diff options
author | hlein <hlein@korelogic.com> | 2017-03-07 22:23:08 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-07 22:23:08 +0300 |
commit | e054e9757c3fdc0ac794e18fa7ed9e04c11b1de1 (patch) | |
tree | e14365959cb0e18b3bfc70404dc51b827123237c /include/tests_mac_frameworks | |
parent | 7e915df1ee898dae2f7ba86aa0dd09cabdd63261 (diff) |
Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
Diffstat (limited to 'include/tests_mac_frameworks')
-rw-r--r-- | include/tests_mac_frameworks | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index b1b9b861..7d4cc2ad 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -132,28 +132,28 @@ # Status: Enabled/Disabled FIND=$(${SESTATUSBINARY} | ${GREPBINARY} "^SELinux status" | ${AWKBINARY} '{ print $3 }') if [ "${FIND}" = "enabled" ]; then - MAC_FRAMEWORK_ACTIVE=1 - LogText "Result: SELinux framework is enabled" - Report "selinux_status=1" - SELINUXFOUND=1 - Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_ENABLED}" --color GREEN - FIND=$(${SESTATUSBINARY} | ${GREPBINARY} "^Current mode" | ${AWKBINARY} '{ print $3 }') - Report "selinux_mode=${FIND}" - FIND2=$(${SESTATUSBINARY} | ${GREPBINARY} "^Mode from config file" | ${AWKBINARY} '{ print $5 }') - LogText "Result: current SELinux mode is ${FIND}" - LogText "Result: mode configured in config file is ${FIND2}" - if [ "${FIND}" = "${FIND2}" ]; then - LogText "Result: Current SELinux mode is the same as in config file." - Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_OK}" --color GREEN - else - LogText "Result: Current SELinux mode (${FIND}) is NOT the same as in config file (${FIND2})." - ReportWarning ${TEST_NO} "Current SELinux mode is different from config file (current: ${FIND}, config file: ${FIND2})" - Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_WARNING}" --color RED - fi - Display --indent 8 --text "Current SELinux mode: ${FIND}" + MAC_FRAMEWORK_ACTIVE=1 + LogText "Result: SELinux framework is enabled" + Report "selinux_status=1" + SELINUXFOUND=1 + Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_ENABLED}" --color GREEN + FIND=$(${SESTATUSBINARY} | ${GREPBINARY} "^Current mode" | ${AWKBINARY} '{ print $3 }') + Report "selinux_mode=${FIND}" + FIND2=$(${SESTATUSBINARY} | ${GREPBINARY} "^Mode from config file" | ${AWKBINARY} '{ print $5 }') + LogText "Result: current SELinux mode is ${FIND}" + LogText "Result: mode configured in config file is ${FIND2}" + if [ "${FIND}" = "${FIND2}" ]; then + LogText "Result: Current SELinux mode is the same as in config file." + Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_OK}" --color GREEN + else + LogText "Result: Current SELinux mode (${FIND}) is NOT the same as in config file (${FIND2})." + ReportWarning ${TEST_NO} "Current SELinux mode is different from config file (current: ${FIND}, config file: ${FIND2})" + Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_WARNING}" --color RED + fi + Display --indent 8 --text "Current SELinux mode: ${FIND}" else - LogText "Result: SELinux framework is disabled" - Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_DISABLED}" --color YELLOW + LogText "Result: SELinux framework is disabled" + Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_DISABLED}" --color YELLOW fi fi # @@ -181,10 +181,10 @@ Display --indent 2 --text "- Checking presence grsecurity" --result "${STATUS_NOT_FOUND}" --color WHITE fi if [ ! -z "${GRADMBINARY}" ]; then - FIND=$(${GRADMBINARY} --status) - if [ "${FIND}" = "The RBAC system is currently enabled." ]; then - MAC_FRAMEWORK_ACTIVE=1 - fi + FIND=$(${GRADMBINARY} --status) + if [ "${FIND}" = "The RBAC system is currently enabled." ]; then + MAC_FRAMEWORK_ACTIVE=1 + fi fi fi # |