diff options
author | hlein <hlein@korelogic.com> | 2017-03-06 10:41:21 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-06 10:41:21 +0300 |
commit | b595cc0fb5f0dafe3604f2d2d4915de1acd9c754 (patch) | |
tree | 285792c98f8d9d404d55a0d258c8e274868c74d7 /include/tests_networking | |
parent | b9ae378edb9ab109eeb25cc27599b76b2f6f6bfb (diff) |
Various cleanups (#363)
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
Diffstat (limited to 'include/tests_networking')
-rw-r--r-- | include/tests_networking | 86 |
1 files changed, 43 insertions, 43 deletions
diff --git a/include/tests_networking b/include/tests_networking index 8c2724f6..f8b189ca 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -46,12 +46,12 @@ IPV6_ONLY=255 IPV6_MISCONFIGURED=0 IPV6_MISCONFIGURED_MTU=0 - FIND=`sysctl -a 2> /dev/null | ${GREPBINARY} "^net.ipv6" | ${SEDBINARY} "s/ = /=/"` + FIND=$(sysctl -a 2> /dev/null | ${GREPBINARY} "^net.ipv6" | ${SEDBINARY} "s/ = /=/") if [ ! "${FIND}" = "" ]; then IPV6_CONFIGURED=1 for I in ${FIND}; do - SYSCTL_KEY=`echo ${I} | ${AWKBINARY} -F= '{ print $1 }'` - SYSCTL_VALUE=`echo ${I} | ${AWKBINARY} -F= '{ print $2 }'` + SYSCTL_KEY=$(echo ${I} | ${AWKBINARY} -F= '{ print $1 }') + SYSCTL_VALUE=$(echo ${I} | ${AWKBINARY} -F= '{ print $2 }') case ${SYSCTL_KEY} in "net.ipv6.conf.default.accept_ra") if [ "${SYSCTL_VALUE}" = "1" ]; then IPV6_ACCEPT_RA=1; else IPV6_ACCEPT_RA=0; fi @@ -89,7 +89,7 @@ LogText "Result: IPV6 mode is ${IPV6_MODE}" if [ ${IPV6_CONFIGURED} -eq 1 ]; then Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE - STATUS=`echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]'` + STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]') Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi LogText "Result: IPv6 only configuration: ${STATUS}" @@ -123,7 +123,7 @@ LogText "Test: Checking /etc/resolv.conf file" if [ -f /etc/resolv.conf ]; then LogText "Result: Found /etc/resolv.conf file" - FIND=`${GREPBINARY} '^nameserver' /etc/resolv.conf | ${TRBINARY} -d '\t' | ${SEDBINARY} 's/nameserver*//g' | uniq` + FIND=$(${GREPBINARY} '^nameserver' /etc/resolv.conf | ${TRBINARY} -d '\t' | ${SEDBINARY} 's/nameserver*//g' | uniq) if [ ! "${FIND}" = "" ]; then Display --indent 4 --text "- Testing nameservers" LogText "Test: Querying nameservers" @@ -137,7 +137,7 @@ if [ ! "${DIGBINARY}" = "" ]; then # See if we can query something at the nameserver # 0=good, other=bad - DNSRESPONSE=`${DIGBINARY} +noall +time=3 +retry=0 @${I} ${I} > /dev/null ; echo $?` + DNSRESPONSE=$(${DIGBINARY} +noall +time=3 +retry=0 @${I} ${I} > /dev/null ; echo $?) if [ "${DNSRESPONSE}" = "0" ]; then Display --indent 8 --text "Nameserver: ${I}" --result "${STATUS_OK}" --color GREEN LogText "Nameserver ${I} seems to respond to queries from this host." @@ -196,7 +196,7 @@ Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Find default gateway (route)" if [ $SKIPTEST -eq 0 ]; then LogText "Test: Searching default gateway(s)" - FIND=`${NETSTATBINARY} -rn | ${EGREPBINARY} "^0.0.0.0|default" | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2` + FIND=$(${NETSTATBINARY} -rn | ${EGREPBINARY} "^0.0.0.0|default" | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2) if [ ! "${FIND}" = "" ]; then for I in ${FIND}; do LogText "Result: Found default gateway ${I}" @@ -260,34 +260,34 @@ FIND="" case ${OS} in AIX) - FIND=`lscfg -vl ent* | ${GREPBINARY} "Network Address" | ${CUTBINARY} -d"." -f14 | ${AWKBINARY} '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'` + FIND=$(lscfg -vl ent* | ${GREPBINARY} "Network Address" | ${CUTBINARY} -d"." -f14 | ${AWKBINARY} '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }') ;; DragonFly|FreeBSD) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | ${SORTBINARY} -u) ;; Linux) if [ ! "${IFCONFIGBINARY}" = "" ]; then - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${GREPBINARY} "HWaddr" | ${AWKBINARY} '{ if ($4=="HWaddr") print $5 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${GREPBINARY} "HWaddr" | ${AWKBINARY} '{ if ($4=="HWaddr") print $5 }' | ${SORTBINARY} -u) else if [ ! "${IPBINARY}" = "" ]; then LogText "Test: Using ip binary to gather hardware addresses" - FIND=`${IPBINARY} link 2> /dev/null | ${GREPBINARY} "link/ether" | ${AWKBINARY} '{ print $2 }'` + FIND=$(${IPBINARY} link 2> /dev/null | ${GREPBINARY} "link/ether" | ${AWKBINARY} '{ print $2 }') else ReportException "${TEST_NO}:2" "Missing ifconfig or ip command to collect hardware address (MAC)" fi fi ;; macOS) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u) ;; NetBSD) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="address:") print $2 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="address:") print $2 }' | ${SORTBINARY} -u) ;; OpenBSD) - FIND=`${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="lladdr") print $2 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="lladdr") print $2 }' | ${SORTBINARY} -u) ;; Solaris) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | ${SORTBINARY} -u` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | ${SORTBINARY} -u) ;; *) # Having a system currently unsupported? Share your details to determine MAC information @@ -311,39 +311,39 @@ FIND=""; FIND2="" case ${OS} in AIX) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` - FIND2=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }') + FIND2=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }') ;; DragonFly|FreeBSD|NetBSD) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` - FIND2=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }') + FIND2=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }') ;; Linux) if [ ! "${IFCONFIGBINARY}" = "" ]; then - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }' | ${CUTBINARY} -d ':' -f2` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }' | ${CUTBINARY} -d ':' -f2) # Version which works for multiple types of ifconfig (e.g. Slackware) - FIND2=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6" && $2=="addr:") { print $3 } else { if ($1=="inet6" && $3=="prefixlen") { print $2 } } }'` + FIND2=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6" && $2=="addr:") { print $3 } else { if ($1=="inet6" && $3=="prefixlen") { print $2 } } }') else if [ ! "${IPBINARY}" = "" ]; then LogText "Test: Using ip binary to gather IP addresses" - FIND=`${IPBINARY} addr 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") { print $2 }}' | ${SEDBINARY} 's/\/.*//'` - FIND2=`${IPBINARY} addr 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") { print $2 }}' | ${SEDBINARY} 's/\/.*//'` + FIND=$(${IPBINARY} addr 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") { print $2 }}' | ${SEDBINARY} 's/\/.*//') + FIND2=$(${IPBINARY} addr 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") { print $2 }}' | ${SEDBINARY} 's/\/.*//') else ReportException "${TEST_NO}:2" "Missing ifconfig or ip command to collect hardware address (MAC)" fi fi ;; macOS) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` - FIND2=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }') + FIND2=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }') ;; OpenBSD) - FIND=`${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` - FIND2=`${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` + FIND=$(${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }') + FIND2=$(${IFCONFIGBINARY} -A 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }') ;; Solaris) - FIND=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` - FIND2=`${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` + FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet") print $2 }') + FIND2=$(${IFCONFIGBINARY} -a 2> /dev/null | ${AWKBINARY} '{ if ($1=="inet6") print $2 }') ;; *) LogText "Result: no support yet for this OS (${OS}) to find IP address information. You can help improving this test by submitting your details." @@ -377,7 +377,7 @@ case ${OS} in DragonFly|FreeBSD) if [ ! "${SOCKSTATBINARY}" = "" ]; then - FIND=`${SOCKSTATBINARY} | ${AWKBINARY} '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u` + FIND=$(${SOCKSTATBINARY} | ${AWKBINARY} '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u) # To strip off IP's: ${SEDBINARY} 's/|.*:/|/' else FIND="" @@ -387,15 +387,15 @@ Linux) if [ ! "${NETSTATBINARY}" = "" ]; then # UDP - FIND=`${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:'` + FIND=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:') # TCP - FIND2=`${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:'` + FIND2=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:') else if [ ! "${SSBINARY}" = "" ]; then # UDP - FIND=`${SSBINARY} -u -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local` + FIND=$(${SSBINARY} -u -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) # TCP - FIND2=`${SSBINARY} -t -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local` + FIND2=$(${SSBINARY} -t -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) else ReportException "${TEST_NO}:1" "netstat and ss binary missing to gather listening ports" fi @@ -405,7 +405,7 @@ macOS) if [ ! "${LSOFBINARY}" = "" ]; then # UDP and TCP combined - FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"` + FIND=$(${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME") else FIND="" fi @@ -416,7 +416,7 @@ NetBSD) if [ ! "${SOCKSTATBINARY}" = "" ]; then - FIND=`${SOCKSTATBINARY} 2> /dev/null | ${AWKBINARY} '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u` + FIND=$(${SOCKSTATBINARY} 2> /dev/null | ${AWKBINARY} '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u) else FIND="" fi @@ -425,9 +425,9 @@ OpenBSD) if [ ! "${NETSTATBINARY}" = "" ]; then # UDP - FIND=`${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"||" }'` + FIND=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"||" }') # TCP - FIND2=`${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"||" }}'` + FIND2=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"||" }}') else ReportException "${TEST_NO}:3" "netstat missing to gather listening ports" fi @@ -472,14 +472,14 @@ Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (BSD)" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking promiscuous interfaces (FreeBSD)" - FIND=`${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} PROMISC | ${CUTBINARY} -d ':' -f1` + FIND=$(${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} PROMISC | ${CUTBINARY} -d ':' -f1) if [ ! "${FIND}" = "" ]; then LogText "Result: Promiscuous interfaces: ${FIND}" for I in ${FIND}; do WHITELISTED=0 for PROFILE in ${PROFILES}; do Debug "Checking if interface ${I} is whitelisted in profile ${PROFILE}" - ISWHITELISTED=`${GREPBINARY} "^if_promisc:${I}:" ${PROFILE}` + ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${I}:" ${PROFILE}) if [ ! "${ISWHITELISTED}" = "" ]; then WHITELISTED=1 LogText "Result: this interface was whitelisted in profile (${PROFILE})" @@ -514,13 +514,13 @@ Register --test-no NETW-3015 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (Linux)" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking promiscuous interfaces (Linux)" - NETWORK=`${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} Link | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f1` + NETWORK=$(${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} Link | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f1) if [ ! "${NETWORK}" = "" ]; then for I in ${NETWORK}; do - FIND=`${IFCONFIGBINARY} ${I} 2> /dev/null | ${GREPBINARY} PROMISC` + FIND=$(${IFCONFIGBINARY} ${I} 2> /dev/null | ${GREPBINARY} PROMISC) if [ ! "${FIND}" = "" ]; then LogText "Result: Promiscuous interface: ${I}" - ISWHITELISTED=`${GREPBINARY} "^if_promisc:${I}:" ${PROFILE}` + ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${I}:" ${PROFILE}) if [ "${ISWHITELISTED}" = "" ]; then FOUNDPROMISC=1 ReportWarning ${TEST_NO} "Found promiscuous interface (${I})" |