elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 03:24:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

IMP(shellcheck): quote variables

Browse Source
This commit is contained in:
Thibault Ayanides
2020-12-10 09:50:33 +01:00
parent 16cc2bef71
commit dee0ebc821
91 changed files with 263 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening/5.3.4_acc_pam_sha512.sh
View File

@ -21,11 +21,11 @@ CONF_LINE="^\s*password\s.+\s+pam_unix\.so\s+.*sha512"
# This function will be called if the script status is on enabled / audit mode
audit() {
# Check conf file for default SHA512 hash
if $SUDO_CMD [ ! -r $CONF_FILE ]; then
if $SUDO_CMD [ ! -r "$CONF_FILE" ]; then
crit "$CONF_FILE is not readable"
else
# shellcheck disable=SC2001
does_pattern_exist_in_file $CONF_FILE "$(sed 's/ /[[:space:]]+/g' <<<"$CONF_LINE")"
does_pattern_exist_in_file "$CONF_FILE" "$(sed 's/ /[[:space:]]+/g' <<<"$CONF_LINE")"
if [ "$FNRET" = 0 ]; then
ok "$CONF_LINE is present in $CONF_FILE"
else
@ -36,16 +36,16 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
if $SUDO_CMD [ ! -r $CONF_FILE ]; then
if $SUDO_CMD [ ! -r "$CONF_FILE" ]; then
crit "$CONF_FILE is not readable"
else
# shellcheck disable=SC2001
does_pattern_exist_in_file $CONF_FILE "$(sed 's/ /[[:space:]]+/g' <<<"$CONF_LINE")"
does_pattern_exist_in_file "$CONF_FILE" "$(sed 's/ /[[:space:]]+/g' <<<"$CONF_LINE")"
if [ "$FNRET" = 0 ]; then
ok "$CONF_LINE is present in $CONF_FILE"
else
warn "$CONF_LINE is not present in $CONF_FILE"
add_line_file_before_pattern $CONF_FILE "password [success=1 default=ignore] pam_unix.so sha512" "# pam-auth-update(8) for details."
add_line_file_before_pattern "$CONF_FILE" "password [success=1 default=ignore] pam_unix.so sha512" "# pam-auth-update(8) for details."
fi
fi
}