mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 14:05:23 +01:00
IMP(shellcheck): disable quoting warning for find
This commit is contained in:
parent
2ab1bd50dc
commit
fad8e8c1f1
@ -21,6 +21,7 @@ DESCRIPTION="Set sticky bit on world writable directories to prevent users from
|
||||
audit() {
|
||||
info "Checking if setuid is set on world writable Directories"
|
||||
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
|
||||
if [ -n "$RESULT" ]; then
|
||||
crit "Some world writable directories are not on sticky bit mode!"
|
||||
|
@ -21,6 +21,7 @@ DESCRIPTION="Ensure no world writable files exist"
|
||||
audit() {
|
||||
info "Checking if there are world writable files"
|
||||
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null)
|
||||
if [ -n "$RESULT" ]; then
|
||||
crit "Some world writable files are present"
|
||||
|
@ -25,8 +25,10 @@ audit() {
|
||||
info "Checking if there are unowned files"
|
||||
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
|
||||
if [ -n "$EXCLUDED" ]; then
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
|
||||
else
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null)
|
||||
fi
|
||||
if [ -n "$RESULT" ]; then
|
||||
|
@ -25,8 +25,10 @@ audit() {
|
||||
info "Checking if there are ungrouped files"
|
||||
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
|
||||
if [ -n "$EXCLUDED" ]; then
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
|
||||
else
|
||||
# shellcheck disable=SC2086
|
||||
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null)
|
||||
fi
|
||||
if [ -n "$RESULT" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user