From f8ac58700d40da215b5ba02ca6babf7ad1930e70 Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Thu, 25 Mar 2021 13:50:08 +0100
Subject: [PATCH] FIX(4.1.1.4): bad pattern (#67)

fix #61
---
 bin/hardening/4.1.1.3_audit_bootloader.sh    | 6 +++---
 bin/hardening/4.1.1.4_audit_backlog_limit.sh | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bin/hardening/4.1.1.3_audit_bootloader.sh b/bin/hardening/4.1.1.3_audit_bootloader.sh
index 2ec6944..01bb518 100755
--- a/bin/hardening/4.1.1.3_audit_bootloader.sh
+++ b/bin/hardening/4.1.1.3_audit_bootloader.sh
@@ -18,7 +18,7 @@ HARDENING_LEVEL=4
 DESCRIPTION="Enable auditing for processes that start prior to auditd."
 
 FILE='/etc/default/grub'
-OPTIONS='GRUB_CMDLINE_LINUX="audit=1"'
+OPTIONS='GRUB_CMDLINE_LINUX=audit=1'
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
@@ -30,7 +30,7 @@ audit() {
         for GRUB_OPTION in $OPTIONS; do
             GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
             GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
-            PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
+            PATTERN="^$GRUB_PARAM=.*$GRUB_VALUE"
             debug "$GRUB_PARAM should be set to $GRUB_VALUE"
             does_pattern_exist_in_file "$FILE" "$PATTERN"
             if [ "$FNRET" != 0 ]; then
@@ -55,7 +55,7 @@ apply() {
         GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
         GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
         debug "$GRUB_PARAM should be set to $GRUB_VALUE"
-        PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
+        PATTERN="^$GRUB_PARAM=.*$GRUB_VALUE"
         does_pattern_exist_in_file "$FILE" "$PATTERN"
         if [ "$FNRET" != 0 ]; then
             warn "$PATTERN is not present in $FILE, adding it"
diff --git a/bin/hardening/4.1.1.4_audit_backlog_limit.sh b/bin/hardening/4.1.1.4_audit_backlog_limit.sh
index d9ae5db..1186349 100755
--- a/bin/hardening/4.1.1.4_audit_backlog_limit.sh
+++ b/bin/hardening/4.1.1.4_audit_backlog_limit.sh
@@ -18,7 +18,7 @@ HARDENING_LEVEL=4
 DESCRIPTION="Configure audit_backlog_limit to be sufficient."
 
 FILE='/etc/default/grub'
-OPTIONS='GRUB_CMDLINE_LINUX="audit_backlog_limit=8192"'
+OPTIONS='GRUB_CMDLINE_LINUX=audit_backlog_limit=8192'
 
 # This function will be called if the script status is on enabled / audit mode
 audit() {
@@ -30,7 +30,7 @@ audit() {
         for GRUB_OPTION in $OPTIONS; do
             GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
             GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
-            PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
+            PATTERN="^$GRUB_PARAM=.*$GRUB_VALUE"
             debug "$GRUB_PARAM should be set to $GRUB_VALUE"
             does_pattern_exist_in_file "$FILE" "$PATTERN"
             if [ "$FNRET" != 0 ]; then
@@ -55,7 +55,7 @@ apply() {
         GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
         GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
         debug "$GRUB_PARAM should be set to $GRUB_VALUE"
-        PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
+        PATTERN="^$GRUB_PARAM=.*$GRUB_VALUE"
         does_pattern_exist_in_file "$FILE" "$PATTERN"
         if [ "$FNRET" != 0 ]; then
             warn "$PATTERN is not present in $FILE, adding it"