diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2019-09-19 15:05:15 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-09-19 15:05:15 +0300 |
| commit | 36627a4eb7fb0d505c6df7897083d161e59cdf34 (patch) | |
| tree | 5efa5a2f34c6683635259a97ebbbfd3ec1739629 | |
| parent | 950be03ddbc150d3b61b5ea620833a1991f32b3c (diff) | |
Style improvements
| -rw-r--r-- | include/binaries | 1 | ||||
| -rw-r--r-- | include/functions | 18 | ||||
| -rw-r--r-- | include/helper_audit_dockerfile | 32 | ||||
| -rw-r--r-- | include/parameters | 2 | ||||
| -rw-r--r-- | include/profiles | 42 | ||||
| -rw-r--r-- | include/tests_authentication | 2 | ||||
| -rw-r--r-- | include/tests_boot_services | 17 | ||||
| -rw-r--r-- | include/tests_firewalls | 2 | ||||
| -rw-r--r-- | include/tests_mail_messaging | 4 | ||||
| -rw-r--r-- | include/tests_printers_spools | 2 | ||||
| -rw-r--r-- | include/tests_webservers | 4 |
11 files changed, 59 insertions, 67 deletions
diff --git a/include/binaries b/include/binaries index d8a28cfa..7af676f8 100644 --- a/include/binaries +++ b/include/binaries @@ -124,7 +124,6 @@ arch-audit) ARCH_AUDIT_BINARY="${BINARY}"; LogText " Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;; auditd) AUDITDBINARY=${BINARY}; LogText " Found known binary: auditd (audit framework) - ${BINARY}" ;; awk) AWKBINARY=${BINARY}; LogText " Found known binary: awk (string tool) - ${BINARY}" ;; - dig) DIGBINARY=${BINARY}; LogText " Found known binary: dig (nameservice tool) - ${BINARY}" ;; as) ASBINARY="${BINARY}"; COMPILER_INSTALLED=1; LogText " Found known binary: as (compiler) - ${BINARY}" ;; auditctl) AUDITCTLBINARY="${BINARY}"; LogText " Found known binary: auditctl (control utility for audit daemon) - ${BINARY}" ;; autolog) AUTOLOGBINARY="${BINARY}"; IDLE_SESSION_KILLER_INSTALLED=1; LogText " Found known binary: autolog (idle session killer) - ${BINARY}" ;; diff --git a/include/functions b/include/functions index 7d003976..0024484f 100644 --- a/include/functions +++ b/include/functions @@ -149,7 +149,7 @@ CreateTempFile SETTINGS_FILE="${TEMP_FILE}" fi - FIND=$(egrep "^${SETTING};" ${SETTINGS_FILE}) + FIND=$(grep -E "^${SETTING};" ${SETTINGS_FILE}) if [ -z "${FIND}" ]; then echo "${SETTING};${VALUE};${DESCRIPTION};" >> ${SETTINGS_FILE} else @@ -227,7 +227,7 @@ if [ ! "${REPORTFILE}" = "/dev/null" ]; then # Check if we can find the main type (with or without brackets) LogText "Test: search string $2 in earlier discovered results" - FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2") + FIND=$(grep -E "^$1(\[\])?=" ${REPORTFILE} | grep -E "$2") if HasData "${FIND}"; then RETVAL=0 LogText "Result: found search string (result: $FIND)" @@ -310,7 +310,7 @@ ContainsString() { RETVAL=1 if [ $# -ne 2 ]; then ReportException "ContainsString" "Incorrect number of arguments for ContainsStrings function"; fi - FIND=$(echo "$2" | egrep "$1") + FIND=$(echo "$2" | grep -E "$1") if [ ! "${FIND}" = "" ]; then RETVAL=0; fi return ${RETVAL} } @@ -1024,10 +1024,10 @@ elif [ -n "${IPBINARY}" ]; then # Determine if we have the common available eth0 interface - FIND=$(${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if IsEmpty "${FIND}"; then # Determine the MAC address of first interface with the ip command - FIND=$(${IPBINARY} addr show 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + FIND=$(${IPBINARY} addr show 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if IsEmpty "${FIND}"; then ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" fi @@ -1816,7 +1816,7 @@ # FreeBSD: hw.hv_vendor (remains empty for VirtualBox) # NetBSD: machdep.dmi.system-product # OpenBSD: hw.product - FIND=$(sysctl -a 2> /dev/null | egrep "(hw.product|machdep.dmi.system-product)" | head -1 | sed 's/ = /=/' | awk -F= '{ print $2 }') + FIND=$(sysctl -a 2> /dev/null | grep -E "(hw.product|machdep.dmi.system-product)" | head -1 | sed 's/ = /=/' | awk -F= '{ print $2 }') if [ ! "${FIND}" = "" ]; then SHORT="${FIND}" fi @@ -2694,7 +2694,7 @@ # Clean up temp files for FILE in ${TEMP_FILES}; do # Temporary files should be in /tmp - TMPFILE=$(echo ${FILE} | egrep "^/tmp/lynis" | grep -v "\.\.") + TMPFILE=$(echo ${FILE} | grep -E "^/tmp/lynis" | grep -v "\.\.") if [ -n "${TMPFILE}" ]; then if [ -f "${TMPFILE}" ]; then LogText "Action: removing temporary file ${TMPFILE}" @@ -3108,7 +3108,7 @@ if [ -f ${FILE} ]; then # Check if we can find the main type (with or without brackets) LogText "Test: search string ${STRING} in file ${FILE}" - FIND=$(egrep "${STRING}" ${FILE}) + FIND=$(grep -E "${STRING}" ${FILE}) if [ -n "${FIND}" ]; then LogText "Result: found search string '${STRING}'" if [ ${MASK_LOG} -eq 0 ]; then LogText "Full string returned: ${FIND}"; fi @@ -3459,7 +3459,7 @@ # Apply the related function case ${FUNCTION} in "contains") - FIND=$(echo ${VALUE} | egrep "${SEARCH}") + FIND=$(echo ${VALUE} | grep -E "${SEARCH}") if [ "${FIND}" = "" ]; then RETVAL=1; else RETVAL=0; fi ;; #"gt" | "greater-than") COLOR=$GREEN ;; diff --git a/include/helper_audit_dockerfile b/include/helper_audit_dockerfile index b3eff024..a0efca38 100644 --- a/include/helper_audit_dockerfile +++ b/include/helper_audit_dockerfile @@ -23,7 +23,7 @@ if [ $# -eq 0 ]; then Display --text " "; Display --text " " ExitFatal else - FILE=$(echo $1 | egrep "^http|https") + FILE=$(echo $1 | grep -E "^http|https") if HasData "${FILE}"; then echo "Provide a file (not a URL)" ExitFatal @@ -93,24 +93,19 @@ fi # ################################################################################################## # + InsertSection "Basics" -InsertSection "Basics" - - #FIND=$(egrep "^MAINTAINER" ${AUDIT_FILE} | sed 's/ /:space:/g') - FIND=$(egrep -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2) - if [ -z "${FIND}" ]; then + MAINTAINER=$(grep -E -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2) + if [ -z "${MAINTAINER}" ]; then ReportWarning "dockerfile" "No maintainer found. Unclear who created this file." else - #MAINTAINER=$(echo ${FIND} | sed 's/:space:/ /g' | awk '{ if($1=="MAINTAINER") { print }}') - MAINTAINER=$(echo ${FIND}) Display --indent 2 --text "Maintainer" --result "${MAINTAINER}" fi - FIND=$(grep "^ENTRYPOINT" ${AUDIT_FILE} | cut -d' ' -f2 ) - if [ "${FIND}" = "" ]; then + ENTRYPOINT=$(grep "^ENTRYPOINT" ${AUDIT_FILE} | cut -d' ' -f2 ) + if [ -z "${ENTRYPOINT}" ]; then ReportWarning "dockerfile" "No ENTRYPOINT defined in Dockerfile." else - ENTRYPOINT=$(echo ${FIND}) Display --indent 2 --text "ENTRYPOINT" --result "${ENTRYPOINT}" fi @@ -129,17 +124,14 @@ InsertSection "Basics" USER=$(echo ${FIND}) Display --indent 2 --text "User" --result "${USER}" fi - - # ################################################################################################## # - InsertSection "Software" case $PKGMGR in "apt") - FIND=$(egrep "apt-get(.*) install" ${AUDIT_FILE}) + FIND=$(grep -E "apt-get(.*) install" ${AUDIT_FILE}) if [ ! "${FIND}" = "" ]; then LogText "Found installation via apt-get" else @@ -147,7 +139,7 @@ InsertSection "Basics" fi ;; "apk") - FIND=$(egrep "apk(.*) add" ${AUDIT_FILE}) + FIND=$(grep -E "apk(.*) add" ${AUDIT_FILE}) if [ ! "${FIND}" = "" ]; then LogText "Found installation via apk" else @@ -159,7 +151,7 @@ InsertSection "Basics" ;; esac - FIND=$(egrep " (gcc|libc6-dev|make)" ${AUDIT_FILE} | grep -v "^#") + FIND=$(grep -E " (gcc|libc6-dev|make)" ${AUDIT_FILE} | grep -v "^#") if [ ! "${FIND}" = "" ]; then ReportWarning "dockerfile" "Possible development utilities found, which is not advised for production environment" LogText "Details: ${FIND}" @@ -202,7 +194,7 @@ InsertSection "Basics" if [ ${FILE_DOWNLOAD} -eq 1 ]; then - SSL_USED_FIND=$(egrep "(https)" ${AUDIT_FILE}) + SSL_USED_FIND=$(grep -E "(https)" ${AUDIT_FILE}) if HasData "${SSL_USED_FIND}"; then SSL_USED="YES" @@ -213,9 +205,9 @@ InsertSection "Basics" ReportSuggestion "Use SSL downloads when possible to increase security (DNSSEC, HTTPS, validation of domain, avoid MitM)" fi Display --indent 2 --text "Integrity testing performed" --result "${SSL_USED}" --color ${COLOR} - HASHING_USED=$(egrep "(sha1sum|sha256sum|sha512sum)" ${AUDIT_FILE}) + HASHING_USED=$(grep -E "(sha1sum|sha256sum|sha512sum)" ${AUDIT_FILE}) Display --indent 2 --text "Hashing" --result "${HASHING_USED}" - KEYS_USED=$(egrep "(apt-key adv)" ${AUDIT_FILE}| sed 's/RUN apt-key adv//g'| sed 's/--keyserver/Key Server:/g' | sed 's/--recv/Key Value:/g') + KEYS_USED=$(grep -E "(apt-key adv)" ${AUDIT_FILE}| sed 's/RUN apt-key adv//g'| sed 's/--keyserver/Key Server:/g' | sed 's/--recv/Key Value:/g') Display --indent 2 --text "Signing keys used" --result "${KEYS_USED}" Display --indent 2 --text "All downloads properly checked" --result "?" else diff --git a/include/parameters b/include/parameters index 6309481d..048b992d 100644 --- a/include/parameters +++ b/include/parameters @@ -377,7 +377,7 @@ ;; # Scan one or more tests from just on group - --tests-from-group | --tests-from-groups | --test-from-group | --test-from-group) + --tests-from-group | --tests-from-groups | --test-from-group | --test-from-groups) shift TEST_GROUP_TO_CHECK=$1 ;; diff --git a/include/profiles b/include/profiles index 8121cd9a..f10d27a2 100644 --- a/include/profiles +++ b/include/profiles @@ -35,13 +35,13 @@ # Show deprecation message for old config entries such as 'config:' and 'apache:' FOUND=0 - DATA=$(egrep "^[a-z-]{1,}:" ${PROFILE} | od -An -ta | sed 's/ /!space!/g') # od -An (no file offset), -ta (named character, to be on safe side) + DATA=$(grep -E "^[a-z-]{1,}:" ${PROFILE} | od -An -ta | sed 's/ /!space!/g') # od -An (no file offset), -ta (named character, to be on safe side) if ! IsEmpty "${DATA}"; then FOUND=1; fi if [ ${FOUND} -eq 1 ]; then DisplayWarning "Your profile contains old-style configuration entries. See log file for more details and how to convert these entries" LogText "Your profile has one or more configuration items that are in an old format (lines starting with key:value). They need to be converted into the new format (key=value)." - LogText "Tip: Use egrep to see the relevant matches (egrep \"^[a-z-]{1,}:\" custom.prf)" + LogText "Tip: Use grep to see the relevant matches (grep -E \"^[a-z-]{1,}:\" custom.prf)" sleep 30 fi @@ -50,7 +50,7 @@ if ! IsEmpty "${DATA}"; then DisplayWarning "Your profile '${PROFILE}' contains unexpected characters. See the log file for more information." LogText "Found unexpected or possibly harmful characters in profile '${PROFILE}'. See which characters matched in the output below and compare them with your profile." - for I in "${DATA}"; do + for I in ${DATA}; do I=$(echo ${I} | sed 's/!space!/ /g') LogText "Output: ${I}" done @@ -59,7 +59,7 @@ fi # Now parse the profile and filter out unwanted characters - DATA=$(egrep "^config:|^[a-z-].*=" ${PROFILE} | tr -dc '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-' | sed 's/ /!space!/g') + DATA=$(grep -E "^config:|^[a-z-].*=" ${PROFILE} | tr -dc '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-' | sed 's/ /!space!/g') for CONFIGOPTION in ${DATA}; do if ContainsString "^config:" "${CONFIGOPTION}"; then # Old style configuration @@ -76,7 +76,7 @@ # Is Lynis Enterprise allowed to purge this system when it is becomes outdated? allow-auto-purge) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)$") if [ -n "${FIND}" ]; then Report "allow-auto-purge=1" else @@ -109,7 +109,7 @@ colors) # Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable SETTING_COLORS=1 # default is yes - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && COLORS=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)$") && COLORS=0 if [ -n "${FIND}" ]; then SETTING_COLORS=0; RemoveColors; fi Debug "Colors set to ${SETTING_COLORS}" AddSetting "colors" "${SETTING_COLORS}" "Colored screen output" @@ -165,27 +165,27 @@ # Do not check security repository in sources.list (Debian/Ubuntu) debian-skip-security-repository | debian_skip_security_repository) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=1 AddSetting "debian-skip-security-repository" "OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY" "Skip checking for a security repository (Debian and others)" ;; # Debug status to show more details while running program debug) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && DEBUG=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && DEBUG=1 Debug "Debug mode set to '${DEBUG}'" AddSetting "debug" "${DEBUG}" "Debugging mode" ;; # Development mode (--developer) developer-mode) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && DEVELOPER_MODE=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && DEVELOPER_MODE=1 Debug "Developer mode set to ${DEVELOPER_MODE}" AddSetting "developer" "${DEVELOPER_MODE}" "Developer mode" ;; # Show non-zero exit code when errors are found error-on-warnings) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && ERROR_ON_WARNINGS=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && ERROR_ON_WARNINGS=1 Debug "Exit with different code on warnings is set to ${ERROR_ON_WARNINGS}" AddSetting "error-on-warnings" "${ERROR_ON_WARNINGS}" "Use non-zero exit code if one or more warnings were found" ;; @@ -238,7 +238,7 @@ # Do (not) log tests if they have an different operating system log-tests-incorrect-os | log_tests_incorrect_os) - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)") && SETTING_LOG_TESTS_INCORRECT_OS=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)") && SETTING_LOG_TESTS_INCORRECT_OS=0 Debug "Logging of tests with incorrect operating system set to ${SETTING_LOG_TESTS_INCORRECT_OS}" LOG_INCORRECT_OS=${SETTING_LOG_TESTS_INCORRECT_OS} ;; @@ -290,7 +290,7 @@ quick) # Quick mode might already be set outside profile, so store in different variable SETTING_QUICK_MODE=1 # default is yes - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && QUICKMODE=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)$") && QUICKMODE=0 if [ -n "${FIND}" ]; then SETTING_QUICK_MODE=1; fi Debug "Quickmode set to ${SETTING_QUICK_MODE}" AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)" @@ -299,7 +299,7 @@ # Refresh software repositories refresh-repositories) SETTING_REFRESH_REPOSITORIES=1 # default is yes - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && REFRESH_REPOSITORIES=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)$") && REFRESH_REPOSITORIES=0 if [ -n "${FIND}" ]; then SETTING_REFRESH_REPOSITORIES=0; fi Debug "Refreshing repositories set to ${SETTING_REFRESH_REPOSITORIES}" AddSetting "refresh-repositories" "${SETTING_REFRESH_REPOSITORIES}" "Refresh repositories (for vulnerable package detection)" @@ -308,7 +308,7 @@ # Show more details in report show-report-solution) SETTING_SHOW_REPORT_SOLUTION=${SHOW_REPORT_SOLUTION} - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && SHOW_REPORT_SOLUTION=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)$") && SHOW_REPORT_SOLUTION=0 if [ -n "${FIND}" ]; then SETTING_SHOW_REPORT_SOLUTION=0; fi Debug "Show report details (solution) set to ${SETTING_SHOW_REPORT_SOLUTION}" ;; @@ -316,7 +316,7 @@ # Inline tips about tool (default enabled) show_tool_tips | show-tool-tips) SETTING_SHOW_TOOL_TIPS=1 # default is yes - FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && SHOW_TOOL_TIPS=0 + FIND=$(echo "${VALUE}" | grep -E "^(0|false|no)$") && SHOW_TOOL_TIPS=0 if [ -n "${FIND}" ]; then SETTING_SHOW_TOOL_TIPS=0; fi Debug "Show tool tips set to ${SETTING_SHOW_TOOL_TIPS}" AddSetting "show-tool-tips" "${SETTING_SHOW_TOOL_TIPS}" "Show tool tips" @@ -326,7 +326,7 @@ show-warnings-only) QUIET=1 QUICKMODE=1 - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && SHOW_WARNINGS_ONLY=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)$") && SHOW_WARNINGS_ONLY=1 Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}" AddSetting "show-warnings-only" "${SHOW_WARNINGS_ONLY}" "Show only warnings" ;; @@ -335,7 +335,7 @@ skip-plugins) # Skip plugins (SKIP_PLUGINS) might already be set, so store in different variable SETTING_SKIP_PLUGINS=0 # default is no - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && SKIP_PLUGINS=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)$") && SKIP_PLUGINS=1 if [ -n "${FIND}" ]; then SETTING_SKIP_PLUGINS=1; fi Debug "Skip plugins is set to ${SETTING_SKIP_PLUGINS}" AddSetting "skip-plugins" "${SETTING_SKIP_PLUGINS}" "Skip plugins" @@ -349,7 +349,7 @@ # Do not check the latest version on the internet skip_upgrade_test | skip-upgrade-test) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && SKIP_UPGRADE_TEST=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && SKIP_UPGRADE_TEST=1 Debug "Skip upgrade test set to ${SKIP_UPGRADE_TEST}" ;; @@ -369,7 +369,7 @@ # Set strict mode for development and quality purposes strict) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && SET_STRICT=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && SET_STRICT=1 ;; # The name of the customer/client that uses this system @@ -398,7 +398,7 @@ # Perform upload upload) SETTING_UPLOAD=no # default - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && UPLOAD_DATA=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)$") && UPLOAD_DATA=1 if [ -n "${FIND}" ]; then SETTING_UPLOAD=1; fi Debug "Upload set to ${SETTING_UPLOAD}" AddSetting "upload" "${SETTING_UPLOAD}" "Data upload after scanning" @@ -452,7 +452,7 @@ # Verbose output (--verbose) verbose) - FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && VERBOSE=1 + FIND=$(echo "${VALUE}" | grep -E "^(1|true|yes)") && VERBOSE=1 Debug "Verbose set to ${VERBOSE}" AddSetting "verbose" "${VERBOSE}" "Verbose output" ;; diff --git a/include/tests_authentication b/include/tests_authentication index 05f107ae..7f04a41f 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -863,7 +863,7 @@ NOW=$(date "+%s") fi - DAYS_SINCE_EPOCH=$((${NOW}/86400)) + DAYS_SINCE_EPOCH=$((NOW / 86400)) LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}" LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)" # Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed) diff --git a/include/tests_boot_services b/include/tests_boot_services index 2fee353f..fe6e316e 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -749,14 +749,14 @@ Linux) # Idle time, not real uptime if [ -f /proc/uptime ]; then - UPTIME_IN_SECS=$(cat /proc/uptime | ${CUTBINARY} -d ' ' -f1 | ${CUTBINARY} -d '.' -f1) + UPTIME_IN_SECS=$(${CUTBINARY} -d ' ' -f1 /proc/uptime | ${CUTBINARY} -d '.' -f1) else Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW ReportException "${TEST_NO}:1" "No uptime test available for this operating system (/proc/uptime missing)" fi - ;; + ;; - DragonFly | FreeBSD | macOS) + DragonFly | FreeBSD | macOS) if [ -n "${SYSCTLBINARY}" ]; then TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]") TIME_NOW=$(date "+%s") @@ -771,9 +771,9 @@ Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW ReportException "${TEST_NO}:4" "No uptime test available for this operating system (sysctl missing)" fi - ;; + ;; - NetBSD | OpenBSD) + NetBSD | OpenBSD) if [ -n "${SYSCTLBINARY}" ]; then TIME_BOOT=$(${SYSCTLBINARY} -n kern.boottime) TIME_NOW=$(date "+%s") @@ -788,7 +788,7 @@ Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW ReportException "${TEST_NO}:4" "No uptime test available for this operating system (sysctl missing)" fi - ;; + ;; Solaris) if [ -n "${KSTATBINARY}" ]; then @@ -797,15 +797,16 @@ Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW ReportException "${TEST_NO}:2" "No uptime test available for this operating system (kstat missing)" fi - ;; + ;; *) Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW # Want to help improving Lynis? Share your operating system and a way to determine the uptime (in seconds) ReportException "${TEST_NO}:3" "No uptime test available yet for this operating system" - ;; + ;; esac + if [ -n "${UPTIME_IN_SECS}" ]; then UPTIME_IN_DAYS=$((UPTIME_IN_SECS / 60 / 60 / 24)) LogText "Uptime (in seconds): ${UPTIME_IN_SECS}" diff --git a/include/tests_firewalls b/include/tests_firewalls index cb08696e..dabb7a97 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -115,7 +115,7 @@ FIND="$FIND""\n"$(${IPTABLESBINARY} -t ${TABLE} --numeric --list | ${EGREPBINARY} -z -o -w '[A-Z]+' | tr -d '\0' | ${AWKBINARY} -v t=${TABLE} 'NR%2 {printf "%s %s ",t, $0 ; next;}1') done - echo "${FIND}" | while read line; do + echo "${FIND}" | while read -r line; do table=$(echo ${line} | ${AWKBINARY} '{ print $1 }') chainname=$(echo ${line} | ${AWKBINARY} '{ print $2 }') policy=$(echo ${line} | ${AWKBINARY} '{ print $3 }') diff --git a/include/tests_mail_messaging b/include/tests_mail_messaging index a8d33398..a5d116fc 100644 --- a/include/tests_mail_messaging +++ b/include/tests_mail_messaging @@ -203,7 +203,7 @@ esac LogText "Test: Exim Try Verify Hosts" - if [ ! -z "${EXIM_TRY_VERIFY_HOSTS}" ]; then + if [ -n "${EXIM_TRY_VERIFY_HOSTS}" ]; then LogText "Result: Try Verify Hosts enabled" case "${EXIM_TYPE}" in "INTERNET HOST" ) @@ -219,7 +219,7 @@ fi LogText "Test: Exim Verify Hosts" - if [ ! -z "${EXIM_VERIFY_HOSTS}" ]; then + if [ -n "${EXIM_VERIFY_HOSTS}" ]; then LogText "Result: Verify Hosts enabled" case "${EXIM_TYPE}" in "INTERNET HOST" ) diff --git a/include/tests_printers_spools b/include/tests_printers_spools index a727f9a3..e2026bc5 100644 --- a/include/tests_printers_spools +++ b/include/tests_printers_spools @@ -276,7 +276,7 @@ ################################################################################# # -if [ -n ${PRINTING_DAEMON} ]; then Report "printing_daemon=${PRINTING_DAEMON}"; fi +if [ -n "${PRINTING_DAEMON}" ]; then Report "printing_daemon=${PRINTING_DAEMON}"; fi WaitForKeyPress diff --git a/include/tests_webservers b/include/tests_webservers index 1e893f26..01bb3f93 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -157,7 +157,7 @@ done # Search Server aliases for J in $(${GREPBINARY} "ServerAlias" ${I} | ${GREPBINARY} -v "^#" | ${SEDBINARY} "s/\s*ServerAlias //g" | ${SEDBINARY} "s/#.*//g"); do - if [ -n ${J} ]; then + if [ -n "${J}" ]; then tVHOSTS="${tVHOSTS} ${J}" cVHOSTS=$((cVHOSTS + 1)) fi @@ -170,7 +170,7 @@ # Log all virtual hosts we found for J in ${tVHOSTS}; do - if [ -n ${J} ]; then + if [ -n "${J}" ]; then LogText "Virtual host: ${J}" #Report "apache_vhost_name[]=${J}" fi |