mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 14:05:23 +01:00
IMP(shellcheck): quote variables (SC2086)
This commit is contained in:
parent
106fa5fc8a
commit
eaf56ca25e
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -25,13 +25,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -24,13 +24,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -25,13 +25,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -27,19 +27,19 @@ audit() {
|
||||
PARTITION=$(readlink -e "$PARTITION")
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -27,19 +27,19 @@ audit() {
|
||||
PARTITION=$(readlink -e "$PARTITION")
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -27,19 +27,19 @@ audit() {
|
||||
PARTITION=$(readlink -e "$PARTITION")
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -28,13 +28,13 @@ audit() {
|
||||
info "Verifying if there is $PARTITION like partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
ok "There is no partition like $PARTITION"
|
||||
FNRET=0
|
||||
else
|
||||
info "detected $PARTITION like"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -28,13 +28,13 @@ audit() {
|
||||
info "Verifying if there is $PARTITION like partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
ok "There is no partition like $PARTITION"
|
||||
FNRET=0
|
||||
else
|
||||
info "detected $PARTITION like"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -28,13 +28,13 @@ audit() {
|
||||
info "Verifying if there is $PARTITION like partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
ok "There is no partition like $PARTITION"
|
||||
FNRET=0
|
||||
else
|
||||
info "detected $PARTITION like"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -25,13 +25,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -25,13 +25,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -25,13 +25,13 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
is_mounted "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted"
|
||||
FNRET=1
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -26,19 +26,19 @@ audit() {
|
||||
info "Verifying that $PARTITION is a partition"
|
||||
FNRET=0
|
||||
is_a_partition "$PARTITION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION is not a partition"
|
||||
FNRET=2
|
||||
else
|
||||
ok "$PARTITION is a partition"
|
||||
has_mount_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$PARTITION has no option $OPTION in fstab!"
|
||||
FNRET=1
|
||||
else
|
||||
ok "$PARTITION has $OPTION in fstab"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
warn "$PARTITION is not mounted with $OPTION at runtime"
|
||||
FNRET=3
|
||||
else
|
||||
|
@ -48,7 +48,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
info "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
|
@ -55,7 +55,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -55,7 +55,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -55,7 +55,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -23,7 +23,7 @@ audit() {
|
||||
apt_update_if_needed
|
||||
info "Fetching upgrades ..."
|
||||
apt_check_updates "CIS_APT"
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
crit "$RESULT"
|
||||
FNRET=1
|
||||
else
|
||||
@ -34,7 +34,7 @@ audit() {
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
if [ $FNRET -gt 0 ]; then
|
||||
if [ "$FNRET" -gt 0 ]; then
|
||||
info "Applying Upgrades..."
|
||||
DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y
|
||||
else
|
||||
|
@ -33,7 +33,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "Logs in $DIR have correct permissions"
|
||||
fi
|
||||
}
|
||||
@ -51,7 +51,7 @@ apply() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "Logs in $DIR have correct permissions"
|
||||
fi
|
||||
}
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -76,7 +76,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -50,7 +50,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
|
@ -36,7 +36,7 @@ audit() {
|
||||
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "SSH private keys in $DIR have correct permissions"
|
||||
fi
|
||||
|
||||
@ -52,7 +52,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "SSH private keys in $DIR have correct ownership"
|
||||
fi
|
||||
}
|
||||
@ -65,7 +65,7 @@ apply() {
|
||||
ok "$FILE ownership was set to $USER:$GROUP"
|
||||
else
|
||||
warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
|
||||
fi
|
||||
done
|
||||
|
@ -46,7 +46,7 @@ audit() {
|
||||
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "SSH public keys in $DIR have correct permissions"
|
||||
fi
|
||||
|
||||
@ -62,7 +62,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "SSH public keys in $DIR have correct ownership"
|
||||
fi
|
||||
}
|
||||
@ -95,7 +95,7 @@ apply() {
|
||||
ok "$FILE ownership was set to $USER:$GROUP"
|
||||
else
|
||||
warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -58,7 +58,7 @@ audit() {
|
||||
apply() {
|
||||
SEARCH_RES=0
|
||||
for FILE_SEARCHED in $FILES_TO_SEARCH; do
|
||||
if [ $SEARCH_RES = 1 ]; then break; fi
|
||||
if [ "$SEARCH_RES" = 1 ]; then break; fi
|
||||
if test -d $FILE_SEARCHED; then
|
||||
debug "$FILE_SEARCHED is a directory"
|
||||
for file_in_dir in $(ls $FILE_SEARCHED); do
|
||||
@ -81,10 +81,10 @@ apply() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $SEARCH_RES = 0 ]; then
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
touch $FILE
|
||||
chmod 644 $FILE
|
||||
touch "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
add_end_of_file $FILE "$PATTERN"
|
||||
fi
|
||||
}
|
||||
|
@ -52,7 +52,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
info "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -52,7 +52,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
info "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -52,7 +52,7 @@ apply() {
|
||||
ok "$FILE has correct ownership"
|
||||
else
|
||||
info "fixing $FILE ownership to $USER:$GROUP"
|
||||
chown $USER:$GROUP $FILE
|
||||
chown "$USER":"$GROUP" "$FILE"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -38,7 +38,7 @@ audit() {
|
||||
done
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "Dot file permission in users directories are correct"
|
||||
fi
|
||||
}
|
||||
@ -51,11 +51,11 @@ apply() {
|
||||
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
|
||||
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
|
||||
warn "Group Write permission set on FILE $FILE"
|
||||
chmod g-w $FILE
|
||||
chmod g-w "$FILE"
|
||||
fi
|
||||
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then
|
||||
warn "Other Write permission set on FILE $FILE"
|
||||
chmod o-w $FILE
|
||||
chmod o-w "$FILE"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -32,7 +32,7 @@ audit() {
|
||||
done
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No $FILENAME present in users home directory"
|
||||
fi
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ audit() {
|
||||
done
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No $FILENAME present in users home directory"
|
||||
fi
|
||||
}
|
||||
|
@ -37,7 +37,7 @@ audit() {
|
||||
done
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "permission $PERMISSIONS set on .netrc users files"
|
||||
fi
|
||||
|
||||
@ -54,7 +54,7 @@ apply() {
|
||||
ok "$FILE has correct permissions"
|
||||
else
|
||||
warn "$FILE permissions were not set to $PERMISSIONS"
|
||||
chmod 600 $FILE
|
||||
chmod 600 "$FILE"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -32,7 +32,7 @@ audit() {
|
||||
done
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No $FILENAME present in users home directory"
|
||||
fi
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "passwd and group Groups are consistent"
|
||||
fi
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No duplicate UIDs${FOUND_EXCEPTIONS:+ apart from configured exceptions:}${FOUND_EXCEPTIONS}"
|
||||
fi
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No duplicate GIDs"
|
||||
fi
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No duplicate usernames"
|
||||
fi
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No duplicate groupnames"
|
||||
fi
|
||||
}
|
||||
|
@ -63,7 +63,7 @@ audit() {
|
||||
shift
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "root PATH is secure"
|
||||
fi
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "All home directories exists"
|
||||
fi
|
||||
}
|
||||
|
@ -52,7 +52,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "No incorrect permissions on home directories"
|
||||
fi
|
||||
|
||||
@ -74,19 +74,19 @@ apply() {
|
||||
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ")
|
||||
if [ $(echo $dirperm | cut -c6) != "-" ]; then
|
||||
warn "Group Write permission set on directory $dir"
|
||||
chmod g-w $dir
|
||||
chmod g-w "$dir"
|
||||
fi
|
||||
if [ $(echo $dirperm | cut -c8) != "-" ]; then
|
||||
warn "Other Read permission set on directory $dir"
|
||||
chmod o-r $dir
|
||||
chmod o-r "$dir"
|
||||
fi
|
||||
if [ $(echo $dirperm | cut -c9) != "-" ]; then
|
||||
warn "Other Write permission set on directory $dir"
|
||||
chmod o-w $dir
|
||||
chmod o-w "$dir"
|
||||
fi
|
||||
if [ $(echo $dirperm | cut -c10) != "-" ]; then
|
||||
warn "Other Execute permission set on directory $dir"
|
||||
chmod o-x $dir
|
||||
chmod o-x "$dir"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -36,7 +36,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "All home directories exists"
|
||||
fi
|
||||
debug "Checking homedir ownership"
|
||||
@ -65,7 +65,7 @@ audit() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $ERRORS = 0 ]; then
|
||||
if [ "$ERRORS" = 0 ]; then
|
||||
ok "All home directories have correct ownership"
|
||||
fi
|
||||
}
|
||||
|
@ -50,7 +50,7 @@ audit() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $SEARCH_RES = 0 ]; then
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
@ -83,10 +83,10 @@ apply() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $SEARCH_RES = 0 ]; then
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
touch $FILE
|
||||
chmod 644 $FILE
|
||||
touch "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
add_end_of_file $FILE "$PATTERN$VALUE"
|
||||
add_end_of_file $FILE "readonly TMOUT"
|
||||
add_end_of_file $FILE "export TMOUT"
|
||||
|
@ -47,7 +47,7 @@ audit() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $SEARCH_RES = 0 ]; then
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
@ -79,10 +79,10 @@ apply() {
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $SEARCH_RES = 0 ]; then
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
touch $FILE
|
||||
chmod 644 $FILE
|
||||
touch "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
add_end_of_file $FILE '
|
||||
# By default, disable all.
|
||||
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"
|
||||
|
Loading…
Reference in New Issue
Block a user