diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2019-12-18 14:17:46 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-12-18 14:17:46 +0300 |
| commit | 09f29a5e64d4eb0fbbec2a0a503fa173a973b898 (patch) | |
| tree | 18631dc8b10382e2eddb633d7fbcd03f3c87dbd1 /include/tests_authentication | |
| parent | 94ba30e765d02ce638e01d731882f8b7086506e2 (diff) | |
Code style improvement: quote argument
Diffstat (limited to 'include/tests_authentication')
| -rw-r--r-- | include/tests_authentication | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/include/tests_authentication b/include/tests_authentication index b29ff65d..786bec64 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -56,7 +56,7 @@ if [ "${USER}" = "toor" ]; then LogText "BSD note: default there is a user 'toor' installed. This account is considered useless unless it" LogText "is assigned a password and used for daily operations or emergencies. ie: bad shell for root user." - ReportSuggestion ${TEST_NO} "Use vipw to delete the 'toor' user if not used." + ReportSuggestion "${TEST_NO}" "Use vipw to delete the 'toor' user if not used." fi done else @@ -87,7 +87,7 @@ Display --indent 2 --text "- Unique UIDs" --result "${STATUS_WARNING}" --color RED LogText "Result: found multiple accounts with same UID" LogText "Output (non-unique UIDs): ${FIND}" - ReportWarning ${TEST_NO} "Multiple accounts found with same UID" + ReportWarning "${TEST_NO}" "Multiple accounts found with same UID" fi else Display --indent 2 --text "- Unique UIDs" --result "${STATUS_SKIPPED}" --color WHITE @@ -115,7 +115,7 @@ Display --indent 4 --text "- Checking consistency of /etc/group file" --result "${STATUS_WARNING}" --color RED LogText "Result: chkgrp found some errors. Run the tool manually to see details." LogText "chkgrp output: ${FIND}" - ReportWarning ${TEST_NO} "chkgrp reported inconsistencies in /etc/group file" + ReportWarning "${TEST_NO}" "chkgrp reported inconsistencies in /etc/group file" fi fi # @@ -147,7 +147,7 @@ LogText "Result: grpck binary didn't find any errors in the group files" else Display --indent 2 --text "- Consistency of group files (grpck)" --result "${STATUS_WARNING}" --color RED - ReportWarning ${TEST_NO} "grpck binary found errors in one or more group files" + ReportWarning "${TEST_NO}" "grpck binary found errors in one or more group files" fi unset FIND fi @@ -181,12 +181,12 @@ FOUND=1 else LogText "Result: shell ${SHELL} does not exist" - ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${SHELL} does not exist" + ReportSuggestion "${TEST_NO}" "Determine if account is needed, as shell ${SHELL} does not exist" fi fi done if [ ${FOUND} -eq 1 ]; then - ReportWarning ${TEST_NO} "Possible harmful shell found (for passwordless account!)" + ReportWarning "${TEST_NO}" "Possible harmful shell found (for passwordless account!)" fi fi else @@ -225,12 +225,12 @@ FOUND=1 else LogText "Result: shell ${SHELL} does not exist" - ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${SHELL} does not exist" + ReportSuggestion "${TEST_NO}" "Determine if account is needed, as shell ${SHELL} does not exist" fi fi done if [ ${FOUND} -eq 1 ]; then - ReportWarning ${TEST_NO} "Possible harmful shell found (for passwordless account!)" + ReportWarning "${TEST_NO}" "Possible harmful shell found (for passwordless account!)" fi fi else @@ -259,7 +259,7 @@ Report "auth_groups_nonunique[]=${I}" LogText "Non-unique group: ${I}" done - ReportSuggestion ${TEST_NO} "Check your /etc/group file and correct any inconsistencies" + ReportSuggestion "${TEST_NO}" "Check your /etc/group file and correct any inconsistencies" fi fi # @@ -283,7 +283,7 @@ Report "auth_groups_nonunique[]=${I}" LogText "Non-unique group: ${I}" done - ReportSuggestion ${TEST_NO} "Check your ${ROOTDIR}etc/group file and correct any inconsistencies" + ReportSuggestion "${TEST_NO}" "Check your ${ROOTDIR}etc/group file and correct any inconsistencies" fi fi # @@ -319,7 +319,7 @@ else Display --indent 2 --text "- Password file consistency" --result "${STATUS_SUGGESTION}" --color YELLOW LogText "Result: pwck found one or more errors/warnings in the password file." - ReportSuggestion ${TEST_NO} "Run pwck manually and correct any errors in the password file" + ReportSuggestion "${TEST_NO}" "Run pwck manually and correct any errors in the password file" AddHP 0 2 fi fi @@ -563,7 +563,7 @@ Display --indent 2 --text "- Passwordless accounts on Solaris" --result "${STATUS_OK}" --color GREEN else for I in ${FIND}; do - ReportWarning ${TEST_NO} "Found passwordless account (${I})" + ReportWarning "${TEST_NO}" "Found passwordless account (${I})" done Display --indent 2 --text "- Passwordless accounts on Solaris" --result "${STATUS_WARNING}" --color RED fi @@ -630,7 +630,7 @@ if [ ${FOUND} -eq 0 ]; then Display --indent 2 --text "- PAM password strength tools" --result "${STATUS_SUGGESTION}" --color YELLOW LogText "Result: no PAM modules for password strength testing found" - ReportSuggestion ${TEST_NO} "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc" + ReportSuggestion "${TEST_NO}" "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc" AddHP 0 3 else Display --indent 2 --text "- PAM password strength tools" --result "${STATUS_OK}" --color GREEN @@ -851,7 +851,7 @@ if [ -z "${FIND}" -o "${FIND}" = "0" ]; then LogText "Result: password minimum age is not configured" Display --indent 2 --text "- Checking user password aging (minimum)" --result "${STATUS_DISABLED}" --color YELLOW - ReportSuggestion ${TEST_NO} "Configure minimum password age in /etc/login.defs" + ReportSuggestion "${TEST_NO}" "Configure minimum password age in /etc/login.defs" AddHP 0 1 else LogText "Result: password needs to be at least ${FIND} days old" @@ -865,7 +865,7 @@ if [ -z "${FIND}" -o "${FIND}" = "99999" ]; then LogText "Result: password aging limits are not configured" Display --indent 2 --text "- User password aging (maximum)" --result "${STATUS_DISABLED}" --color YELLOW - ReportSuggestion ${TEST_NO} "Configure maximum password age in /etc/login.defs" + ReportSuggestion "${TEST_NO}" "Configure maximum password age in /etc/login.defs" AddHP 0 1 else LogText "Result: max password age is ${FIND} days" @@ -933,7 +933,7 @@ else LogText "Result: option present, no password needed at single user mode login" Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result "${STATUS_WARNING}" --color RED - ReportWarning ${TEST_NO} "No password needed for single user mode login" + ReportWarning "${TEST_NO}" "No password needed for single user mode login" AddHP 0 1 fi else @@ -963,7 +963,7 @@ else LogText "Result: option present, no password needed at single user mode login" Display --indent 2 --text "- Checking HP-UX boot authentication" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Set password for system boot" + ReportSuggestion "${TEST_NO}" "Set password for system boot" AddHP 0 1 fi else @@ -1042,8 +1042,8 @@ if [ ${FOUND} -eq 0 ]; then LogText "Result: option not set, no password needed at single user mode boot" Display --indent 2 --text "- Checking Linux single user mode authentication" --result "${STATUS_WARNING}" --color RED - ReportWarning ${TEST_NO} "No password set for single mode" - ReportSuggestion ${TEST_NO} "Set password for single user mode to minimize physical access attack surface" + ReportWarning "${TEST_NO}" "No password set for single mode" + ReportSuggestion "${TEST_NO}" "Set password for single user mode to minimize physical access attack surface" AddHP 0 2 else LogText "Result: option set, password is needed at single user mode boot" @@ -1136,11 +1136,11 @@ AddHP 2 2 elif [ ${GOOD_UMASK} -eq 1 -a ${WEAK_UMASK} -eq 1 ]; then Display --indent 4 --text "- umask (/etc/profile and /etc/profile.d)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Some umasks found could be more strict (e.g. 027)" + ReportSuggestion "${TEST_NO}" "Some umasks found could be more strict (e.g. 027)" AddHP 1 2 else Display --indent 4 --text "- umask (/etc/profile and /etc/profile.d)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027)" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027)" AddHP 0 2 fi else @@ -1174,7 +1174,7 @@ if [ "${FIND}" = "" ]; then LogText "Result: umask value is not configured (most likely it will have the default 022 value)" Display --indent 4 --text "- umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027" AddHP 1 2 elif [ "${FIND}" = "077" -o "${FIND}" = "027" -o "${FIND}" = "0077" -o "${FIND}" = "0027" ]; then LogText "Result: umask is ${FIND}, which is fine" @@ -1183,7 +1183,7 @@ else LogText "Result: found umask ${FIND}, which could be improved" Display --indent 4 --text "- umask (/etc/login.defs)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/login.defs could be more strict like 027" AddHP 0 2 fi else @@ -1221,7 +1221,7 @@ if [ "${FIND}" = "" ]; then LogText "Result: UMASK value is not configured (most likely it will have the default 022 value)" Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could not be found and defaults usually to 022, which could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/init.d/rc could not be found and defaults usually to 022, which could be more strict like 027" AddHP 1 2 elif [ "${FIND}" = "077" -o "${FIND}" = "027" -o "${FIND}" = "0077" -o "${FIND}" = "0027" ]; then LogText "Result: umask is ${FIND}, which is fine" @@ -1230,7 +1230,7 @@ else LogText "Result: found umask ${FIND}, which could be improved" Display --indent 4 --text "- umask (/etc/init.d/rc)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/init.d/rc could be more strict like 027" AddHP 0 2 fi else @@ -1265,7 +1265,7 @@ Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_OK}" --color GREEN else Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_WEAK}" --color YELLOW - ReportSuggestion ${TEST_NO} "Umask in /etc/login.conf could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Umask in /etc/login.conf could be more strict like 027" fi else LogText "Result: no umask setting found in /etc/login.conf, which is unexpected" @@ -1284,7 +1284,7 @@ if [ "${FIND2}" = "" ]; then LogText "Result: UMASK value is not configured (most likely it will have the default 022 value)" Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could not be found and defaults usually to 022, which could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/init.d/rcS could not be found and defaults usually to 022, which could be more strict like 027" AddHP 1 2 elif [ "${FIND2}" = "077" -o "${FIND2}" = "027" ]; then LogText "Result: umask is ${FIND2}, which is fine" @@ -1293,7 +1293,7 @@ else LogText "Result: found umask ${FIND2}, which could be improved" Display --indent 4 --text "- umask (/etc/init.d/rcS)" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could be more strict like 027" + ReportSuggestion "${TEST_NO}" "Default umask in /etc/init.d/rcS could be more strict like 027" AddHP 0 2 fi else @@ -1458,7 +1458,7 @@ AddHP 3 3 else AddHP 0 1 - #ReportSuggestion ${TEST_NO} "Configure failed login attempts to be logged using pam_tally2 or /etc/login.defs" + #ReportSuggestion "${TEST_NO}" "Configure failed login attempts to be logged using pam_tally2 or /etc/login.defs" fi fi # |