IMP(shellcheck): quote variables (SC2086)

This commit is contained in:
Thibault Ayanides 2020-12-07 16:49:11 +01:00
parent e2f7426664
commit 6826f377e6
68 changed files with 294 additions and 294 deletions

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here" crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab" info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION" remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then elif [ "$FNRET" = 3 ]; then

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here" crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab" info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION" remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then elif [ "$FNRET" = 3 ]; then

View file

@ -57,7 +57,7 @@ apply() {
crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here" crit "$PARTITION is not a partition, correct this by yourself, I cannot help you here"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
info "Remounting $PARTITION from fstab" info "Remounting $PARTITION from fstab"
remount_partition "$PARTITION" remount_partition "$PARTITION"
elif [ "$FNRET" = 3 ]; then elif [ "$FNRET" = 3 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set" ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
fi fi
} }

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set" ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
fi fi
} }

View file

@ -49,7 +49,7 @@ apply() {
ok "$PARTITION is correctly set" ok "$PARTITION is correctly set"
elif [ "$FNRET" = 1 ]; then elif [ "$FNRET" = 1 ]; then
info "Adding $OPTION to fstab" info "Adding $OPTION to fstab"
add_option_to_fstab $PARTITION $OPTION add_option_to_fstab "$PARTITION" "$OPTION"
fi fi
} }

View file

@ -24,7 +24,7 @@ audit() {
RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null) RESULT=$($SUDO_CMD find $FS_NAMES -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null)
if [ -n "$RESULT" ]; then if [ -n "$RESULT" ]; then
crit "Some world writable directories are not on sticky bit mode!" crit "Some world writable directories are not on sticky bit mode!"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<<$RESULT | sort | uniq | tr '\n' ' ') FORMATTED_RESULT=$(sed "s/ /\n/g" <<<"$RESULT" | sort | uniq | tr '\n' ' ')
crit "$FORMATTED_RESULT" crit "$FORMATTED_RESULT"
else else
ok "All world writable directories have a sticky bit" ok "All world writable directories have a sticky bit"

View file

@ -22,7 +22,7 @@ PATTERN="^root:[*\!]:"
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_pattern_exist_in_file $FILE $PATTERN does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 1 ]; then if [ "$FNRET" != 1 ]; then
crit "$PATTERN is present in $FILE" crit "$PATTERN is present in $FILE"
else else
@ -32,7 +32,7 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_pattern_exist_in_file $FILE $PATTERN does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 1 ]; then if [ "$FNRET" != 1 ]; then
warn "$PATTERN is present in $FILE, please put a root password" warn "$PATTERN is present in $FILE, please put a root password"
else else

View file

@ -27,14 +27,14 @@ SYSCTL_EXP_RESULT=0
audit() { audit() {
SEARCH_RES=0 SEARCH_RES=0
LIMIT_FILES="" LIMIT_FILES=""
if $SUDO_CMD [ -d $LIMIT_DIR ]; then if $SUDO_CMD [ -d "$LIMIT_DIR" ]; then
for file in $($SUDO_CMD ls $LIMIT_DIR/*.conf 2>/dev/null); do for file in $($SUDO_CMD ls $LIMIT_DIR/*.conf 2>/dev/null); do
LIMIT_FILES="$LIMIT_FILES $LIMIT_DIR/$file" LIMIT_FILES="$LIMIT_FILES $LIMIT_DIR/$file"
done done
fi fi
debug "Files to search $LIMIT_FILE $LIMIT_FILES" debug "Files to search $LIMIT_FILE $LIMIT_FILES"
for file in $LIMIT_FILE $LIMIT_FILES; do for file in $LIMIT_FILE $LIMIT_FILES; do
does_pattern_exist_in_file $file $LIMIT_PATTERN does_pattern_exist_in_file "$file" "$LIMIT_PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
debug "$LIMIT_PATTERN not present in $file" debug "$LIMIT_PATTERN not present in $file"
else else
@ -58,7 +58,7 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_pattern_exist_in_file $LIMIT_FILE $LIMIT_PATTERN does_pattern_exist_in_file "$LIMIT_FILE" "$LIMIT_PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of $LIMIT_FILE" warn "$LIMIT_PATTERN not present in $LIMIT_FILE, adding at the end of $LIMIT_FILE"
add_end_of_file $LIMIT_FILE "* hard core 0" add_end_of_file $LIMIT_FILE "* hard core 0"

View file

@ -35,7 +35,7 @@ nx_supported_and_enabled() {
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_pattern_exist_in_dmesg $PATTERN does_pattern_exist_in_dmesg "$PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
nx_supported_and_enabled nx_supported_and_enabled
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -50,7 +50,7 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_pattern_exist_in_dmesg $PATTERN does_pattern_exist_in_dmesg "$PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
nx_supported_and_enabled nx_supported_and_enabled
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then

View file

@ -32,13 +32,13 @@ audit() {
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed, checking configuration" ok "$PACKAGE is installed, checking configuration"
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN does_pattern_exist_in_file "$NTP_CONF_FILE" "$NTP_CONF_DEFAULT_PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE" crit "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE"
else else
ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE" ok "$NTP_CONF_DEFAULT_PATTERN found in $NTP_CONF_FILE"
fi fi
does_pattern_exist_in_file $NTP_INIT_FILE "^$NTP_INIT_PATTERN" does_pattern_exist_in_file "$NTP_INIT_FILE" "^$NTP_INIT_PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE" crit "$NTP_INIT_PATTERN not found in $NTP_INIT_FILE"
else else
@ -54,10 +54,10 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
info "Checking $PACKAGE configuration" info "Checking $PACKAGE configuration"
fi fi
does_pattern_exist_in_file $NTP_CONF_FILE $NTP_CONF_DEFAULT_PATTERN does_pattern_exist_in_file "$NTP_CONF_FILE" "$NTP_CONF_DEFAULT_PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it" warn "$NTP_CONF_DEFAULT_PATTERN not found in $NTP_CONF_FILE, adding it"
backup_file $NTP_CONF_FILE backup_file $NTP_CONF_FILE

View file

@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -24,8 +24,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_red
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -41,13 +41,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -23,9 +23,9 @@ SYSCTL_PARAMS=''
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
does_sysctl_param_exists "net.ipv6" does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6 if [ "$FNRET" = 0 ] || [[ ! "$SYSCTL_VALUES" =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -42,13 +42,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -24,8 +24,8 @@ audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
does_sysctl_param_exists "net.ipv6" does_sysctl_param_exists "net.ipv6"
if [ "$FNRET" = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6 if [ "$FNRET" = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
@ -43,13 +43,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.log_martians=1 net.ipv4.conf.default.log_martia
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.icmp_echo_ignore_broadcasts=1'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.icmp_ignore_bogus_error_responses=1'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.conf.all.rp_filter=1 net.ipv4.conf.default.rp_filter=1'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -39,13 +39,13 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -22,8 +22,8 @@ SYSCTL_PARAMS='net.ipv4.tcp_syncookies=1'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -45,7 +45,7 @@ apply() {
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -26,8 +26,8 @@ audit() {
ok "ipv6 is disabled" ok "ipv6 is disabled"
else else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -48,13 +48,13 @@ apply() {
ok "ipv6 is disabled" ok "ipv6 is disabled"
else else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
sysctl -w net.ipv4.route.flush=1 >/dev/null sysctl -w net.ipv4.route.flush=1 >/dev/null
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -36,7 +36,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
} }

View file

@ -39,7 +39,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
} }

View file

@ -26,8 +26,8 @@ audit() {
ok "ipv6 is disabled" ok "ipv6 is disabled"
else else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
@ -48,13 +48,13 @@ apply() {
ok "ipv6 is disabled" ok "ipv6 is disabled"
else else
for SYSCTL_VALUES in $SYSCTL_PARAMS; do for SYSCTL_VALUES in $SYSCTL_PARAMS; do
SYSCTL_PARAM=$(echo $SYSCTL_VALUES | cut -d= -f 1) SYSCTL_PARAM=$(echo "$SYSCTL_VALUES" | cut -d= -f 1)
SYSCTL_EXP_RESULT=$(echo $SYSCTL_VALUES | cut -d= -f 2) SYSCTL_EXP_RESULT=$(echo "$SYSCTL_VALUES" | cut -d= -f 2)
debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT" debug "$SYSCTL_PARAM should be set to $SYSCTL_EXP_RESULT"
has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT" has_sysctl_param_expected_result "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing" warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT value, fixing"
set_sysctl_param $SYSCTL_PARAM $SYSCTL_EXP_RESULT set_sysctl_param "$SYSCTL_PARAM" "$SYSCTL_EXP_RESULT"
warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS" warn "you may want to reboot or sysctl -p a file including $SYSCTL_PARAMS"
elif [ "$FNRET" = 255 ]; then elif [ "$FNRET" = 255 ]; then
warn "$SYSCTL_PARAM does not exist -- Typo?" warn "$SYSCTL_PARAM does not exist -- Typo?"

View file

@ -28,8 +28,8 @@ audit() {
else else
ok "$FILE exists, checking configuration" ok "$FILE exists, checking configuration"
for AUDIT_OPTION in $OPTIONS; do for AUDIT_OPTION in $OPTIONS; do
AUDIT_PARAM=$(echo $AUDIT_OPTION | cut -d= -f 1) AUDIT_PARAM=$(echo "$AUDIT_OPTION" | cut -d= -f 1)
AUDIT_VALUE=$(echo $AUDIT_OPTION | cut -d= -f 2) AUDIT_VALUE=$(echo "$AUDIT_OPTION" | cut -d= -f 2)
PATTERN="^${AUDIT_PARAM}[[:space:]]*=[[:space:]]*$AUDIT_VALUE" PATTERN="^${AUDIT_PARAM}[[:space:]]*=[[:space:]]*$AUDIT_VALUE"
debug "$AUDIT_PARAM should be set to $AUDIT_VALUE" debug "$AUDIT_PARAM should be set to $AUDIT_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"

View file

@ -43,7 +43,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
warn "$PACKAGE is absent, installing it" warn "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
is_service_enabled "$SERVICE_NAME" is_service_enabled "$SERVICE_NAME"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -28,11 +28,11 @@ audit() {
else else
ok "$FILE exists, checking configuration" ok "$FILE exists, checking configuration"
for GRUB_OPTION in $OPTIONS; do for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
PATTERN="^$GRUB_PARAM=$GRUB_VALUE" PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
debug "$GRUB_PARAM should be set to $GRUB_VALUE" debug "$GRUB_PARAM should be set to $GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PATTERN is not present in $FILE" crit "$PATTERN is not present in $FILE"
else else
@ -47,25 +47,25 @@ apply() {
does_file_exist $FILE does_file_exist $FILE
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$FILE does not exist, creating it" warn "$FILE does not exist, creating it"
touch $FILE touch "$FILE"
else else
ok "$FILE exists" ok "$FILE exists"
fi fi
for GRUB_OPTION in $OPTIONS; do for GRUB_OPTION in $OPTIONS; do
GRUB_PARAM=$(echo $GRUB_OPTION | cut -d= -f 1) GRUB_PARAM=$(echo "$GRUB_OPTION" | cut -d= -f 1)
GRUB_VALUE=$(echo $GRUB_OPTION | cut -d= -f 2,3) GRUB_VALUE=$(echo "$GRUB_OPTION" | cut -d= -f 2,3)
debug "$GRUB_PARAM should be set to $GRUB_VALUE" debug "$GRUB_PARAM should be set to $GRUB_VALUE"
PATTERN="^$GRUB_PARAM=$GRUB_VALUE" PATTERN="^$GRUB_PARAM=$GRUB_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$GRUB_PARAM" does_pattern_exist_in_file "$FILE" "^$GRUB_PARAM"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end" info "Parameter $GRUB_PARAM seems absent from $FILE, adding at the end"
add_end_of_file $FILE "$GRUB_PARAM = $GRUB_VALUE" add_end_of_file "$FILE" "$GRUB_PARAM = $GRUB_VALUE"
else else
info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing" info "Parameter $GRUB_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE" replace_in_file "$FILE" "^$GRUB_PARAM=.*" "$GRUB_PARAM=$GRUB_VALUE"
fi fi
else else
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"

View file

@ -136,7 +136,7 @@ check_config() {
crit "$USER does not exist" crit "$USER does not exist"
exit 128 exit 128
fi fi
does_group_exist $GROUP does_group_exist "$GROUP"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$GROUP does not exist" crit "$GROUP does not exist"
exit 128 exit 128

View file

@ -37,7 +37,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
} }

View file

@ -43,7 +43,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
is_service_enabled "$SERVICE_NAME" is_service_enabled "$SERVICE_NAME"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
info "Enabling $SERVICE_NAME" info "Enabling $SERVICE_NAME"

View file

@ -26,7 +26,7 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
for FILE in $FILES_ABSENT; do for FILE in $FILES_ABSENT; do
does_file_exist $FILE does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
crit "$FILE exists" crit "$FILE exists"
else else
@ -34,7 +34,7 @@ audit() {
fi fi
done done
for FILE in $FILES_PRESENT; do for FILE in $FILES_PRESENT; do
does_file_exist $FILE does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$FILE is absent" crit "$FILE is absent"
else else
@ -57,19 +57,19 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for FILE in $FILES_ABSENT; do for FILE in $FILES_ABSENT; do
does_file_exist $FILE does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
warn "$FILE exists" warn "$FILE exists"
rm $FILE rm "$FILE"
else else
ok "$FILE is absent" ok "$FILE is absent"
fi fi
done done
for FILE in $FILES_PRESENT; do for FILE in $FILES_PRESENT; do
does_file_exist $FILE does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
warn "$FILE is absent" warn "$FILE is absent"
touch $FILE touch "$FILE"
fi fi
has_file_correct_ownership "$FILE" "$USER" "$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^$SSH_PARAM" does_pattern_exist_in_file "$FILE" "^$SSH_PARAM"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file $FILE "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file_nocase $FILE "^${SSH_PARAM}" does_pattern_exist_in_file_nocase "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload >/dev/null 2>&1 /etc/init.d/ssh reload >/dev/null 2>&1
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file_nocase $FILE "^${SSH_PARAM}" does_pattern_exist_in_file_nocase "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload >/dev/null 2>&1 /etc/init.d/ssh reload >/dev/null 2>&1
fi fi
@ -76,9 +76,9 @@ create_config() {
get_debian_major_version get_debian_major_version
set +u set +u
debug "Debian version : $DEB_MAJ_VER " debug "Debian version : $DEB_MAJ_VER "
if [[ -z $DEB_MAJ_VER ]] || [[ 7 -eq $DEB_MAJ_VER ]]; then if [[ -z "$DEB_MAJ_VER" ]] || [[ 7 -eq "$DEB_MAJ_VER" ]]; then
KEX='diffie-hellman-group-exchange-sha256' KEX='diffie-hellman-group-exchange-sha256'
elif [[ 8 -eq $DEB_MAJ_VER ]] || [[ 9 -eq $DEB_MAJ_VER ]]; then elif [[ 8 -eq "$DEB_MAJ_VER" ]] || [[ 9 -eq "$DEB_MAJ_VER" ]]; then
KEX='curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' KEX='curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256'
else else
KEX='diffie-hellman-group-exchange-sha256' KEX='diffie-hellman-group-exchange-sha256'

View file

@ -30,10 +30,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -50,23 +50,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,8 +29,8 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,9 +29,9 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<$SSH_VALUE) SSH_VALUE=$(sed "s/'//g" <<<"$SSH_VALUE")
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
@ -50,24 +50,24 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
SSH_VALUE=$(sed "s/'//g" <<<$SSH_VALUE) SSH_VALUE=$(sed "s/'//g" <<<"$SSH_VALUE")
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi
@ -89,19 +89,19 @@ EOF
# This function will check config parameters required # This function will check config parameters required
check_config() { check_config() {
if [ -z $ALLOWED_USERS ]; then if [ -z "$ALLOWED_USERS" ]; then
info "ALLOWED_USERS is not set, defaults to wildcard" info "ALLOWED_USERS is not set, defaults to wildcard"
ALLOWED_USERS="*" ALLOWED_USERS="*"
fi fi
if [ -z $ALLOWED_GROUPS ]; then if [ -z "$ALLOWED_GROUPS" ]; then
info "ALLOWED_GROUPS is not set, defaults to wildcard" info "ALLOWED_GROUPS is not set, defaults to wildcard"
ALLOWED_GROUPS="*" ALLOWED_GROUPS="*"
fi fi
if [ -z $DENIED_USERS ]; then if [ -z "$DENIED_USERS" ]; then
info "DENIED_USERS is not set, defaults to nobody" info "DENIED_USERS is not set, defaults to nobody"
DENIED_USERS="nobody" DENIED_USERS="nobody"
fi fi
if [ -z $DENIED_GROUPS ]; then if [ -z "$DENIED_GROUPS" ]; then
info "DENIED_GROUPS is not set, defaults to nobody" info "DENIED_GROUPS is not set, defaults to nobody"
DENIED_GROUPS="nobody" DENIED_GROUPS="nobody"
fi fi

View file

@ -29,7 +29,7 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
PATTERN="^${SSH_PARAM}[[:space:]]*" PATTERN="^${SSH_PARAM}[[:space:]]*"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
@ -48,20 +48,20 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present and activated" info "Parameter $SSH_PARAM is present and activated"
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload >/dev/null 2>&1 /etc/init.d/ssh reload >/dev/null 2>&1
fi fi

View file

@ -30,8 +30,8 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
@ -50,23 +50,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS_TO_APPLY; do for SSH_OPTION in $OPTIONS_TO_APPLY; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload >/dev/null 2>&1 /etc/init.d/ssh reload >/dev/null 2>&1
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload >/dev/null 2>&1 /etc/init.d/ssh reload >/dev/null 2>&1
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -29,10 +29,10 @@ audit() {
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
@ -49,23 +49,23 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2) SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE" PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$PATTERN is present in $FILE" ok "$PATTERN is present in $FILE"
else else
warn "$PATTERN is not present in $FILE, adding it" warn "$PATTERN is not present in $FILE, adding it"
does_pattern_exist_in_file $FILE "^${SSH_PARAM}" does_pattern_exist_in_file "$FILE" "^${SSH_PARAM}"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
add_end_of_file $FILE "$SSH_PARAM $SSH_VALUE" add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
else else
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing" info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
replace_in_file $FILE "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE" replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
fi fi
/etc/init.d/ssh reload /etc/init.d/ssh reload
fi fi

View file

@ -60,7 +60,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
does_pattern_exist_in_file $FILE_COMMON $PATTERN_COMMON does_pattern_exist_in_file $FILE_COMMON $PATTERN_COMMON
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -52,7 +52,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
does_pattern_exist_in_file $FILE_AUTH "$PATTERN_AUTH" does_pattern_exist_in_file $FILE_AUTH "$PATTERN_AUTH"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
does_pattern_exist_in_file $FILE "$PATTERN" does_pattern_exist_in_file $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SHADOW_OPTION in $OPTIONS; do for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1) SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SHADOW_OPTION in $OPTIONS; do for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1) SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SHADOW_OPTION in $OPTIONS; do for SHADOW_OPTION in $OPTIONS; do
SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1) SHADOW_PARAM=$(echo $SHADOW_OPTION | cut -d= -f 1)

View file

@ -22,7 +22,7 @@ EXPECTED_GID='0'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then if [ "$(grep "^root:" /etc/passwd | cut -f4 -d:)" = 0 ]; then
ok "Root group has GID $EXPECTED_GID" ok "Root group has GID $EXPECTED_GID"
else else
crit "Root group GID should be $EXPECTED_GID" crit "Root group GID should be $EXPECTED_GID"
@ -31,7 +31,7 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
if [ $(grep "^root:" /etc/passwd | cut -f4 -d:) = 0 ]; then if [ "$(grep "^root:" /etc/passwd | cut -f4 -d:)" = 0 ]; then
ok "Root group GID is $EXPECTED_GID" ok "Root group GID is $EXPECTED_GID"
else else
warn "Root group GID is not $EXPECTED_GID -- Fixing" warn "Root group GID is not $EXPECTED_GID -- Fixing"

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
does_pattern_exist_in_file $FILE $PATTERN does_pattern_exist_in_file $FILE $PATTERN
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -23,14 +23,14 @@ ERRORS=0
audit() { audit() {
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
debug "Working on $DIR" debug "Working on $DIR"
for FILE in $DIR/.[A-Za-z0-9]*; do for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ") FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
crit "Group Write permission set on FILE $FILE" crit "Group Write permission set on FILE $FILE"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then if [ "$(echo "$FILEPERM" | cut -c9)" != "-" ]; then
crit "Other Write permission set on FILE $FILE" crit "Other Write permission set on FILE $FILE"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
@ -46,14 +46,14 @@ audit() {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do for DIR in $(get_db passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
for FILE in $DIR/.[A-Za-z0-9]*; do for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld $FILE | cut -f1 -d" ") FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
if [ $(echo $FILEPERM | cut -c6) != "-" ]; then if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
warn "Group Write permission set on FILE $FILE" warn "Group Write permission set on FILE $FILE"
chmod g-w "$FILE" chmod g-w "$FILE"
fi fi
if [ $(echo $FILEPERM | cut -c9) != "-" ]; then if [ "$(echo "$FILEPERM" | cut -c9)" != "-" ]; then
warn "Other Write permission set on FILE $FILE" warn "Other Write permission set on FILE $FILE"
chmod o-w "$FILE" chmod o-w "$FILE"
fi fi

View file

@ -25,32 +25,32 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
if [ "$(echo $path | grep ::)" != "" ]; then if [ "$(echo "$path" | grep ::)" != "" ]; then
crit "Empty Directory in PATH (::)" crit "Empty Directory in PATH (::)"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ "$(echo $path | grep :$)" != "" ]; then if [ "$(echo "$path" | grep :$)" != "" ]; then
crit "Trailing : in PATH $path" crit "Trailing : in PATH $path"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
FORMATTED_PATH=$(echo $path | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g') FORMATTED_PATH=$(echo "$path" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g')
set -- $FORMATTED_PATH set -- $FORMATTED_PATH
while [ "${1:-}" != "" ]; do while [ "${1:-}" != "" ]; do
if [ "$1" = "." ]; then if [ "$1" = "." ]; then
crit "PATH contains ." crit "PATH contains ."
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
else else
if [ -d $1 ]; then if [ -d "$1" ]; then
dirperm=$(ls -ldH $1 | cut -f1 -d" ") dirperm=$(ls -ldH "$1" | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
crit "Group Write permission set on directory $1" crit "Group Write permission set on directory $1"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
crit "Other Write permission set on directory $1" crit "Other Write permission set on directory $1"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
dirown=$(ls -ldH $1 | awk '{print $3}') dirown=$(ls -ldH "$1" | awk '{print $3}')
if [ "$dirown" != "root" ]; then if [ "$dirown" != "root" ]; then
crit "$1 is not owned by root" crit "$1 is not owned by root"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))

View file

@ -25,27 +25,27 @@ audit() {
debug "Working on $dir" debug "Working on $dir"
debug "Exceptions : $EXCEPTIONS" debug "Exceptions : $EXCEPTIONS"
debug "echo \"$EXCEPTIONS\" | grep -q $dir" debug "echo \"$EXCEPTIONS\" | grep -q $dir"
if echo "$EXCEPTIONS" | grep -q $dir; then if echo "$EXCEPTIONS" | grep -q "$dir"; then
debug "$dir is confirmed as an exception" debug "$dir is confirmed as an exception"
RESULT=$(sed "s!$dir!!" <<<"$RESULT") RESULT=$(sed "s!$dir!!" <<<"$RESULT")
else else
debug "$dir not found in exceptions" debug "$dir not found in exceptions"
fi fi
if [ -d $dir ]; then if [ -d "$dir" ]; then
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ") dirperm=$(/bin/ls -ld "$dir" | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
crit "Group Write permission set on directory $dir" crit "Group Write permission set on directory $dir"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then if [ "$(echo "$dirperm" | cut -c8)" != "-" ]; then
crit "Other Read permission set on directory $dir" crit "Other Read permission set on directory $dir"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
crit "Other Write permission set on directory $dir" crit "Other Write permission set on directory $dir"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then if [ "$(echo "$dirperm" | cut -c10)" != "-" ]; then
crit "Other Execute permission set on directory $dir" crit "Other Execute permission set on directory $dir"
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
@ -64,27 +64,27 @@ apply() {
debug "Working on $dir" debug "Working on $dir"
debug "Exceptions : $EXCEPTIONS" debug "Exceptions : $EXCEPTIONS"
debug "echo \"$EXCEPTIONS\" | grep -q $dir" debug "echo \"$EXCEPTIONS\" | grep -q $dir"
if echo "$EXCEPTIONS" | grep -q $dir; then if echo "$EXCEPTIONS" | grep -q "$dir"; then
debug "$dir is confirmed as an exception" debug "$dir is confirmed as an exception"
RESULT=$(sed "s!$dir!!" <<<"$RESULT") RESULT=$(sed "s!$dir!!" <<<"$RESULT")
else else
debug "$dir not found in exceptions" debug "$dir not found in exceptions"
fi fi
if [ -d $dir ]; then if [ -d "$dir" ]; then
dirperm=$(/bin/ls -ld $dir | cut -f1 -d" ") dirperm=$(/bin/ls -ld "$dir" | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
warn "Group Write permission set on directory $dir" warn "Group Write permission set on directory $dir"
chmod g-w "$dir" chmod g-w "$dir"
fi fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then if [ "$(echo "$dirperm" | cut -c8)" != "-" ]; then
warn "Other Read permission set on directory $dir" warn "Other Read permission set on directory $dir"
chmod o-r "$dir" chmod o-r "$dir"
fi fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
warn "Other Write permission set on directory $dir" warn "Other Write permission set on directory $dir"
chmod o-w "$dir" chmod o-w "$dir"
fi fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then if [ "$(echo "$dirperm" | cut -c10)" != "-" ]; then
warn "Other Execute permission set on directory $dir" warn "Other Execute permission set on directory $dir"
chmod o-x "$dir" chmod o-x "$dir"
fi fi

View file

@ -37,7 +37,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
info "Tripwire is now installed but not fully functionnal, please see readme to go further" info "Tripwire is now installed but not fully functionnal, please see readme to go further"
fi fi
} }

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)

View file

@ -64,7 +64,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -48,7 +48,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1) SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)

View file

@ -47,7 +47,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -44,7 +44,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
does_pattern_exist_in_file_nocase $FILE "$PATTERN" does_pattern_exist_in_file_nocase $FILE "$PATTERN"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -49,7 +49,7 @@ apply() {
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
crit "$PACKAGE is absent, installing it" crit "$PACKAGE is absent, installing it"
apt_install $PACKAGE apt_install "$PACKAGE"
fi fi
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do
SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1) SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)

View file

@ -10,7 +10,7 @@
echo "Generating Site key file..." echo "Generating Site key file..."
twadmin -m G -S /etc/tripwire/site.key # Generates Site key file twadmin -m G -S /etc/tripwire/site.key # Generates Site key file
echo "Generating Local key file..." echo "Generating Local key file..."
twadmin -m G -S /etc/tripwire/$(hostname -f)-local.key # Generate local key file twadmin -m G -S /etc/tripwire/"$(hostname -f)"-local.key # Generate local key file
echo "Generating encrypted policy..." echo "Generating encrypted policy..."
twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file twadmin -m P /etc/tripwire/twpol.txt # Apply new policy with generated site key file
echo "Generating Local database with newly created key..." echo "Generating Local database with newly created key..."