diff options
| author | hlein <hlein@korelogic.com> | 2017-03-06 10:41:21 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-06 10:41:21 +0300 |
| commit | b595cc0fb5f0dafe3604f2d2d4915de1acd9c754 (patch) | |
| tree | 285792c98f8d9d404d55a0d258c8e274868c74d7 /include/tests_shells | |
| parent | b9ae378edb9ab109eeb25cc27599b76b2f6f6bfb (diff) | |
Various cleanups (#363)
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
Diffstat (limited to 'include/tests_shells')
| -rw-r--r-- | include/tests_shells | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/include/tests_shells b/include/tests_shells index c651c7ae..e6f13eee 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -51,7 +51,7 @@ Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --category security --description "Check console TTYs" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking console TTYs" - FIND=`${EGREPBINARY} '^console' /etc/ttys | ${GREPBINARY} -v 'insecure'` + FIND=$(${EGREPBINARY} '^console' /etc/ttys | ${GREPBINARY} -v 'insecure') if [ "${FIND}" = "" ]; then Display --indent 2 --text "- Checking console TTYs" --result "${STATUS_OK}" --color GREEN LogText "Result: console is secured against single user mode without password." @@ -75,7 +75,7 @@ if [ -f /etc/shells ]; then LogText "Result: Found /etc/shells file" LogText "Test: Reading available shells from /etc/shells" - SSHELLS=`${GREPBINARY} "^/" /etc/shells` + SSHELLS=$(${GREPBINARY} "^/" /etc/shells) CSSHELLS=0; CSSHELLS_ALL=0 Display --indent 2 --text "- Checking shells from /etc/shells" for I in ${SSHELLS}; do @@ -117,9 +117,9 @@ if [ -f /etc/profile ]; then # Determine if we can find a TMOUT value - FIND=`${GREPBINARY} 'TMOUT=' /etc/profile | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'` + FIND=$(${GREPBINARY} 'TMOUT=' /etc/profile | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') # Determine if the value is exported (with export, readonly, or typeset) - FIND2=`${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }'` + FIND2=$(${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') if [ ! "${FIND}" = "" ]; then N=0; IDLE_TIMEOUT=1 for I in ${FIND}; do @@ -160,12 +160,12 @@ fi if [ -d /etc/profile.d ]; then - FIND=`ls /etc/profile.d/*.sh 2> /dev/null` + FIND=$(ls /etc/profile.d/*.sh 2> /dev/null) if [ ! "${FIND}" = "" ]; then # Determine if we can find a TMOUT value - FIND=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'` + FIND=$(cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') # Determine if the value is exported (with export, readonly, or typeset) - FIND2=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }'` + FIND2=$(cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') if [ ! "${FIND}" = "" ]; then N=0; IDLE_TIMEOUT=1 @@ -231,7 +231,7 @@ if [ -f ${FILE} ]; then LogText "Result: file ${FILE} exists" FOUND=1 - FIND=`${GREPBINARY} umask ${FILE} | ${SEDBINARY} 's/^[ \t]*//g' | ${SEDBINARY} 's/#.*$//' | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ print $2 }'` + FIND=$(${GREPBINARY} umask ${FILE} | ${SEDBINARY} 's/^[ \t]*//g' | ${SEDBINARY} 's/#.*$//' | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ print $2 }') if [ "${FIND}" = "" ]; then LogText "Result: did not find umask configured in ${FILE}" Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_NONE}" --color YELLOW @@ -280,10 +280,10 @@ LogText "Test: Check if bash is in the list of shells." if [ -f /etc/shells ]; then LogText "Test: checking for bash shell in /etc/shells" - FIND=`${EGREPBINARY} '(/usr)?(/local)?/bin/bash' /etc/shells | ${GREPBINARY} -v "^#" | head -1` + FIND=$(${EGREPBINARY} '(/usr)?(/local)?/bin/bash' /etc/shells | ${GREPBINARY} -v "^#" | head -1) else LogText "Test: checking if bash is available via which command" - FIND=`which bash 2> /dev/null | head -1` + FIND=$(which bash 2> /dev/null | head -1) fi LogText "Result: command revealed ${FIND} as output" @@ -296,7 +296,7 @@ # CVE-2014-6271 LogText "Test: Check for first exploit (CVE-2014-6271)" echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" @@ -313,7 +313,7 @@ # CVE-2014-6278 LogText "Test: Check for CVE-2014-6278" echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" @@ -328,7 +328,7 @@ # CVE-2014-7169 LogText "Test: Check for taviso bug CVE-2014-7169" echo "(cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | ${GREPBINARY} ' vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" @@ -343,7 +343,7 @@ # CVE-2014-7186 LogText "Test: Check for CVE-2014-7186" echo "(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo \"vulnerable\") | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" @@ -358,7 +358,7 @@ # CVE-2014-7187 LogText "Test: Check for CVE-2014-7187" echo "((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" @@ -373,7 +373,7 @@ # CVE-2014-//// LogText "Test: Check for bug Exploit #3 - shellshocker.net (no CVE)" echo "env X=' () { }; echo hello' bash -c 'date'| ${GREPBINARY} 'hello'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` + VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then LogText "Output: ${VULNERABLE}" |