elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-21 21:17:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(shellcheck): quote variables (SC2086)

Browse Source
This commit is contained in:
Thibault Ayanides 2020-12-04 15:04:22 +01:00
parent 106fa5fc8a
commit eaf56ca25e
55 changed files with 107 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/hardening/1.1.10_var_tmp_noexec.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

4
bin/hardening/1.1.11_var_log_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

4
bin/hardening/1.1.12_var_log_audit_partition.sh
View File

@ -24,13 +24,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

4
bin/hardening/1.1.13_home_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

6
bin/hardening/1.1.14_home_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.15_run_shm_nodev.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION")
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.16_run_shm_nosuid.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION")
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.17_run_shm_noexec.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION")
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

4
bin/hardening/1.1.18_removable_device_nodev.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION"
FNRET=0
else
info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else

4
bin/hardening/1.1.19_removable_device_nosuid.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION"
FNRET=0
else
info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else

4
bin/hardening/1.1.20_removable_device_noexec.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION"
FNRET=0
else
info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else

4
bin/hardening/1.1.2_tmp_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

6
bin/hardening/1.1.3_tmp_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.4_tmp_nosuid.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.5_tmp_noexec.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

4
bin/hardening/1.1.6_var_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

4
bin/hardening/1.1.7_var_tmp_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted"
FNRET=1
else

6
bin/hardening/1.1.8_var_tmp_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

6
bin/hardening/1.1.9_var_tmp_nosuid.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition"
FNRET=0
is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition"
FNRET=2
else
ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1
else
ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3
else

2
bin/hardening/1.4.1_bootloader_ownership.sh
View File

@ -48,7 +48,7 @@ apply() {
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"

2
bin/hardening/1.7.1.4_motd_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/1.7.1.5_etc_issue_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/1.7.1.6_etc_issue_net_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

4
bin/hardening/1.8_install_updates.sh
View File

@ -23,7 +23,7 @@ audit() {
apt_update_if_needed
info "Fetching upgrades ..."
apt_check_updates "CIS_APT"
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
crit "$RESULT"
FNRET=1
else
@ -34,7 +34,7 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
if [ $FNRET -gt 0 ]; then
if [ "$FNRET" -gt 0 ]; then
info "Applying Upgrades..."
DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y
else

4
bin/hardening/4.2.4_logs_permissions.sh
View File

@ -33,7 +33,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "Logs in $DIR have correct permissions"
fi
}
@ -51,7 +51,7 @@ apply() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "Logs in $DIR have correct permissions"
fi
}

2
bin/hardening/5.1.2_crontab_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.4_cron_daily_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.7_cron_d_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.8_cron_users.sh
View File

@ -76,7 +76,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership"
else
warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then

6
bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh
View File

@ -36,7 +36,7 @@ audit() {
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "SSH private keys in $DIR have correct permissions"
fi
@ -52,7 +52,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "SSH private keys in $DIR have correct ownership"
fi
}
@ -65,7 +65,7 @@ apply() {
ok "$FILE ownership was set to $USER:$GROUP"
else
warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
done

6
bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
View File

@ -46,7 +46,7 @@ audit() {
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "SSH public keys in $DIR have correct permissions"
fi
@ -62,7 +62,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "SSH public keys in $DIR have correct ownership"
fi
}
@ -95,7 +95,7 @@ apply() {
ok "$FILE ownership was set to $USER:$GROUP"
else
warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
done

8
bin/hardening/5.4.4_default_umask.sh
View File

@ -58,7 +58,7 @@ audit() {
apply() {
SEARCH_RES=0
for FILE_SEARCHED in $FILES_TO_SEARCH; do
if [ $SEARCH_RES = 1 ]; then break; fi
if [ "$SEARCH_RES" = 1 ]; then break; fi
if test -d $FILE_SEARCHED; then
debug "$FILE_SEARCHED is a directory"
for file_in_dir in $(ls $FILE_SEARCHED); do
@ -81,10 +81,10 @@ apply() {
fi
fi
done
if [ $SEARCH_RES = 0 ]; then
if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
touch "$FILE"
chmod 644 "$FILE"
add_end_of_file $FILE "$PATTERN"
fi
}

2
bin/hardening/6.1.5_etc_passwd_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
}

2
bin/hardening/6.1.6_etc_shadow_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
}

2
bin/hardening/6.1.7_etc_group_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE
chown "$USER":"$GROUP" "$FILE"
fi
}

6
bin/hardening/6.2.10_check_user_dot_file_perm.sh
View File

@ -38,7 +38,7 @@ audit() {
done
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "Dot file permission in users directories are correct"
fi
}
@ -51,11 +51,11 @@ apply() {
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
warn "Group Write permission set on FILE $FILE"
chmod g-w $FILE
chmod g-w "$FILE"
fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then
warn "Other Write permission set on FILE $FILE"
chmod o-w $FILE
chmod o-w "$FILE"
fi
fi
done

2
bin/hardening/6.2.11_find_user_forward_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory"
fi
}

2
bin/hardening/6.2.12_find_user_netrc_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory"
fi
}

4
bin/hardening/6.2.13_set_perm_on_user_netrc.sh
View File

@ -37,7 +37,7 @@ audit() {
done
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "permission $PERMISSIONS set on .netrc users files"
fi
@ -54,7 +54,7 @@ apply() {
ok "$FILE has correct permissions"
else
warn "$FILE permissions were not set to $PERMISSIONS"
chmod 600 $FILE
chmod 600 "$FILE"
fi
fi
done

2
bin/hardening/6.2.14_find_user_rhosts_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory"
fi
}

2
bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
View File

@ -30,7 +30,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "passwd and group Groups are consistent"
fi
}

2
bin/hardening/6.2.16_check_duplicate_uid.sh
View File

@ -41,7 +41,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No duplicate UIDs${FOUND_EXCEPTIONS:+ apart from configured exceptions:}${FOUND_EXCEPTIONS}"
fi
}

2
bin/hardening/6.2.17_check_duplicate_gid.sh
View File

@ -33,7 +33,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No duplicate GIDs"
fi
}

2
bin/hardening/6.2.18_check_duplicate_username.sh
View File

@ -33,7 +33,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No duplicate usernames"
fi
}

2
bin/hardening/6.2.19_check_duplicate_groupname.sh
View File

@ -33,7 +33,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No duplicate groupnames"
fi
}

2
bin/hardening/6.2.6_sanitize_root_path.sh
View File

@ -63,7 +63,7 @@ audit() {
shift
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "root PATH is secure"
fi
}

2
bin/hardening/6.2.7_users_valid_homedir.sh
View File

@ -33,7 +33,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "All home directories exists"
fi
}

10
bin/hardening/6.2.8_check_user_dir_perm.sh
View File

@ -52,7 +52,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "No incorrect permissions on home directories"
fi
@ -74,19 +74,19 @@ apply() {
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then
warn "Group Write permission set on directory $dir"
chmod g-w $dir
chmod g-w "$dir"
fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then
warn "Other Read permission set on directory $dir"
chmod o-r $dir
chmod o-r "$dir"
fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then
warn "Other Write permission set on directory $dir"
chmod o-w $dir
chmod o-w "$dir"
fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then
warn "Other Execute permission set on directory $dir"
chmod o-x $dir
chmod o-x "$dir"
fi
fi
done

4
bin/hardening/6.2.9_users_valid_homedir.sh
View File

@ -36,7 +36,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "All home directories exists"
fi
debug "Checking homedir ownership"
@ -65,7 +65,7 @@ audit() {
fi
done
if [ $ERRORS = 0 ]; then
if [ "$ERRORS" = 0 ]; then
ok "All home directories have correct ownership"
fi
}

8
bin/hardening/99.1_timeout_tty.sh
View File

@ -50,7 +50,7 @@ audit() {
fi
fi
done
if [ $SEARCH_RES = 0 ]; then
if [ "$SEARCH_RES" = 0 ]; then
crit "$PATTERN is not present in $FILES_TO_SEARCH"
fi
}
@ -83,10 +83,10 @@ apply() {
fi
fi
done
if [ $SEARCH_RES = 0 ]; then
if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
touch "$FILE"
chmod 644 "$FILE"
add_end_of_file $FILE "$PATTERN$VALUE"
add_end_of_file $FILE "readonly TMOUT"
add_end_of_file $FILE "export TMOUT"

8
bin/hardening/99.2_disable_usb_devices.sh
View File

@ -47,7 +47,7 @@ audit() {
fi
fi
done
if [ $SEARCH_RES = 0 ]; then
if [ "$SEARCH_RES" = 0 ]; then
crit "$PATTERN is not present in $FILES_TO_SEARCH"
fi
}
@ -79,10 +79,10 @@ apply() {
fi
fi
done
if [ $SEARCH_RES = 0 ]; then
if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE
chmod 644 $FILE
touch "$FILE"
chmod 644 "$FILE"
add_end_of_file $FILE '
# By default, disable all.
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"