IMP(shellcheck): disable quoting warning for find

This commit is contained in:
Thibault Ayanides 2020-12-14 14:28:27 +01:00
parent 2ab1bd50dc
commit fad8e8c1f1
4 changed files with 6 additions and 0 deletions

View File

@ -21,6 +21,7 @@ DESCRIPTION="Set sticky bit on world writable directories to prevent users from
audit() { audit() {
info "Checking if setuid is set on world writable Directories" info "Checking if setuid is set on world writable Directories"
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
crit "Some world writable directories are not on sticky bit mode!" crit "Some world writable directories are not on sticky bit mode!"

View File

@ -21,6 +21,7 @@ DESCRIPTION="Ensure no world writable files exist"
audit() { audit() {
info "Checking if there are world writable files" info "Checking if there are world writable files"
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type f -perm -0002 -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
crit "Some world writable files are present" crit "Some world writable files are present"

View File

@ -25,8 +25,10 @@ audit() {
info "Checking if there are unowned files" info "Checking if there are unowned files"
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else else
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null)
fi fi
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then

View File

@ -25,8 +25,10 @@ audit() {
info "Checking if there are ungrouped files" info "Checking if there are ungrouped files"
FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}') FS_NAMES=$(df --local -P | awk '{if (NR!=1) print $6}')
if [ -n "$EXCLUDED" ]; then if [ -n "$EXCLUDED" ]; then
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else else
# shellcheck disable=SC2086
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null)
fi fi
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then