elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(shellcheck): quote variables (SC2086)

Browse Source
This commit is contained in:
Thibault Ayanides 2020-12-04 15:04:22 +01:00
parent 106fa5fc8a
commit eaf56ca25e
55 changed files with 107 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/hardening/1.1.10_var_tmp_noexec.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

4
bin/hardening/1.1.11_var_log_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.12_var_log_audit_partition.sh
View File

@ -24,13 +24,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.13_home_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

6
bin/hardening/1.1.14_home_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.15_run_shm_nodev.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION") PARTITION=$(readlink -e "$PARTITION")
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.16_run_shm_nosuid.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION") PARTITION=$(readlink -e "$PARTITION")
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.17_run_shm_noexec.sh
View File

@ -27,19 +27,19 @@ audit() {
PARTITION=$(readlink -e "$PARTITION") PARTITION=$(readlink -e "$PARTITION")
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

4
bin/hardening/1.1.18_removable_device_nodev.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition" info "Verifying if there is $PARTITION like partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION" ok "There is no partition like $PARTITION"
FNRET=0 FNRET=0
else else
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.19_removable_device_nosuid.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition" info "Verifying if there is $PARTITION like partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION" ok "There is no partition like $PARTITION"
FNRET=0 FNRET=0
else else
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.20_removable_device_noexec.sh
View File

@ -28,13 +28,13 @@ audit() {
info "Verifying if there is $PARTITION like partition" info "Verifying if there is $PARTITION like partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
ok "There is no partition like $PARTITION" ok "There is no partition like $PARTITION"
FNRET=0 FNRET=0
else else
info "detected $PARTITION like" info "detected $PARTITION like"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.2_tmp_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

6
bin/hardening/1.1.3_tmp_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.4_tmp_nosuid.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.5_tmp_noexec.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

4
bin/hardening/1.1.6_var_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

4
bin/hardening/1.1.7_var_tmp_partition.sh
View File

@ -25,13 +25,13 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
is_mounted "$PARTITION" is_mounted "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted" warn "$PARTITION is not mounted"
FNRET=1 FNRET=1
else else

6
bin/hardening/1.1.8_var_tmp_nodev.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

6
bin/hardening/1.1.9_var_tmp_nosuid.sh
View File

@ -26,19 +26,19 @@ audit() {
info "Verifying that $PARTITION is a partition" info "Verifying that $PARTITION is a partition"
FNRET=0 FNRET=0
is_a_partition "$PARTITION" is_a_partition "$PARTITION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION is not a partition" crit "$PARTITION is not a partition"
FNRET=2 FNRET=2
else else
ok "$PARTITION is a partition" ok "$PARTITION is a partition"
has_mount_option "$PARTITION" "$OPTION" has_mount_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$PARTITION has no option $OPTION in fstab!" crit "$PARTITION has no option $OPTION in fstab!"
FNRET=1 FNRET=1
else else
ok "$PARTITION has $OPTION in fstab" ok "$PARTITION has $OPTION in fstab"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
warn "$PARTITION is not mounted with $OPTION at runtime" warn "$PARTITION is not mounted with $OPTION at runtime"
FNRET=3 FNRET=3
else else

2
bin/hardening/1.4.1_bootloader_ownership.sh
View File

@ -48,7 +48,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"

2
bin/hardening/1.7.1.4_motd_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/1.7.1.5_etc_issue_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/1.7.1.6_etc_issue_net_perms.sh
View File

@ -55,7 +55,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

4
bin/hardening/1.8_install_updates.sh
View File

@ -23,7 +23,7 @@ audit() {
apt_update_if_needed apt_update_if_needed
info "Fetching upgrades ..." info "Fetching upgrades ..."
apt_check_updates "CIS_APT" apt_check_updates "CIS_APT"
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
crit "$RESULT" crit "$RESULT"
FNRET=1 FNRET=1
else else
@ -34,7 +34,7 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
if [ $FNRET -gt 0 ]; then if [ "$FNRET" -gt 0 ]; then
info "Applying Upgrades..." info "Applying Upgrades..."
DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y DEBIAN_FRONTEND='noninteractive' apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y
else else

4
bin/hardening/4.2.4_logs_permissions.sh
View File

@ -33,7 +33,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "Logs in $DIR have correct permissions" ok "Logs in $DIR have correct permissions"
fi fi
} }
@ -51,7 +51,7 @@ apply() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "Logs in $DIR have correct permissions" ok "Logs in $DIR have correct permissions"
fi fi
} }

2
bin/hardening/5.1.2_crontab_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.4_cron_daily_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.7_cron_d_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.1.8_cron_users.sh
View File

@ -76,7 +76,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

2
bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
View File

@ -50,7 +50,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

6
bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh
View File

@ -36,7 +36,7 @@ audit() {
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "SSH private keys in $DIR have correct permissions" ok "SSH private keys in $DIR have correct permissions"
fi fi
@ -52,7 +52,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "SSH private keys in $DIR have correct ownership" ok "SSH private keys in $DIR have correct ownership"
fi fi
} }
@ -65,7 +65,7 @@ apply() {
ok "$FILE ownership was set to $USER:$GROUP" ok "$FILE ownership was set to $USER:$GROUP"
else else
warn "fixing $DIR SSH private keys permissions to $USER:$GROUP" warn "fixing $DIR SSH private keys permissions to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
done done

6
bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
View File

@ -46,7 +46,7 @@ audit() {
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "SSH public keys in $DIR have correct permissions" ok "SSH public keys in $DIR have correct permissions"
fi fi
@ -62,7 +62,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "SSH public keys in $DIR have correct ownership" ok "SSH public keys in $DIR have correct ownership"
fi fi
} }
@ -95,7 +95,7 @@ apply() {
ok "$FILE ownership was set to $USER:$GROUP" ok "$FILE ownership was set to $USER:$GROUP"
else else
warn "fixing $DIR SSH public keys ownership to $PERMISSIONS" warn "fixing $DIR SSH public keys ownership to $PERMISSIONS"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
done done

8
bin/hardening/5.4.4_default_umask.sh
View File

@ -58,7 +58,7 @@ audit() {
apply() { apply() {
SEARCH_RES=0 SEARCH_RES=0
for FILE_SEARCHED in $FILES_TO_SEARCH; do for FILE_SEARCHED in $FILES_TO_SEARCH; do
if [ $SEARCH_RES = 1 ]; then break; fi if [ "$SEARCH_RES" = 1 ]; then break; fi
if test -d $FILE_SEARCHED; then if test -d $FILE_SEARCHED; then
debug "$FILE_SEARCHED is a directory" debug "$FILE_SEARCHED is a directory"
for file_in_dir in $(ls $FILE_SEARCHED); do for file_in_dir in $(ls $FILE_SEARCHED); do
@ -81,10 +81,10 @@ apply() {
fi fi
fi fi
done done
if [ $SEARCH_RES = 0 ]; then if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH" warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE touch "$FILE"
chmod 644 $FILE chmod 644 "$FILE"
add_end_of_file $FILE "$PATTERN" add_end_of_file $FILE "$PATTERN"
fi fi
} }

2
bin/hardening/6.1.5_etc_passwd_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
} }

2
bin/hardening/6.1.6_etc_shadow_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
} }

2
bin/hardening/6.1.7_etc_group_permissions.sh
View File

@ -52,7 +52,7 @@ apply() {
ok "$FILE has correct ownership" ok "$FILE has correct ownership"
else else
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown $USER:$GROUP $FILE chown "$USER":"$GROUP" "$FILE"
fi fi
} }

6
bin/hardening/6.2.10_check_user_dot_file_perm.sh
View File

@ -38,7 +38,7 @@ audit() {
done done
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "Dot file permission in users directories are correct" ok "Dot file permission in users directories are correct"
fi fi
} }
@ -51,11 +51,11 @@ apply() {
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ") FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
warn "Group Write permission set on FILE $FILE" warn "Group Write permission set on FILE $FILE"
chmod g-w $FILE chmod g-w "$FILE"
fi fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then if [ $(echo $FILEPERM | cut -c9) != "-" ]; then
warn "Other Write permission set on FILE $FILE" warn "Other Write permission set on FILE $FILE"
chmod o-w $FILE chmod o-w "$FILE"
fi fi
fi fi
done done

2
bin/hardening/6.2.11_find_user_forward_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done done
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory" ok "No $FILENAME present in users home directory"
fi fi
} }

2
bin/hardening/6.2.12_find_user_netrc_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done done
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory" ok "No $FILENAME present in users home directory"
fi fi
} }

4
bin/hardening/6.2.13_set_perm_on_user_netrc.sh
View File

@ -37,7 +37,7 @@ audit() {
done done
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "permission $PERMISSIONS set on .netrc users files" ok "permission $PERMISSIONS set on .netrc users files"
fi fi
@ -54,7 +54,7 @@ apply() {
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
warn "$FILE permissions were not set to $PERMISSIONS" warn "$FILE permissions were not set to $PERMISSIONS"
chmod 600 $FILE chmod 600 "$FILE"
fi fi
fi fi
done done

2
bin/hardening/6.2.14_find_user_rhosts_files.sh
View File

@ -32,7 +32,7 @@ audit() {
done done
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No $FILENAME present in users home directory" ok "No $FILENAME present in users home directory"
fi fi
} }

2
bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
View File

@ -30,7 +30,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "passwd and group Groups are consistent" ok "passwd and group Groups are consistent"
fi fi
} }

2
bin/hardening/6.2.16_check_duplicate_uid.sh
View File

@ -41,7 +41,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No duplicate UIDs${FOUND_EXCEPTIONS:+ apart from configured exceptions:}${FOUND_EXCEPTIONS}" ok "No duplicate UIDs${FOUND_EXCEPTIONS:+ apart from configured exceptions:}${FOUND_EXCEPTIONS}"
fi fi
} }

2
bin/hardening/6.2.17_check_duplicate_gid.sh
View File

@ -33,7 +33,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No duplicate GIDs" ok "No duplicate GIDs"
fi fi
} }

2
bin/hardening/6.2.18_check_duplicate_username.sh
View File

@ -33,7 +33,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No duplicate usernames" ok "No duplicate usernames"
fi fi
} }

2
bin/hardening/6.2.19_check_duplicate_groupname.sh
View File

@ -33,7 +33,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No duplicate groupnames" ok "No duplicate groupnames"
fi fi
} }

2
bin/hardening/6.2.6_sanitize_root_path.sh
View File

@ -63,7 +63,7 @@ audit() {
shift shift
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "root PATH is secure" ok "root PATH is secure"
fi fi
} }

2
bin/hardening/6.2.7_users_valid_homedir.sh
View File

@ -33,7 +33,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "All home directories exists" ok "All home directories exists"
fi fi
} }

10
bin/hardening/6.2.8_check_user_dir_perm.sh
View File

@ -52,7 +52,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "No incorrect permissions on home directories" ok "No incorrect permissions on home directories"
fi fi
@ -74,19 +74,19 @@ apply() {
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ") dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then if [ $(echo $dirperm | cut -c6) != "-" ]; then
warn "Group Write permission set on directory $dir" warn "Group Write permission set on directory $dir"
chmod g-w $dir chmod g-w "$dir"
fi fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then if [ $(echo $dirperm | cut -c8) != "-" ]; then
warn "Other Read permission set on directory $dir" warn "Other Read permission set on directory $dir"
chmod o-r $dir chmod o-r "$dir"
fi fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then if [ $(echo $dirperm | cut -c9) != "-" ]; then
warn "Other Write permission set on directory $dir" warn "Other Write permission set on directory $dir"
chmod o-w $dir chmod o-w "$dir"
fi fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then if [ $(echo $dirperm | cut -c10) != "-" ]; then
warn "Other Execute permission set on directory $dir" warn "Other Execute permission set on directory $dir"
chmod o-x $dir chmod o-x "$dir"
fi fi
fi fi
done done

4
bin/hardening/6.2.9_users_valid_homedir.sh
View File

@ -36,7 +36,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "All home directories exists" ok "All home directories exists"
fi fi
debug "Checking homedir ownership" debug "Checking homedir ownership"
@ -65,7 +65,7 @@ audit() {
fi fi
done done
if [ $ERRORS = 0 ]; then if [ "$ERRORS" = 0 ]; then
ok "All home directories have correct ownership" ok "All home directories have correct ownership"
fi fi
} }

8
bin/hardening/99.1_timeout_tty.sh
View File

@ -50,7 +50,7 @@ audit() {
fi fi
fi fi
done done
if [ $SEARCH_RES = 0 ]; then if [ "$SEARCH_RES" = 0 ]; then
crit "$PATTERN is not present in $FILES_TO_SEARCH" crit "$PATTERN is not present in $FILES_TO_SEARCH"
fi fi
} }
@ -83,10 +83,10 @@ apply() {
fi fi
fi fi
done done
if [ $SEARCH_RES = 0 ]; then if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH" warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE touch "$FILE"
chmod 644 $FILE chmod 644 "$FILE"
add_end_of_file $FILE "$PATTERN$VALUE" add_end_of_file $FILE "$PATTERN$VALUE"
add_end_of_file $FILE "readonly TMOUT" add_end_of_file $FILE "readonly TMOUT"
add_end_of_file $FILE "export TMOUT" add_end_of_file $FILE "export TMOUT"

8
bin/hardening/99.2_disable_usb_devices.sh
View File

@ -47,7 +47,7 @@ audit() {
fi fi
fi fi
done done
if [ $SEARCH_RES = 0 ]; then if [ "$SEARCH_RES" = 0 ]; then
crit "$PATTERN is not present in $FILES_TO_SEARCH" crit "$PATTERN is not present in $FILES_TO_SEARCH"
fi fi
} }
@ -79,10 +79,10 @@ apply() {
fi fi
fi fi
done done
if [ $SEARCH_RES = 0 ]; then if [ "$SEARCH_RES" = 0 ]; then
warn "$PATTERN is not present in $FILES_TO_SEARCH" warn "$PATTERN is not present in $FILES_TO_SEARCH"
touch $FILE touch "$FILE"
chmod 644 $FILE chmod 644 "$FILE"
add_end_of_file $FILE ' add_end_of_file $FILE '
# By default, disable all. # By default, disable all.
ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0" ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"