IMP(shellcheck): quote variable in tests (SC2086)

tests/hardening/5.1.2_crontab_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/crontab"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.3_cron_hourly_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/cron.hourly"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.4_cron_daily_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/cron.daily"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.5_cron_weekly_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/cron.weekly"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.6_cron_monthly_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/cron.monthly"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.7_cron_d_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/cron.d"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.1.8_cron_users.sh

@@ -22,28 +22,28 @@ test_audit() {
 
     touch /etc/cron.allow /etc/at.allow
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user /etc/cron.allow
+    chown "$test_user":"$test_user" /etc/cron.allow
-    chown $test_user:$test_user /etc/at.allow
+    chown "$test_user":"$test_user" /etc/at.allow
     register_test retvalshouldbe 1
     register_test contain "/etc/cron.allow ownership was not set to"
     register_test contain "/etc/at.allow ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
-    userdel $test_user
+    userdel "$test_user"
 
     describe correcting situation
     sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
     chmod 777 /etc/cron.allow
     chmod 777 /etc/at.allow
     register_test retvalshouldbe 1
     register_test contain "/etc/cron.allow permissions were not set to"
     register_test contain "/etc/at.allow permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
-    userdel $test_user
+    userdel "$test_user"
 
     describe correcting situation
     sed  -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg

tests/hardening/5.2.1_sshd_conf_perm_ownership.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/ssh/sshd_config"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh

@@ -10,10 +10,10 @@ test_audit() {
     local test_user="testsshduser"
     local test_file="/etc/ssh/ssh_host_test_key"
 
-    touch $test_file
+    touch "$test_file"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -23,8 +23,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -40,5 +40,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh

@@ -10,10 +10,10 @@ test_audit() {
     local test_user="testsshduser"
     local test_file="/etc/ssh/ssh_host_test_key.pub"
 
-    touch $test_file
+    touch "$test_file"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -23,8 +23,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -40,5 +40,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh

@@ -18,5 +18,5 @@ test_audit() {
     describe Checking resolved state
     register_test retvalshouldbe 0
     register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config"
-    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all}
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 }

tests/hardening/6.1.10_find_world_writable_file.sh

@@ -14,8 +14,8 @@ test_audit() {
 
         describe Tests purposely failing
         local targetfile="/home/secaudit/worldwritable"
-        touch $targetfile
+        touch "$targetfile"
-        chmod 777 $targetfile
+        chmod 777 "$targetfile"
         register_test retvalshouldbe 1
         register_test contain "Some world writable files are present"
         run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

tests/hardening/6.1.11_find_unowned_files.sh

@@ -9,8 +9,8 @@ test_audit() {
 
     describe Tests purposely failing
     local targetfile="/home/secaudit/unowned"
-    touch $targetfile
+    touch "$targetfile"
-    chown 1200 $targetfile
+    chown 1200 "$targetfile"
     register_test retvalshouldbe 1
     register_test contain "Some unowned files are present"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

tests/hardening/6.1.12_find_ungrouped_files.sh

@@ -9,8 +9,8 @@ test_audit() {
 
     describe Tests purposely failing
     local targetfile="/home/secaudit/ungrouped"
-    touch $targetfile
+    touch "$targetfile"
-    chown 1200:1200 $targetfile
+    chown 1200:1200 "$targetfile"
     register_test retvalshouldbe 1
     register_test contain "Some ungrouped files are present"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

tests/hardening/6.1.13_find_suid_files.sh

@@ -14,8 +14,8 @@ test_audit() {
 
     describe Tests purposely failing
     local targetfile="/home/secaudit/suid_file"
-    touch $targetfile
+    touch "$targetfile"
-    chmod 4700 $targetfile
+    chmod 4700 "$targetfile"
     register_test retvalshouldbe 1
     register_test contain "Some suid files are present"
     register_test contain "$targetfile"

tests/hardening/6.1.14_find_sgid_files.sh

@@ -15,8 +15,8 @@ test_audit() {
 
     describe Tests purposely failing
     local targetfile="/home/secaudit/sgid_file"
-    touch $targetfile
+    touch "$targetfile"
-    chmod 2700 $targetfile
+    chmod 2700 "$targetfile"
     register_test retvalshouldbe 1
     register_test contain "Some sgid files are present"
     register_test contain "$targetfile"

tests/hardening/6.1.5_etc_passwd_permissions.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/passwd"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.1.6_etc_shadow_permissions.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/shadow"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.1.7_etc_group_permissions.sh

@@ -11,7 +11,7 @@ test_audit() {
     local test_file="/etc/group"
 
     describe Tests purposely failing
-    chmod 777 $test_file
+    chmod 777 "$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -21,8 +21,8 @@ test_audit() {
     /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    chown $test_user:$test_user $test_file
+    chown "$test_user":"$test_user" "$test_file"
     register_test retvalshouldbe 1
     register_test contain "ownership was not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -38,5 +38,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.10_check_user_dot_file_perm.sh

@@ -11,9 +11,9 @@ test_audit() {
     local test_file=".test"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    touch /home/$test_user/$test_file
+    touch "/home/$test_user/$test_file"
-    chmod 777 /home/$test_user/$test_file
+    chmod 777 "/home/$test_user/$test_file"
     register_test retvalshouldbe 1
     register_test contain "Group Write permission set on FILE"
     register_test contain "Other Write permission set on FILE"
@@ -29,5 +29,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.11_find_user_forward_files.sh

@@ -11,12 +11,12 @@ test_audit() {
     local test_file=".forward"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    touch /home/$test_user/$test_file
+    touch "/home/$test_user/$test_file"
     register_test retvalshouldbe 1
     register_test contain "$test_file present"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.12_find_user_netrc_files.sh

@@ -11,12 +11,12 @@ test_audit() {
     local test_file=".netrc"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    touch /home/$test_user/$test_file
+    touch "/home/$test_user/$test_file"
     register_test retvalshouldbe 1
     register_test contain "$test_file present"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.13_set_perm_on_user_netrc.sh

@@ -11,9 +11,9 @@ test_audit() {
     local test_file=".netrc"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    touch /home/$test_user/$test_file
+    touch "/home/$test_user/$test_file"
-    chmod 777 /home/$test_user/$test_file
+    chmod 777 "/home/$test_user/$test_file"
     register_test retvalshouldbe 1
     register_test contain "permissions were not set to"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
@@ -28,5 +28,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.14_find_user_rhosts_files.sh

@@ -11,12 +11,12 @@ test_audit() {
     local test_file=".rhosts"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    touch /home/$test_user/$test_file
+    touch "/home/$test_user/$test_file"
     register_test retvalshouldbe 1
     register_test contain "$test_file present"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh

@@ -11,11 +11,11 @@ test_audit() {
     local dir="/etc/passwd"
 
     describe Tests purposely failing 
-    echo "$test_user:x:1100:1100::/home/$test_user:" >> $dir
+    echo "$test_user:x:1100:1100::/home/$test_user:" >> "$dir"
     register_test retvalshouldbe 1
     register_test contain "is referenced by /etc/passwd but does not exist in /etc/group"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.18_check_duplicate_username.sh

@@ -11,14 +11,14 @@ test_audit() {
     local dir="/etc/passwd"
 
     describe Tests purposely failing 
-    useradd $test_user
+    useradd "$test_user"
-    temp=$(tail -1 $dir)
+    temp=$(tail -1 "$dir")
-    echo $temp >> $dir
+    echo "$temp" >> "$dir"
     register_test retvalshouldbe 1
     register_test contain "Duplicate username"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    sed -i '$ d' $dir
+    sed -i '$ d' "$dir"
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.19_check_duplicate_groupname.sh

@@ -11,14 +11,14 @@ test_audit() {
     local dir="/etc/group"
 
     describe Tests purposely failing 
-    useradd $test_group
+    useradd "$test_group"
-    temp=$(tail -1 $dir)
+    temp=$(tail -1 "$dir")
-    echo $temp >> $dir
+    echo "$temp" >> "$dir"
     register_test retvalshouldbe 1
     register_test contain "Duplicate group"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    sed -i '$ d' $dir
+    sed -i '$ d' "$dir"
-    userdel $test_group
+    userdel "$test_group"
 }

tests/hardening/6.2.1_remove_empty_password_field.sh

@@ -10,7 +10,7 @@ test_audit() {
     local test_user="testemptypassworduser"
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
     sed -i "s/$test_user:\!/$test_user:/" /etc/shadow
     register_test retvalshouldbe 1
     register_test contain "Some accounts have an empty password"
@@ -26,5 +26,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.20_shadow_group_empty.sh

@@ -10,18 +10,18 @@ test_audit() {
     local test_user="testshadowuser"
 
     describe Tests purposely failing 
-    useradd $test_user
+    useradd "$test_user"
-    usermod -aG shadow $test_user
+    usermod -aG shadow "$test_user"
     register_test retvalshouldbe 1
     register_test contain "Some users belong to shadow group"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
-    userdel $test_user
+    userdel "$test_user"
 
     describe Tests purposely failing 
-    useradd --no-user-group -g shadow $test_user
+    useradd --no-user-group -g shadow "$test_user"
     register_test retvalshouldbe 1
     register_test contain "Some users have shadow id as their primary group"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
-    userdel $test_user
+    userdel "$test_user"
     
 }

tests/hardening/6.2.2_remove_legacy_passwd_entries.sh

@@ -10,7 +10,7 @@ test_audit() {
     local test_user="testetcpasswduser"
 
     describe Tests purposely failing 
-    useradd $test_user
+    useradd "$test_user"
     sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd
     register_test retvalshouldbe 1
     register_test contain "Some accounts have a legacy password entry"
@@ -27,6 +27,6 @@ test_audit() {
 
     # cleanup
     groupdel $test_user
-    useradd $test_user
+    useradd "$test_user"
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.3_remove_legacy_shadow_entries.sh

@@ -10,7 +10,7 @@ test_audit() {
     local test_user="testetcshadowusr"
 
     describe Tests purposely failing 
-    useradd $test_user
+    useradd "$test_user"
     sed -i "s/$test_user:/+:$test_user:/" /etc/shadow
     register_test retvalshouldbe 1
     register_test contain "Some accounts have a legacy password entry"
@@ -26,6 +26,6 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel $test_user
+    userdel "$test_user"
 
 }

tests/hardening/6.2.4_remove_legacy_group_entries.sh

@@ -10,7 +10,7 @@ test_audit() {
     local test_user="testetcgroupuser"
 
     describe Tests purposely failing 
-    useradd $test_user
+    useradd "$test_user"
     sed -i "s/$test_user:x/+:$test_user:x/" /etc/group
     register_test retvalshouldbe 1
     register_test contain "Some accounts have a legacy group entry"
@@ -26,5 +26,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.6_sanitize_root_path.sh

@@ -26,30 +26,30 @@ test_audit() {
     run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     describe Tests purposely failing
-    mkdir -m 770 $dir 
+    mkdir -m 770 "$dir" 
     register_test retvalshouldbe 1
     register_test contain "Group Write permission set on directory $dir"
     run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
     # clean
-    rmdir $dir
+    rmdir "$dir"
 
     describe Tests purposely failing
-    mkdir -m 707 $dir 
+    mkdir -m 707 "$dir"
     register_test retvalshouldbe 1
     register_test contain "Other Write permission set on directory $dir"
     run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
     # clean
-    rmdir $dir
+    rmdir "$dir"
 
     describe Tests purposely failing
-    useradd $test_user
+    useradd "$test_user"
-    mkdir -m 700 $dir
+    mkdir -m 700 "$dir"
-    chown userrootpathtest:userrootpathtest $dir
+    chown "$test_user":"$test_user" "$dir"
     register_test retvalshouldbe 1
     register_test contain "$dir is not owned by root"
     run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
     # clean
-    rmdir $dir
+    rmdir "$dir"
-    userdel $test_user
+    userdel "$test_user"
 
 }

tests/hardening/6.2.7_users_valid_homedir.sh

@@ -8,12 +8,12 @@ test_audit() {
     run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     local test_user="userwithouthome"
-    useradd $test_user
+    useradd "$test_user"
     describe Tests purposely failing
     register_test retvalshouldbe 1
     register_test contain "does not exist."
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel $test_user
+    userdel "$test_user"
 }

tests/hardening/6.2.8_check_user_dir_perm.sh

@@ -10,8 +10,8 @@ test_audit() {
     local test_user="testhomepermuser"
 
     describe Tests purposely failing 
-    useradd --create-home $test_user
+    useradd --create-home "$test_user"
-    chmod 777 /home/$test_user
+    chmod 777 /home/"$test_user"
     register_test retvalshouldbe 1
     register_test contain "Group Write permission set on directory"
     register_test contain "Other Read permission set on directory"
@@ -30,5 +30,5 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # cleanup
-    userdel -r $test_user
+    userdel -r "$test_user"
 }

tests/hardening/6.2.9_users_valid_homedir.sh

@@ -15,8 +15,8 @@ test_audit() {
     local test_user="testhomeuser"
 
     describe Test purposely failing
-    useradd -m $test_user
+    useradd -m "$test_user"
-    chown root:root /home/$test_user
+    chown root:root /home/"$test_user"
     register_test retvalshouldbe 1
     register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all 
@@ -31,5 +31,5 @@ test_audit() {
 
     # Cleanup
     rm -rf "/home/${test_user:?}"
-    userdel -r $test_user
+    userdel -r "$test_user"
 }