ test_audit() { local test_file=".netrc" describe Tests purposely failing - useradd --create-home $test_user - touch /home/$test_user/$test_file - chmod 777 /home/$test_user/$test_file + useradd --create-home "$test_user" + touch "/home/$test_user/$test_file" + chmod 777 "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -28,5 +28,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } diff --git a/tests/hardening/6.2.14_find_user_rhosts_files.sh b/tests/hardening/6.2.14_find_user_rhosts_files.sh index 904cb34..6b769e2 100755 --- a/tests/hardening/6.2.14_find_user_rhosts_files.sh +++ b/tests/hardening/6.2.14_find_user_rhosts_files.sh @@ -11,12 +11,12 @@ test_audit() { local test_file=".rhosts" describe Tests purposely failing - useradd --create-home $test_user - touch /home/$test_user/$test_file + useradd --create-home "$test_user" + touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } \ No newline at end of file diff --git a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh index 3f2029d..8bc6454 100644 --- a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh +++ b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh @@ -11,11 +11,11 @@ test_audit() { local dir="/etc/passwd" describe Tests purposely failing - echo "$test_user:x:1100:1100::/home/$test_user:" >> $dir + echo "$test_user:x:1100:1100::/home/$test_user:" >> "$dir" register_test retvalshouldbe 1 register_test contain "is referenced by /etc/passwd but does not exist in /etc/group" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.18_check_duplicate_username.sh b/tests/hardening/6.2.18_check_duplicate_username.sh index 8f27c9e..2a7229d 100644 --- a/tests/hardening/6.2.18_check_duplicate_username.sh +++ b/tests/hardening/6.2.18_check_duplicate_username.sh @@ -11,14 +11,14 @@ test_audit() { local dir="/etc/passwd" describe Tests purposely failing - useradd $test_user - temp=$(tail -1 $dir) - echo $temp >> $dir + useradd "$test_user" + temp=$(tail -1 "$dir") + echo "$temp" >> "$dir" register_test retvalshouldbe 1 register_test contain "Duplicate username" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - sed -i '$ d' $dir - userdel $test_user + sed -i '$ d' "$dir" + userdel "$test_user" } diff --git a/tests/hardening/6.2.19_check_duplicate_groupname.sh b/tests/hardening/6.2.19_check_duplicate_groupname.sh index 5445b3a..4a709d6 100644 --- a/tests/hardening/6.2.19_check_duplicate_groupname.sh +++ b/tests/hardening/6.2.19_check_duplicate_groupname.sh @@ -11,14 +11,14 @@ test_audit() { local dir="/etc/group" describe Tests purposely failing - useradd $test_group - temp=$(tail -1 $dir) - echo $temp >> $dir + useradd "$test_group" + temp=$(tail -1 "$dir") + echo "$temp" >> "$dir" register_test retvalshouldbe 1 register_test contain "Duplicate group" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - sed -i '$ d' $dir - userdel $test_group + sed -i '$ d' "$dir" + userdel "$test_group" } diff --git a/tests/hardening/6.2.1_remove_empty_password_field.sh b/tests/hardening/6.2.1_remove_empty_password_field.sh index e833dfb..b6e9a26 100644 --- a/tests/hardening/6.2.1_remove_empty_password_field.sh +++ b/tests/hardening/6.2.1_remove_empty_password_field.sh @@ -10,7 +10,7 @@ test_audit() { local test_user="testemptypassworduser" describe Tests purposely failing - useradd $test_user + useradd "$test_user" sed -i "s/$test_user:\!/$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have an empty password" @@ -26,5 +26,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.20_shadow_group_empty.sh b/tests/hardening/6.2.20_shadow_group_empty.sh index 3fb0a61..3be62ac 100644 --- a/tests/hardening/6.2.20_shadow_group_empty.sh +++ b/tests/hardening/6.2.20_shadow_group_empty.sh @@ -10,18 +10,18 @@ test_audit() { local test_user="testshadowuser" describe Tests purposely failing - useradd $test_user - usermod -aG shadow $test_user + useradd "$test_user" + usermod -aG shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users belong to shadow group" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - userdel $test_user + userdel "$test_user" describe Tests purposely failing - useradd --no-user-group -g shadow $test_user + useradd --no-user-group -g shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users have shadow id as their primary group" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh index 0e58e83..24916cc 100644 --- a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -10,7 +10,7 @@ test_audit() { local test_user="testetcpasswduser" describe Tests purposely failing - useradd $test_user + useradd "$test_user" sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" @@ -27,6 +27,6 @@ test_audit() { # cleanup groupdel $test_user - useradd $test_user - userdel $test_user + useradd "$test_user" + userdel "$test_user" } diff --git a/tests/hardening/6.2.3_remove_legacy_shadow_entries.sh b/tests/hardening/6.2.3_remove_legacy_shadow_entries.sh index d0d0661..d61e2ad 100644 --- a/tests/hardening/6.2.3_remove_legacy_shadow_entries.sh +++ b/tests/hardening/6.2.3_remove_legacy_shadow_entries.sh @@ -10,7 +10,7 @@ test_audit() { local test_user="testetcshadowusr" describe Tests purposely failing - useradd $test_user + useradd "$test_user" sed -i "s/$test_user:/+:$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" @@ -26,6 +26,6 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.4_remove_legacy_group_entries.sh b/tests/hardening/6.2.4_remove_legacy_group_entries.sh index bd1a804..07f395f 100644 --- a/tests/hardening/6.2.4_remove_legacy_group_entries.sh +++ b/tests/hardening/6.2.4_remove_legacy_group_entries.sh @@ -10,7 +10,7 @@ test_audit() { local test_user="testetcgroupuser" describe Tests purposely failing - useradd $test_user + useradd "$test_user" sed -i "s/$test_user:x/+:$test_user:x/" /etc/group register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy group entry" @@ -26,5 +26,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel $test_user + userdel "$test_user" } diff --git a/tests/hardening/6.2.6_sanitize_root_path.sh b/tests/hardening/6.2.6_sanitize_root_path.sh index 353aa14..92a2080 100644 --- a/tests/hardening/6.2.6_sanitize_root_path.sh +++ b/tests/hardening/6.2.6_sanitize_root_path.sh @@ -26,30 +26,30 @@ test_audit() { run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all describe Tests purposely failing - mkdir -m 770 $dir + mkdir -m 770 "$dir" register_test retvalshouldbe 1 register_test contain "Group Write permission set on directory $dir" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean - rmdir $dir + rmdir "$dir" describe Tests purposely failing - mkdir -m 707 $dir + mkdir -m 707 "$dir" register_test retvalshouldbe 1 register_test contain "Other Write permission set on directory $dir" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean - rmdir $dir + rmdir "$dir" describe Tests purposely failing - useradd $test_user - mkdir -m 700 $dir - chown userrootpathtest:userrootpathtest $dir + useradd "$test_user" + mkdir -m 700 "$dir" + chown "$test_user":"$test_user" "$dir" register_test retvalshouldbe 1 register_test contain "$dir is not owned by root" run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # clean - rmdir $dir - userdel $test_user + rmdir "$dir" + userdel "$test_user" } diff --git a/tests/hardening/6.2.7_users_valid_homedir.sh b/tests/hardening/6.2.7_users_valid_homedir.sh index cf76db2..ce27f50 100755 --- a/tests/hardening/6.2.7_users_valid_homedir.sh +++ b/tests/hardening/6.2.7_users_valid_homedir.sh @@ -8,12 +8,12 @@ test_audit() { run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all local test_user="userwithouthome" - useradd $test_user + useradd "$test_user" describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "does not exist." run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel $test_user + userdel "$test_user" } \ No newline at end of file diff --git a/tests/hardening/6.2.8_check_user_dir_perm.sh b/tests/hardening/6.2.8_check_user_dir_perm.sh index ad3479b..6c4226f 100644 --- a/tests/hardening/6.2.8_check_user_dir_perm.sh +++ b/tests/hardening/6.2.8_check_user_dir_perm.sh @@ -10,8 +10,8 @@ test_audit() { local test_user="testhomepermuser" describe Tests purposely failing - useradd --create-home $test_user - chmod 777 /home/$test_user + useradd --create-home "$test_user" + chmod 777 /home/"$test_user" register_test retvalshouldbe 1 register_test contain "Group Write permission set on directory" register_test contain "Other Read permission set on directory" @@ -30,5 +30,5 @@ test_audit() { run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # cleanup - userdel -r $test_user + userdel -r "$test_user" } diff --git a/tests/hardening/6.2.9_users_valid_homedir.sh b/tests/hardening/6.2.9_users_valid_homedir.sh index 00c62fa..82cb707 100644 --- a/tests/hardening/6.2.9_users_valid_homedir.sh +++ b/tests/hardening/6.2.9_users_valid_homedir.sh @@ -15,8 +15,8 @@ test_audit() { local test_user="testhomeuser" describe Test purposely failing - useradd -m $test_user - chown root:root /home/$test_user + useradd -m "$test_user" + chown root:root /home/"$test_user" register_test retvalshouldbe 1 register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root" run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -31,5 +31,5 @@ test_audit() { # Cleanup rm -rf "/home/${test_user:?}" - userdel -r $test_user + userdel -r "$test_user" }