diff options
author | hlein <hlein@korelogic.com> | 2017-03-06 10:41:21 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-06 10:41:21 +0300 |
commit | b595cc0fb5f0dafe3604f2d2d4915de1acd9c754 (patch) | |
tree | 285792c98f8d9d404d55a0d258c8e274868c74d7 /include/tests_squid | |
parent | b9ae378edb9ab109eeb25cc27599b76b2f6f6bfb (diff) |
Various cleanups (#363)
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
Diffstat (limited to 'include/tests_squid')
-rw-r--r-- | include/tests_squid | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/include/tests_squid b/include/tests_squid index 37a2eee9..3ae7d7a0 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -42,7 +42,7 @@ LogText "Test: Searching for a Squid daemon" FOUND=0 # Check running processes - FIND=`${PSBINARY} ax | ${EGREPBINARY} "(squid|squid3) " | ${GREPBINARY} -v "grep"` + FIND=$(${PSBINARY} ax | ${EGREPBINARY} "(squid|squid3) " | ${GREPBINARY} -v "grep") if [ ! "${FIND}" = "" ]; then SQUID_DAEMON_RUNNING=1 LogText "Result: Squid daemon is running" @@ -92,9 +92,9 @@ if [ ! "${SQUIDBINARY}" = "" ]; then LogText "Result: Squid binary found (${SQUIDBINARY})" # Skip check if a setuid/setgid bit is found - FIND=`find ${SQUIDBINARY} \( -perm 4000 -o -perm 2000 \) -print` + FIND=$(find ${SQUIDBINARY} \( -perm 4000 -o -perm 2000 \) -print) if [ "${FIND}" = "" ]; then - FIND2=`${SQUIDBINARY} -v | ${AWKBINARY} '{ if ($3=="Version") { print $4 } }'` + FIND2=$(${SQUIDBINARY} -v | ${AWKBINARY} '{ if ($3=="Version") { print $4 } }') Display --indent 4 --text "- Checking Squid version" --result "${STATUS_FOUND}" --color GREEN SQUID_VERSION="${FIND2}" else @@ -114,9 +114,9 @@ Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}" - FIND=`${GREPBINARY} -v "^#" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g'` + FIND=$(${GREPBINARY} -v "^#" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g') for I in ${FIND}; do - I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'` + I=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g') LogText "Found Squid option: ${I}" Report "squid_option=${I}" done @@ -131,7 +131,7 @@ Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}" - FIND=`find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)` + FIND=$(find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)) if [ ! "${FIND}" = "" ]; then LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords" Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_WARNING}" --color RED @@ -159,7 +159,7 @@ Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid authentication methods" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check auth_param option for authentication methods" - FIND=`${GREPBINARY} "^auth_param" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $2 }'` + FIND=$(${GREPBINARY} "^auth_param" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $2 }') if [ "${FIND}" = "" ]; then LogText "No auth_param option found, proxy access anonymous or based on other methods (like ACLs)" Display --indent 6 --text "- Checking Squid authentication methods" --result "${STATUS_NONE}" --color YELLOW @@ -180,7 +180,7 @@ Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check external Squid authentication" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check external_acl_type option for external authentication helpers" - FIND=`${GREPBINARY} "^external_acl_type" ${SQUID_DAEMON_CONFIG}` + FIND=$(${GREPBINARY} "^external_acl_type" ${SQUID_DAEMON_CONFIG}) if [ "${FIND}" = "" ]; then LogText "No external_acl_type found" Display --indent 6 --text "- Checking Squid external authentication methods" --result "${STATUS_NONE}" --color YELLOW @@ -203,14 +203,14 @@ if [ ${SKIPTEST} -eq 0 ]; then N=0 LogText "Test: checking ACLs" - FIND=`${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g'` + FIND=$(${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g') if [ "${FIND}" = "" ]; then LogText "Result: No ACLs found" Display --indent 6 --text "- Checking Access Control Lists" --result "${STATUS_NONE}" --color RED else for I in ${FIND}; do N=$((N + 1)) - I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'` + I=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g') LogText "Found ACL: ${I}" #Report "squid_acl=${I}" done @@ -228,14 +228,14 @@ if [ ${SKIPTEST} -eq 0 ]; then N=0 LogText "Test: checking ACL Safe_ports http_access option" - FIND=`${GREPBINARY} "^http_access" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} "Safe_ports"` + FIND=$(${GREPBINARY} "^http_access" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} "Safe_ports") if [ "${FIND}" = "" ]; then LogText "Result: no Safe_ports found" Display --indent 6 --text "- Checking ACL 'Safe_ports' http_access option" --result "${STATUS_NOT_FOUND}" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured to restrict access to all safe ports" else LogText "Result: checking ACL safe ports" - FIND2=`${GREPBINARY} "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $4 }'` + FIND2=$(${GREPBINARY} "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $4 }') if [ "${FIND2}" = "" ]; then Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "NONE FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured for which ports it can allow outgoing traffic (Safe_ports)" @@ -251,7 +251,7 @@ #SQUID_DAEMON_UNSAFE_PORTS_LIST for I in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do LogText "Test: Checking port ${I} in Safe_ports list" - FIND2=`${GREPBINARY} -w "^acl Safe_ports port ${I}" ${SQUID_DAEMON_CONFIG}` + FIND2=$(${GREPBINARY} -w "^acl Safe_ports port ${I}" ${SQUID_DAEMON_CONFIG}) if [ "${FIND2}" = "" ]; then Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "${STATUS_NOT_FOUND}" --color GREEN AddHP 1 1 @@ -279,7 +279,7 @@ if [ ${SKIPTEST} -eq 0 ]; then N=0 LogText "Test: checking option reply_body_max_size" - FIND=`${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g'` + FIND=$(${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g') if [ "${FIND}" = "" ]; then LogText "Result: option reply_body_max_size not configured" Display --indent 6 --text "- Checking option: reply_body_max_size" --result "${STATUS_NONE}" --color RED @@ -306,10 +306,10 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3680 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version suppresion" if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${GREPBINARY} "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} " on"` + FIND=$(${GREPBINARY} "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} " on") if [ "${FIND}" = "" ]; then LogText "Result: option httpd_suppress_version_string not configured" - Display --indent 6 --text "- Checking option: httpd_supress_version_string" --result "${STATUS_NOT_FOUND}" --color YELLOW + Display --indent 6 --text "- Checking option: httpd_suppress_version_string" --result "${STATUS_NOT_FOUND}" --color YELLOW AddHP 1 2 ReportSuggestion ${TEST_NO} "Configure Squid option httpd_suppress_version_string (on) to suppress the version." else |