From fad8e8c1f1f6f7a18649c6b016298e7471835cc9 Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Mon, 14 Dec 2020 14:28:27 +0100 Subject: [PATCH] IMP(shellcheck): disable quoting warning for find --- bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh | 1 + bin/hardening/6.1.10_find_world_writable_file.sh | 1 + bin/hardening/6.1.11_find_unowned_files.sh | 2 ++ bin/hardening/6.1.12_find_ungrouped_files.sh | 2 ++ 4 files changed, 6 insertions(+) diff --git a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh index 22a3122..2f96090 100755 --- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -21,6 +21,7 @@ DESCRIPTION="Set sticky bit on world writable directories to prevent users from audit() { info "Checking if setuid is set on world writable Directories" FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) if [ -n "$RESULT" ]; then crit "Some world writable directories are not on sticky bit mode!" diff --git a/bin/hardening/6.1.10_find_world_writable_file.sh b/bin/hardening/6.1.10_find_world_writable_file.sh index 3221eaf..4c30ce4 100755 --- a/bin/hardening/6.1.10_find_world_writable_file.sh +++ b/bin/hardening/6.1.10_find_world_writable_file.sh @@ -21,6 +21,7 @@ DESCRIPTION="Ensure no world writable files exist" audit() { info "Checking if there are world writable files" FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null) if [ -n "$RESULT" ]; then crit "Some world writable files are present" diff --git a/bin/hardening/6.1.11_find_unowned_files.sh b/bin/hardening/6.1.11_find_unowned_files.sh index 8dc73bf..050cb44 100755 --- a/bin/hardening/6.1.11_find_unowned_files.sh +++ b/bin/hardening/6.1.11_find_unowned_files.sh @@ -25,8 +25,10 @@ audit() { info "Checking if there are unowned files" FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') if [ -n "$EXCLUDED" ]; then + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) else + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null) fi if [ -n "$RESULT" ]; then diff --git a/bin/hardening/6.1.12_find_ungrouped_files.sh b/bin/hardening/6.1.12_find_ungrouped_files.sh index 99bd08e..02a302c 100755 --- a/bin/hardening/6.1.12_find_ungrouped_files.sh +++ b/bin/hardening/6.1.12_find_ungrouped_files.sh @@ -25,8 +25,10 @@ audit() { info "Checking if there are ungrouped files" FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') if [ -n "$EXCLUDED" ]; then + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) else + # shellcheck disable=SC2086 RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null) fi if [ -n "$RESULT" ]; then