IMP(shellcheck): quote variables (SC2086)

This commit is contained in:
Thibault Ayanides 2020-12-07 16:49:11 +01:00
parent e2f7426664
commit 6826f377e6
68 changed files with 294 additions and 294 deletions

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
fi
}

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
fi
}

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION
add_option_to_fstab "$PARTITION" "$OPTION"
fi
}

View file

@ -24,7 +24,7 @@ audit() {
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ -n "$RESULT" ]; then
crit "Some world writable directories are not on sticky bit mode!"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<<$RESULT | sort | uniq | tr '\n' ' ')
FORMATTED_RESULT=$(sed "s/ /\n/g" <<<"$RESULT" | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT"
else
ok "All world writable directories have a sticky bit"

View file

@ -22,7 +22,7 @@ PATTERN="^root:[*\!]:"
# This function will be called if the script status is on enabled / audit mode
audit() {
does_pattern_exist_in_file $FILE $PATTERN
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 1 ]; then
crit "$PATTERN is present in $FILE"
else
@ -32,7 +32,7 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
does_pattern_exist_in_file $FILE $PATTERN
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 1 ]; then
warn "$PATTERN is present in $FILE, please put a root password"
else

View file

@ -27,14 +27,14 @@ SYSCTL_EXP_RESULT=0
audit() {
SEARCH_RES=0
LIMIT_FILES=""
if $SUDO_CMD [ -d $LIMIT_DIR ]; then
if $SUDO_CMD [ -d "$LIMIT_DIR" ]; then
for file in $($SUDO_CMD ls $LIMIT_DIR/*.conf 2>/dev/null); do
LIMIT_FILES="$LIMIT_FILES $LIMIT_DIR/$file"
done
fi
debug "Files to search $LIMIT_FILE $LIMIT_FILES"
for file in $LIMIT_FILE $LIMIT_FILES; do
does_pattern_exist_in_file $file $LIMIT_PATTERN
does_pattern_exist_in_file "$file" "$LIMIT_PATTERN"
if [ "$FNRET" != 0 ]; then
debug "$LIMIT_PATTERN not present in $file"
else
@ -58,7 +58,7 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN
does_pattern_exist_in_file "$LIMIT_FILE" "$LIMIT_PATTERN"
if [ "$FNRET" != 0 ]; then
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of $LIMIT_FILE"
add_end_of_file $LIMIT_FILE "* hard core 0"

View file

@ -35,7 +35,7 @@ nx_supported_and_enabled() {
# This function will be called if the script status is on enabled / audit mode
audit() {
does_pattern_exist_in_dmesg $PATTERN
does_pattern_exist_in_dmesg "$PATTERN"
if [ "$FNRET" != 0 ]; then
nx_supported_and_enabled
if [ "$FNRET" != 0 ]; then
@ -50,7 +50,7 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
does_pattern_exist_in_dmesg $PATTERN
does_pattern_exist_in_dmesg "$PATTERN"
if [ "$FNRET" != 0 ]; then
nx_supported_and_enabled
if [ "$FNRET" != 0 ]; then

View file

@ -32,13 +32,13 @@ audit() {
crit "$PACKAGE is not installed!"
else
ok "$PACKAGE is installed, checking configuration"
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
does_pattern_exist_in_file "$NTP_CONF_FILE" "$NTP_CONF_DEFAULT_PATTERN"
if [ "$FNRET" != 0 ]; then
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
else
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
fi
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN"
does_pattern_exist_in_file "$NTP_INIT_FILE" "^$NTP_INIT_PATTERN"
if [ "$FNRET" != 0 ]; then
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
else
@ -54,10 +54,10 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
info "Checking $PACKAGE configuration"
fi
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN
does_pattern_exist_in_file "$NTP_CONF_FILE" "$NTP_CONF_DEFAULT_PATTERN"
if [ "$FNRET" != 0 ]; then
warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it"
backup_file $NTP_CONF_FILE

View file

@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -24,8 +24,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_red
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -41,13 +41,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -23,9 +23,9 @@ SYSCTL_PARAMS=''
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
if [ "$FNRET" = 0 ] || [[ ! "$SYSCTL_VALUES" =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -42,13 +42,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -24,8 +24,8 @@ audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
@ -43,13 +43,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martia
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.icmp_echo_ignore_broadcasts=1'
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.icmp_ignore_bogus_error_responses=1'
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1'
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.tcp_syncookies=1'
# This function will be called if the script status is on enabled / audit mode
audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -26,8 +26,8 @@ audit() {
ok "ipv6 is disabled"
else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -48,13 +48,13 @@ apply() {
ok "ipv6 is disabled"
else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -36,7 +36,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
}

View file

@ -39,7 +39,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
}

View file

@ -26,8 +26,8 @@ audit() {
ok "ipv6 is disabled"
else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
@ -48,13 +48,13 @@ apply() {
ok "ipv6 is disabled"
else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2)
SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT
set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS"
elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -28,8 +28,8 @@ audit() {
else
ok "$FILE exists, checking configuration"
for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2)
AUDIT_PARAM=$(echo "$AUDIT_OPTION" | cut -d= -f 1)
AUDIT_VALUE=$(echo "$AUDIT_OPTION" | cut -d= -f 2)
PATTERN="^${AUDIT_PARAM}[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"

View file

@ -43,7 +43,7 @@ apply() {
ok "$PACKAGE is installed"
else
warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
is_service_enabled "$SERVICE_NAME"
if [ "$FNRET" = 0 ]; then

View file

@ -28,11 +28,11 @@ audit() {
else
ok "$FILE exists, checking configuration"
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 0 ]; then
crit "$PATTERN is not present in $FILE"
else
@ -47,25 +47,25 @@ apply() {
does_file_exist $FILE
if [ "$FNRET" != 0 ]; then
warn "$FILE does not exist, creating it"
touch $FILE
touch "$FILE"
else
ok "$FILE exists"
fi
for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3)
GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
debug "$GRUB_PARAM should be set to $GRUB_VALUE"
PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 0 ]; then
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$GRUB_PARAM"
does_pattern_exist_in_file "$FILE" "^$GRUB_PARAM"
if [ "$FNRET" != 0 ]; then
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE"
add_end_of_file "$FILE" "$GRUB_PARAM = $GRUB_VALUE"
else
info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
replace_in_file "$FILE" "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
fi
else
ok "$PATTERN is present in $FILE"

View file

@ -136,7 +136,7 @@ check_config() {
crit "$USER does not exist"
exit 128
fi
does_group_exist $GROUP
does_group_exist "$GROUP"
if [ "$FNRET" != 0 ]; then
crit "$GROUP does not exist"
exit 128

View file

@ -37,7 +37,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
}

View file

@ -43,7 +43,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
is_service_enabled "$SERVICE_NAME"
if [ "$FNRET" != 0 ]; then
info "Enabling $SERVICE_NAME"

View file

@ -26,7 +26,7 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode
audit() {
for FILE in $FILES_ABSENT; do
does_file_exist $FILE
does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then
crit "$FILE exists"
else
@ -34,7 +34,7 @@ audit() {
fi
done
for FILE in $FILES_PRESENT; do
does_file_exist $FILE
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
crit "$FILE is absent"
else
@ -57,19 +57,19 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for FILE in $FILES_ABSENT; do
does_file_exist $FILE
does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then
warn "$FILE exists"
rm $FILE
rm "$FILE"
else
ok "$FILE is absent"
fi
done
for FILE in $FILES_PRESENT; do
does_file_exist $FILE
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
warn "$FILE is absent"
touch $FILE
touch "$FILE"
fi
has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM"
does_pattern_exist_in_file "$FILE" "^$SSH_PARAM"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file_nocase $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file_nocase "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload >/dev/null 2>&1
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file_nocase $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file_nocase "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload >/dev/null 2>&1
fi
@ -76,9 +76,9 @@ create_config() {
get_debian_major_version
set +u
debug "Debian version : $DEB_MAJ_VER "
if [[ -z $DEB_MAJ_VER ]] || [[ 7 -eq $DEB_MAJ_VER ]]; then
if [[ -z "$DEB_MAJ_VER" ]] || [[ 7 -eq "$DEB_MAJ_VER" ]]; then
KEX='diffie-hellman-group-exchange-sha256'
elif [[ 8 -eq $DEB_MAJ_VER ]] || [[ 9 -eq $DEB_MAJ_VER ]]; then
elif [[ 8 -eq "$DEB_MAJ_VER" ]] || [[ 9 -eq "$DEB_MAJ_VER" ]]; then
KEX='curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256'
else
KEX='diffie-hellman-group-exchange-sha256'

View file

@ -30,10 +30,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -50,23 +50,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,8 +29,8 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,9 +29,9 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<$SSH_VALUE)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<"$SSH_VALUE")
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
@ -50,24 +50,24 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<$SSH_VALUE)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<"$SSH_VALUE")
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi
@ -89,19 +89,19 @@ EOF
# This function will check config parameters required
check_config() {
if [ -z $ALLOWED_USERS ]; then
if [ -z "$ALLOWED_USERS" ]; then
info "ALLOWED_USERS is not set, defaults to wildcard"
ALLOWED_USERS="*"
fi
if [ -z $ALLOWED_GROUPS ]; then
if [ -z "$ALLOWED_GROUPS" ]; then
info "ALLOWED_GROUPS is not set, defaults to wildcard"
ALLOWED_GROUPS="*"
fi
if [ -z $DENIED_USERS ]; then
if [ -z "$DENIED_USERS" ]; then
info "DENIED_USERS is not set, defaults to nobody"
DENIED_USERS="nobody"
fi
if [ -z $DENIED_GROUPS ]; then
if [ -z "$DENIED_GROUPS" ]; then
info "DENIED_GROUPS is not set, defaults to nobody"
DENIED_GROUPS="nobody"
fi

View file

@ -29,7 +29,7 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
PATTERN="^${SSH_PARAM}[[:space:]]*"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
@ -48,20 +48,20 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present and activated"
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload >/dev/null 2>&1
fi

View file

@ -30,8 +30,8 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
@ -50,23 +50,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS_TO_APPLY; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload >/dev/null 2>&1
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload >/dev/null 2>&1
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -29,10 +29,10 @@ audit() {
else
ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE"
else
warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE"
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi
/etc/init.d/ssh reload
fi

View file

@ -60,7 +60,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
does_pattern_exist_in_file $FILE_COMMON $PATTERN_COMMON
if [ "$FNRET" = 0 ]; then

View file

@ -52,7 +52,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
does_pattern_exist_in_file $FILE_AUTH "$PATTERN_AUTH"
if [ "$FNRET" = 0 ]; then

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -22,7 +22,7 @@ EXPECTED_GID='0'
# This function will be called if the script status is on enabled / audit mode
audit() {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
if [ "$(grep "^root:" /etc/passwd | cut -f4 -d:)" = 0 ]; then
ok "Root group has GID $EXPECTED_GID"
else
crit "Root group GID should be $EXPECTED_GID"
@ -31,7 +31,7 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then
if [ "$(grep "^root:" /etc/passwd | cut -f4 -d:)" = 0 ]; then
ok "Root group GID is $EXPECTED_GID"
else
warn "Root group GID is not $EXPECTED_GID -- Fixing"

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
does_pattern_exist_in_file $FILE $PATTERN
if [ "$FNRET" = 0 ]; then

View file

@ -23,14 +23,14 @@ ERRORS=0
audit() {
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
debug "Working on $DIR"
for FILE in $DIR/.[A-Za-z0-9]*; do
for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
crit "Group Write permission set on FILE $FILE"
ERRORS=$((ERRORS + 1))
fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then
if [ "$(echo "$FILEPERM" | cut -c9)" != "-" ]; then
crit "Other Write permission set on FILE $FILE"
ERRORS=$((ERRORS + 1))
fi
@ -46,14 +46,14 @@ audit() {
# This function will be called if the script status is on enabled mode
apply() {
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
for FILE in $DIR/.[A-Za-z0-9]*; do
for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
warn "Group Write permission set on FILE $FILE"
chmod g-w "$FILE"
fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then
if [ "$(echo "$FILEPERM" | cut -c9)" != "-" ]; then
warn "Other Write permission set on FILE $FILE"
chmod o-w "$FILE"
fi

View file

@ -25,32 +25,32 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode
audit() {
if [ "$(echo $path | grep ::)" != "" ]; then
if [ "$(echo "$path" | grep ::)" != "" ]; then
crit "Empty Directory in PATH (::)"
ERRORS=$((ERRORS + 1))
fi
if [ "$(echo $path | grep :$)" != "" ]; then
if [ "$(echo "$path" | grep :$)" != "" ]; then
crit "Trailing : in PATH $path"
ERRORS=$((ERRORS + 1))
fi
FORMATTED_PATH=$(echo $path | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g')
FORMATTED_PATH=$(echo "$path" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g')
set -- $FORMATTED_PATH
while [ "${1:-}" != "" ]; do
if [ "$1" = "." ]; then
crit "PATH contains ."
ERRORS=$((ERRORS + 1))
else
if [ -d $1 ]; then
dirperm=$(ls -ldH $1 | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then
if [ -d "$1" ]; then
dirperm=$(ls -ldH "$1" | cut -f1 -d" ")
if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
crit "Group Write permission set on directory $1"
ERRORS=$((ERRORS + 1))
fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
crit "Other Write permission set on directory $1"
ERRORS=$((ERRORS + 1))
fi
dirown=$(ls -ldH $1 | awk '{print $3}')
dirown=$(ls -ldH "$1" | awk '{print $3}')
if [ "$dirown" != "root" ]; then
crit "$1 is not owned by root"
ERRORS=$((ERRORS + 1))

View file

@ -25,27 +25,27 @@ audit() {
debug "Working on $dir"
debug "Exceptions : $EXCEPTIONS"
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
if echo "$EXCEPTIONS" | grep -q $dir; then
if echo "$EXCEPTIONS" | grep -q "$dir"; then
debug "$dir is confirmed as an exception"
RESULT=$(sed "s!$dir!!" <<<"$RESULT")
else
debug "$dir not found in exceptions"
fi
if [ -d $dir ]; then
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then
if [ -d "$dir" ]; then
dirperm=$(/bin/ls -ld "$dir" | cut -f1 -d" ")
if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
crit "Group Write permission set on directory $dir"
ERRORS=$((ERRORS + 1))
fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c8)" != "-" ]; then
crit "Other Read permission set on directory $dir"
ERRORS=$((ERRORS + 1))
fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
crit "Other Write permission set on directory $dir"
ERRORS=$((ERRORS + 1))
fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c10)" != "-" ]; then
crit "Other Execute permission set on directory $dir"
ERRORS=$((ERRORS + 1))
fi
@ -64,27 +64,27 @@ apply() {
debug "Working on $dir"
debug "Exceptions : $EXCEPTIONS"
debug "echo \"$EXCEPTIONS\" | grep -q $dir"
if echo "$EXCEPTIONS" | grep -q $dir; then
if echo "$EXCEPTIONS" | grep -q "$dir"; then
debug "$dir is confirmed as an exception"
RESULT=$(sed "s!$dir!!" <<<"$RESULT")
else
debug "$dir not found in exceptions"
fi
if [ -d $dir ]; then
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then
if [ -d "$dir" ]; then
dirperm=$(/bin/ls -ld "$dir" | cut -f1 -d" ")
if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
warn "Group Write permission set on directory $dir"
chmod g-w "$dir"
fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c8)" != "-" ]; then
warn "Other Read permission set on directory $dir"
chmod o-r "$dir"
fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
warn "Other Write permission set on directory $dir"
chmod o-w "$dir"
fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then
if [ "$(echo "$dirperm" | cut -c10)" != "-" ]; then
warn "Other Execute permission set on directory $dir"
chmod o-x "$dir"
fi

View file

@ -37,7 +37,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
info "Tripwire is now installed but not fully functionnal, please see readme to go further"
fi
}

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)

View file

@ -64,7 +64,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -48,7 +48,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)

View file

@ -47,7 +47,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed"
else
crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE
apt_install "$PACKAGE"
fi
for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -10,7 +10,7 @@
echo "Generating Site key file..."
twadmin -m G -S /etc/tripwire/site.key # Generates Site key file
echo "Generating Local key file..."
twadmin -m G -S /etc/tripwire/$(hostname -f)-local.key # Generate local key file
twadmin -m G -S /etc/tripwire/"$(hostname -f)"-local.key # Generate local key file
echo "Generating encrypted policy..."
twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file
echo "Generating Local database with newly created key..."