IMP(shellcheck): comply with shellcheck rules

I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)

bin/hardening/1.1.1.1_disable_freevxfs.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of freevxfs filesystems."
 
 KERNEL_OPTION="CONFIG_VXFS_FS"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.2_disable_jffs2.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of jffs2 filesystems."
 
 KERNEL_OPTION="CONFIG_JFFS2_FS"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.3_disable_hfs.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfs filesystems."
 
 KERNEL_OPTION="CONFIG_HFS_FS"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.4_disable_hfsplus.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of hfsplus filesystems."
 
 KERNEL_OPTION="CONFIG_HFSPLUS_FS"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.5_disable_udf.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of udf filesystems."
 
 KERNEL_OPTION="CONFIG_UDF_FS"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.6_disable_cramfs.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of cramfs filesystems."
 
 KERNEL_OPTION="CONFIG_CRAMFS"
@@ -48,6 +50,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -58,6 +61,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.1.7_disable_squashfs.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable mounting of squashfs filesytems."
 
 KERNEL_OPTION="CONFIG_SQUASHFS"
@@ -48,6 +50,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -58,6 +61,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.10_var_tmp_noexec.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with noexec option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.11_var_log_partition.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/log on separate partition."
 
 # Quick factoring as many script use the same logic
@@ -58,6 +60,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -68,6 +71,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.12_var_log_audit_partition.sh

@@ -11,7 +11,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="/var/log/audit on a separate partition."
 
 # Quick factoring as many script use the same logic
@@ -57,6 +59,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -67,6 +70,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.13_home_partition.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/home on a separate partition."
 
 # Quick factoring as many script use the same logic
@@ -58,6 +60,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -68,6 +71,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.14_home_nodev.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/home partition with nodev option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.15_run_shm_nodev.sh

@@ -74,6 +74,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -84,8 +85,8 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
+    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
     exit 128

bin/hardening/1.1.16_run_shm_nosuid.sh

@@ -74,6 +74,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -84,8 +85,8 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
+    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
     exit 128

bin/hardening/1.1.17_run_shm_noexec.sh

@@ -74,6 +74,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -84,8 +85,8 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
+    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
     exit 128

bin/hardening/1.1.18_removable_device_nodev.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="nodev option for removable media partitions."
 
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@@ -59,6 +61,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -69,6 +72,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.19_removable_device_nosuid.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="nosuid option for removable media partitions."
 
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@@ -59,6 +61,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -69,6 +72,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.20_removable_device_noexec.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="noexec option for removable media partitions."
 
 # Fair warning, it only checks /media.* like partition in fstab, it's not exhaustive
@@ -59,6 +61,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -69,6 +72,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Set sticky bit on world writable directories to prevent users from deleting or renaming files that are not owned by them."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -47,6 +49,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -57,6 +60,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.22_disable_automounting.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable automounting of devices."
 
 SERVICE_NAME="autofs"
@@ -47,6 +49,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -57,6 +60,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.2_tmp_partition.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure /tmp is configured (Scored)"
 
 # Quick factoring as many script use the same logic
@@ -58,6 +60,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -68,6 +71,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.3_tmp_nodev.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with nodev option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.4_tmp_nosuid.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with nosuid option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.5_tmp_noexec.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/tmp partition with noexec option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.6_var_partition.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var on a separate partition."
 
 # Quick factoring as many script use the same logic
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.7_var_tmp_partition.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp on a separate partition."
 
 # Quick factoring as many script use the same logic
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.8_var_tmp_nodev.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with nodev option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.1.9_var_tmp_nosuid.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="/var/tmp partition with nosuid option."
 
 # Quick factoring as many script use the same logic
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.4.1_bootloader_ownership.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=1
+# shellcheck disable=2034
 DESCRIPTION="User and group root owner of grub bootloader config."
 
 # Assertion : Grub Based.
@@ -85,6 +87,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -95,6 +98,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.4.2_bootloader_password.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Setting bootloader password to secure boot parameters."
 
 FILE='/boot/grub/grub.cfg'
@@ -67,6 +69,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -77,6 +80,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.4.3_root_password.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Root password for single user mode."
 
 FILE="/etc/shadow"
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.5.1_restrict_core_dumps.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Restrict core dumps."
 
 LIMIT_FILE='/etc/security/limits.conf'
@@ -82,6 +84,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -92,6 +95,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.5.2_enable_nx_support.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable NoExecute/ExecuteDisable to prevent buffer overflow attacks."
 
 PATTERN='NX[[:space:]]\(Execute[[:space:]]Disable\)[[:space:]]protection:[[:space:]]active'
@@ -68,6 +70,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -78,6 +81,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.5.3_enable_randomized_vm_placement.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable Randomized Virtual Memory Region Placement to prevent memory page exploits."
 
 SYSCTL_PARAM='kernel.randomize_va_space'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.5.4_disable_prelink.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable prelink to prevent libraries compromission."
 
 PACKAGE='prelink'
@@ -49,6 +51,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -59,6 +62,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.6.2.1_enable_apparmor.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Activate AppArmor to enforce permissions control."
 
 PACKAGE='apparmor'
@@ -85,6 +87,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -95,6 +98,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.1_remove_os_info_motd.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from motd"
 
 FILE='/etc/motd'
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.2_remove_os_info_issue.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from Login Warning Banners."
 
 FILE='/etc/issue'
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.3_remove_os_info_issue_net.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Remove OS information from remote Login Warning Banners."
 
 FILE='/etc/issue.net'
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.4_motd_perms.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."
 
 PERMISSIONS='644'
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.5_etc_issue_perms.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."
 
 PERMISSIONS='644'
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.1.6_etc_issue_net_perms.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Checking root ownership and 644 permissions on banner files: /etc/motd|issue|issue.net ."
 
 PERMISSIONS='644'
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.7.2_graphical_warning_banners.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Set graphical warning banner."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -42,6 +45,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/1.8_install_updates.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure updates, patches, and additional security software are installed (Not Scored)"
 
 # This function will be called if the script status is on enabled / audit mode
@@ -48,6 +50,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -58,6 +61,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.1.1_disable_xinetd.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure xinetd is not enabled."
 
 PACKAGE='xinetd'
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.1.2_disable_bsd_inetd.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure bsd-inetd is not enabled."
 
 PACKAGES='openbsd-inetd inetutils-inetd'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.1.1_use_time_sync.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure time synchronization is in use"
 
 PACKAGES="ntp chrony"
@@ -44,6 +46,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -52,6 +55,13 @@ if [ -z "$CIS_ROOT_DIR" ]; then
     exit 128
 fi
 
-# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+
-[ -r "$CIS_ROOT_DIR"/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh
+# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
+else
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    exit 128
+fi
 

bin/hardening/2.2.1.2_configure_ntp.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Network Time Protocol (ntp). Check restrict parameters and ntp daemon runs ad unprivileged user."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ntp
 
 PACKAGE='ntp'
@@ -79,6 +82,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -89,6 +93,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.1.3_configure_chrony.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Network Time Protocol (ntp). Check restrict parameters and ntp daemon runs ad unprivileged user."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ntp
 
 PACKAGE=chrony
@@ -48,6 +51,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -58,6 +62,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.10_disable_http_server.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure HTTP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=http
 
 # Based on aptitude search '~Phttpd'
@@ -52,6 +55,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -62,6 +66,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.11_disable_imap_pop.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure IMAP and POP servers are not installed"
+# shellcheck disable=2034
 HARDENING_EXCEPTION=mail
 
 # Based on aptitude search '~Pimap-server' and  aptitude search '~Ppop3-server'
@@ -52,6 +55,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -62,6 +66,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.12_disable_samba.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Samba is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=samba
 
 PACKAGES='samba'
@@ -65,6 +68,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -75,6 +79,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.13_disable_http_proxy.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure HTTP-proxy is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=http
 
 PACKAGES='squid3 squid'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.14_disable_snmp_server.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Enure SNMP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=snmp
 
 PACKAGES='snmpd'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.15_mta_localhost.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Configure Mail Transfert Agent for Local-Only Mode."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=mail
 
 # This function will be called if the script status is on enabled / audit mode
@@ -60,6 +63,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +74,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.16_disable_rsync.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure rsync service is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=rsync
 
 PACKAGE='rsync'
@@ -62,6 +65,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -72,6 +76,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.18_disable_telnet_server.sh

@@ -14,7 +14,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure telnet server is not enabled. Recommended alternative : sshd (OpenSSH-server)."
 
 # Based on  aptitude search '~Ptelnet-server'
@@ -81,6 +83,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -91,6 +94,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.2_disable_xwindow_system.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure the X Window system is not installed."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=x11
 
 # Based on aptitude search '~Pxserver'
@@ -52,6 +55,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -62,6 +66,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.3_disable_avahi_server.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Avahi server is not enabled."
 
 PACKAGES='avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.4_disable_print_server.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure print server (Common Unix Print System) is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=cups
 
 PACKAGES='libcups2 libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1 cups-common cups-client cups-ppdc libcupsfilters1 cups-filters cups'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.5_disable_dhcp.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure DHCP server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=dhcp
 
 PACKAGES='udhcpd isc-dhcp-server'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.6_disable_ldap.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure LDAP is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ldap
 
 PACKAGES='slapd'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.7_disable_nfs_rpc.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Network File System (nfs) and RPC are not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=nfs
 
 PACKAGES='rpcbind nfs-kernel-server'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.8_disable_dns_server.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure Domain Name System (dns) server is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=dns
 
 PACKAGES='bind9 unbound'
@@ -51,6 +54,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +65,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.2.9_disable_ftp.sh

@@ -12,8 +12,11 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure File Transfer Protocol (ftp) is not enabled."
+# shellcheck disable=2034
 HARDENING_EXCEPTION=ftp
 
 # Based on aptitude search '~Pftp-server'
@@ -52,6 +55,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -62,6 +66,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.3.1_disable_nis.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Ensure that Network Information Service is not installed. Recommended alternative : LDAP."
 
 PACKAGE='nis'
@@ -47,6 +49,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -57,6 +60,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.3.2_disable_rsh_client.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure rsh client is not installed, Recommended alternative : ssh."
 
 # Based on aptitude search '~Prsh-client', exluding ssh-client OFC
@@ -51,6 +53,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -61,6 +64,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.3.3_disable_talk_client.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure talk client is not installed."
 
 PACKAGES='talk inetutils-talk'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.3.4_disable_telnet_client.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure telnet client is not installed."
 
 PACKAGES='telnet'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/2.3.5_disable_ldap_client.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure ldap client is not installed."
 
 PACKAGES='ldap-utils'
@@ -50,6 +52,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -60,6 +63,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.1.1_disable_ip_forwarding.sh

@@ -13,8 +13,10 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
 HARDENING_EXCEPTION=gw
+# shellcheck disable=2034
 DESCRIPTION="Disable IP forwarding."
 
 SYSCTL_PARAMS='net.ipv4.ip_forward net.ipv6.conf.all.forwarding'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.1.2_disable_send_packet_redirects.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable send packet redirects to prevent malicious ICMP corruption."
 
 #net.ipv4.conf.all.send_redirects = 0
@@ -62,6 +64,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -72,6 +75,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.1_disable_source_routed_packets.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable source routed packet acceptance."
 # set in config file
 SYSCTL_PARAMS=''
@@ -71,6 +73,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -81,6 +84,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.2_disable_icmp_redirect.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable ICMP redirect acceptance to prevent routing table corruption."
 # set in config file
 SYSCTL_PARAMS=''
@@ -72,6 +74,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -82,6 +85,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.3_disable_secure_icmp_redirect.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable secure ICMP redirect acceptance to prevent routing tables corruptions."
 
 SYSCTL_PARAMS='net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.4_log_martian_packets.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Log suspicious packets, like spoofed packets."
 
 SYSCTL_PARAMS='net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martians=1'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.5_ignore_broadcast_requests.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ignore broadcast requests to prevent attacks such as Smurf attack."
 
 SYSCTL_PARAMS='net.ipv4.icmp_echo_ignore_broadcasts=1'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.6_enable_bad_error_message_protection.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable bad error message protection to prevent logfiles fillup."
 
 SYSCTL_PARAMS='net.ipv4.icmp_ignore_bogus_error_responses=1'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.7_enable_source_route_validation.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable RFC-recommended source route validation."
 
 SYSCTL_PARAMS='net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.8_enable_tcp_syn_cookies.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Enable TCP-SYN cookie to prevent TCP-SYN flood attack."
 
 SYSCTL_PARAMS='net.ipv4.tcp_syncookies=1'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable IPv6 router advertisements."
 
 SYSCTL_PARAMS='net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0'
@@ -70,6 +72,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -80,6 +83,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.3.1_install_tcp_wrapper.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Install TCP wrappers for simple access list management and standardized logging method for services."
 
 PACKAGE='tcpd'
@@ -45,6 +47,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -55,6 +58,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.3.2_hosts_allow.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Create /etc/hosts.allow ."
 
 FILE='/etc/hosts.allow'
@@ -46,6 +48,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -56,6 +59,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.3.3_hosts_deny.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Create /etc/hosts.deny ."
 
 FILE='/etc/hosts.deny'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.3.4_hosts_allow_permissions.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Check 644 permissions and root:root ownership on /hosts.allow ."
 
 FILE='/etc/hosts.allow'
@@ -54,6 +56,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -64,6 +67,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.3.5_hosts_deny_permissions.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Check 644 permissions and root:root ownership on /etc/hosts.deny ."
 
 FILE='/etc/hosts.deny'
@@ -54,6 +56,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -64,6 +67,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.4.1_disable_dccp.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Datagram Congestion Control Protocol (DCCP)."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -42,6 +45,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.4.2_disable_sctp.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Stream Control Transmission Protocol (SCTP)."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -42,6 +45,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.4.3_disable_rds.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Reliable Datagram Sockets (RDS)."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -42,6 +45,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.4.4_disable_tipc.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable Transperent Inter-Process Communication (TIPC)."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -42,6 +45,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh

@@ -61,6 +61,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -71,8 +72,8 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
-    # shellcheck source=/opt/debian-cis/lib/main.sh
+    # shellcheck source=../../lib/main.sh
-    . "$CIS_ROOT_DIR"/lib/main.sh
+    . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
     exit 128

bin/hardening/3.5_enable_firewall.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Ensure firewall is active (iptables is installed, does not check for its configuration)."
 
 # Quick note here : CIS recommends your iptables rules to be persistent. 
@@ -48,6 +50,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -58,6 +61,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.6_disable_wireless.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=3
+# shellcheck disable=2034
 DESCRIPTION="Deactivate wireless interfaces."
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,6 +34,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -44,6 +47,7 @@ fi
 #    echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting"
 #    exit 128
 #else
+# shellcheck source=../../debian/default
 #    . /etc/default/cis-hardening
 #    if [ -z ${CIS_ROOT_DIR:-} ]; then
 #        echo "No CIS_ROOT_DIR variable, aborting"
@@ -53,6 +57,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/3.7_disable_ipv6.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=2
+# shellcheck disable=2034
 DESCRIPTION="Disable IPv6."
 
 SYSCTL_PARAMS='net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1'
@@ -70,6 +72,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -80,6 +83,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.1.1_audit_log_storage.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Configure audit log storage size."
 
 FILE='/etc/audit/auditd.conf'
@@ -60,6 +62,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -70,6 +73,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.1.2_halt_when_audit_log_full.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Disable system on audit log full."
 
 FILE='/etc/audit/auditd.conf'
@@ -87,6 +89,7 @@ EOF
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -97,6 +100,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.1.3_keep_all_audit_logs.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Keep all auditing information."
 
 FILE='/etc/audit/auditd.conf'
@@ -78,6 +80,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -88,6 +91,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.10_record_dac_edit.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect discretionary access control (DAC) permission modification events."
 
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
@@ -66,6 +68,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -76,6 +79,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.11_record_failed_access_file.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect unsuccessful unauthorized access attemps to files."
 
 AUDIT_PARAMS='-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
@@ -64,6 +66,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -74,6 +77,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"

bin/hardening/4.1.12_record_privileged_commands.sh

@@ -12,7 +12,9 @@
 set -e # One error, it's over
 set -u # One variable unset, it's over
 
+# shellcheck disable=2034
 HARDENING_LEVEL=4
+# shellcheck disable=2034
 DESCRIPTION="Collect use of privileged commands."
 
 # Find all files with setuid or setgid set
@@ -65,6 +67,7 @@ check_config() {
 
 # Source Root Dir Parameter
 if [ -r /etc/default/cis-hardening ]; then
+# shellcheck source=../../debian/default
     . /etc/default/cis-hardening
 fi
 if [ -z "$CIS_ROOT_DIR" ]; then
@@ -75,6 +78,7 @@ fi
 
 # Main function, will call the proper functions given the configuration (audit, enabled, disabled)
 if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+# shellcheck source=../../lib/main.sh
     . $CIS_ROOT_DIR/lib/main.sh
 else
     echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"