diff options
author | hlein <hlein@korelogic.com> | 2017-03-06 10:41:21 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-06 10:41:21 +0300 |
commit | b595cc0fb5f0dafe3604f2d2d4915de1acd9c754 (patch) | |
tree | 285792c98f8d9d404d55a0d258c8e274868c74d7 /plugins | |
parent | b9ae378edb9ab109eeb25cc27599b76b2f6f6bfb (diff) |
Various cleanups (#363)
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/plugin_pam_phase1 | 50 | ||||
-rw-r--r-- | plugins/plugin_systemd_phase1 | 36 |
2 files changed, 43 insertions, 43 deletions
diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index e558031e..55583f0d 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -68,25 +68,25 @@ # Check if the PAM directory structure exists if [ -d ${PAM_DIRECTORY} ]; then LogText "Result: /etc/pam.d exists" - FIND_FILES=`find ${PAM_DIRECTORY} -type f -print` + FIND_FILES=$(find ${PAM_DIRECTORY} -type f -print) # First check /etc/pam.conf if it exists. #if [ -f /etc/pam.conf ]; then FIND="/etc/pam.conf ${FIND}"; fi for PAM_FILE in ${FIND_FILES}; do LogText "Now checking PAM file ${PAM_FILE}" while read line; do # Strip empty lines, commented lines, tabs, line breaks (\), then finally remove all double spaces - LINE=`echo $line | grep -v "^#" | grep -v "^$" | tr '\011' ' ' | sed 's/\\\n/ /' | sed 's/ / /g' | sed 's/ #\(.*\)$//'` + LINE=$(echo $line | grep -v "^#" | grep -v "^$" | tr '\011' ' ' | sed 's/\\\n/ /' | sed 's/ / /g' | sed 's/ #\(.*\)$//') if [ ! "${LINE}" = "" ]; then - PAM_SERVICE=`echo ${PAM_FILE} | awk -F/ '{ print $NF }'` + PAM_SERVICE=$(echo ${PAM_FILE} | awk -F/ '{ print $NF }') PAM_CONTROL_FLAG="-" PAM_CONTROL_OPTIONS="-" PAM_MODULE="-" PAM_MODULE_OPTIONS="-" - PAM_TYPE=`echo ${LINE} | awk '{ print $1 }'` + PAM_TYPE=$(echo ${LINE} | awk '{ print $1 }') PARSELINE=0 case ${PAM_TYPE} in "@include") - FILE=`echo ${LINE} | awk '{ print $2 }'` + FILE=$(echo ${LINE} | awk '{ print $2 }') Debug "Result: Found @include in ${PAM_FILE}. Does include PAM settings from file ${FILE} (which is individually processed)" ;; "account") @@ -106,16 +106,16 @@ ;; esac if [ ${PARSELINE} -eq 1 ]; then - MULTIPLE_OPTIONS=`echo ${LINE} | awk '$2 ~ /^\[/'` + MULTIPLE_OPTIONS=$(echo ${LINE} | awk '$2 ~ /^\[/') if [ ! "${MULTIPLE_OPTIONS}" = "" ]; then # Needs more parsing, depending on the options found - PAM_CONTROL_OPTIONS=`echo ${LINE} | sed "s/^.*\[//" | sed "s/\].*$//"` + PAM_CONTROL_OPTIONS=$(echo ${LINE} | sed "s/^.*\[//" | sed "s/\].*$//") LogText "Result: Found brackets in line, indicating multiple options for control flags: ${PAM_CONTROL_OPTIONS}" - LINE=`echo ${LINE} | sed "s/ \[.*\] / other /"` + LINE=$(echo ${LINE} | sed "s/ \[.*\] / other /") fi - PAM_MODULE=`echo ${LINE} | awk '{ print $3 }'` - PAM_MODULE_OPTIONS=`echo ${LINE} | cut -d ' ' -f 4-` - PAM_CONTROL_FLAG=`echo ${LINE} | awk '{ print $2 }'` + PAM_MODULE=$(echo ${LINE} | awk '{ print $3 }') + PAM_MODULE_OPTIONS=$(echo ${LINE} | cut -d ' ' -f 4-) + PAM_CONTROL_FLAG=$(echo ${LINE} | awk '{ print $2 }') case ${PAM_CONTROL_FLAG} in "optional"|"required"|"requisite"|"sufficient") #Debug "Found a common control flag: ${PAM_CONTROL_FLAG} for ${PAM_MODULE}" @@ -135,7 +135,7 @@ LogText "Result: using module ${PAM_MODULE} (${PAM_CONTROL_FLAG}) without options configured" fi - PAM_MODULE_NAME=`echo ${PAM_MODULE} | sed 's/.so$//'` + PAM_MODULE_NAME=$(echo ${PAM_MODULE} | sed 's/.so$//') # # Specific PAMs are commonly seen on these platforms: # @@ -202,8 +202,8 @@ if [ "${PAM_PASSWORD_PWHISTORY_AMOUNT}" = "" ]; then PAM_PASSWORD_PWHISTORY_AMOUNT=10; fi if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in remember) @@ -231,8 +231,8 @@ LogText "Result: found ${PAM_MODULE} module (generic)" if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in remember) @@ -268,9 +268,9 @@ if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then Debug "Module options configured" for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') Debug ${OPTION} - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in minlen) @@ -286,7 +286,7 @@ MAX_PASSWORD_RETRY=${VALUE} ;; minclass) - # Minimum number of class required out of upper, lower, digit and oters + # Minimum number of class required out of upper, lower, digit and others LogText "Result: Min number of password class is configured" MIN_PASSWORD_CLASS=${VALUE} ;; @@ -318,8 +318,8 @@ fi if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') case ${OPTION} in deny) AUTH_BLOCK_BAD_LOGIN_ATTEMPTS="${VALUE}" @@ -402,7 +402,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Digits if [ ${CREDITS_D_PASSWORD} -lt 0 ]; then - CREDITS_D_PASSWORD=`echo ${CREDITS_D_PASSWORD} | cut -b 2-` + CREDITS_D_PASSWORD=$(echo ${CREDITS_D_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Digital characters required: ${CREDITS_D_PASSWORD}" Report "password_min_digital_required=${CREDITS_D_PASSWORD}" elif [ ${CREDITS_D_PASSWORD} -ge 0 ]; then @@ -412,7 +412,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Lowercase if [ ${CREDITS_L_PASSWORD} -lt 0 ]; then - CREDITS_L_PASSWORD=`echo ${CREDITS_L_PASSWORD} | cut -b 2-` + CREDITS_L_PASSWORD=$(echo ${CREDITS_L_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Lowercase characters required: ${CREDITS_L_PASSWORD}" Report "password_min_l_required=${CREDITS_L_PASSWORD}" elif [ ${CREDITS_L_PASSWORD} -ge 0 ]; then @@ -422,7 +422,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Other characters if [ ${CREDITS_O_PASSWORD} -lt 0 ]; then - CREDITS_O_PASSWORD=`echo ${CREDITS_O_PASSWORD} | cut -b 2-` + CREDITS_O_PASSWORD=$(echo ${CREDITS_O_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Other characters required: ${CREDITS_O_PASSWORD}" Report "password_min_other_required=${CREDITS_O_PASSWORD}" elif [ ${CREDITS_O_PASSWORD} -ge 0 ]; then @@ -432,7 +432,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Uppercase if [ ${CREDITS_U_PASSWORD} -lt 0 ]; then - CREDITS_U_PASSWORD=`echo ${CREDITS_U_PASSWORD} | cut -b 2-` + CREDITS_U_PASSWORD=$(echo ${CREDITS_U_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Uppercase characters required: ${CREDITS_U_PASSWORD}" Report "password_min_u_required=${CREDITS_U_PASSWORD}" elif [ ${CREDITS_U_PASSWORD} -ge 0 ]; then diff --git a/plugins/plugin_systemd_phase1 b/plugins/plugin_systemd_phase1 index 53a72b12..a3544c3d 100644 --- a/plugins/plugin_systemd_phase1 +++ b/plugins/plugin_systemd_phase1 @@ -39,7 +39,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3800 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemctl exit code" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} > /dev/null` + FIND=$(${SYSTEMCTLBINARY} > /dev/null) if [ $? -gt 0 ]; then Report "systemctl_error_message=${FIND}" else @@ -57,13 +57,13 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3802 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd version and options" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -1` + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -1) if [ ! "${FIND}" = "" ]; then SYSTEMD_VERSION=${FIND} Report "systemd_version=${FIND}" LogText "Result: found systemd version ${FIND}" fi - FIND=`${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1` + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1) if [ ! "${FIND}" = "" ]; then Report "systemd_builtin_components=${FIND}" LogText "Result: found builtin components list" @@ -77,7 +77,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3804 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd unit files and their status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }') if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -94,7 +94,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3806 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather failed systemd units" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }') if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -111,7 +111,7 @@ if [ -f /etc/machine-id -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3808 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd machine ID" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`cat /etc/machine-id | head -1` + FIND=$(cat /etc/machine-id | head -1) if [ ! "${FIND}" = "" ]; then SYSTEMD_MACHINEID="${FIND}" LogText "Result: found machine ID: ${SYSTEMD_MACHINEID}" @@ -125,7 +125,7 @@ if [ ! "${FINDBINARY}" = "" -a -d /usr/lib/systemd -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3810 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query main systemd binaries" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`find /usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|"` + FIND=$(find /usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|") if [ ! "${FIND}" = "" ]; then Report "systemd_binaries=${FIND}" LogText "Result: found systemd binaries in /usr/lib/systemd" @@ -141,10 +141,10 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 -a ${SYSTEMD_VERSION} -ge 209 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3812 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal for boot related information" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --list-boots | wc -l` + FIND=$(${JOURNALCTLBINARY} --list-boots | wc -l) LogText "Output: number of boots listed in journal is ${FIND}" if [ ! "${FIND}" = "" ]; then Report "journal_bootlogs=${FIND}"; fi - FIND=`${JOURNALCTLBINARY} --list-boots | head -1 | awk '{ print $4 }'` + FIND=$(${JOURNALCTLBINARY} --list-boots | head -1 | awk '{ print $4 }') LogText "Output: oldest boot date in journal is ${FIND}" if [ ! "${FIND}" = "" ]; then Report "journal_oldest_bootdate=${FIND}"; fi fi @@ -156,11 +156,11 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3814 --preqs-met ${PREQS_MET} --weight L --network NO --description "Verify journal integrity" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --verify 2>&1 | grep FAIL | sed 's/[[:space:]]/:space:/g'` + FIND=$(${JOURNALCTLBINARY} --verify 2>&1 | grep FAIL | sed 's/[[:space:]]/:space:/g') if [ ! "${FIND}" = "" ]; then Report "journal_contains_errors=1" for I in ${FIND}; do - LINE=`echo ${I} | sed 's/:space:/ /g'` + LINE=$(echo ${I} | sed 's/:space:/ /g') LogText "Output (fails): ${LINE}" done else @@ -176,7 +176,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal for boot related information" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}'` + FIND=$(${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}') Report "journal_disk_size=${FIND}" LogText "Result: journals are ${FIND} in size" fi @@ -188,7 +188,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal meta data" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g'` + FIND=$(${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g') Report "journal_meta_data=${FIND}" fi # @@ -214,7 +214,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 -a ${SYSTEMD_VERSION} -ge 215 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3830 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -1` + FIND=$(${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -1) if [ ! "${FIND}" = "" ]; then Report "systemd_status=${FIND}" LogText "Result: found systemd status = ${FIND}" @@ -228,7 +228,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3832 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status for processes which can not be found" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }') if [ ! "${FIND}" = "" ]; then for I in ${FIND}; do Report "systemd_unit_not_found[]=${I}" @@ -243,7 +243,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ! "${AWKBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3834 --preqs-met ${PREQS_MET} --weight L --network NO --description "Collect service units which can not be found in systemd" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}'` + FIND=$(${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}') if [ ! "${FIND}" = "" ]; then LogText "Result: found one or more services with faulty state" for I in ${FIND}; do @@ -261,7 +261,7 @@ Register --test-no PLGN-3856 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query coredumps from journals since Yesterday" --progress if [ ${SKIPTEST} -eq 0 ]; then SYSTEMD_COREDUMP_USED=1 - FIND=`cat /proc/sys/kernel/core_pattern | grep systemd-coredump` + FIND=$(cat /proc/sys/kernel/core_pattern | grep systemd-coredump) if [ ! "${FIND}" = "" ]; then LogText "Result: systemd uses systemd-coredump to handle coredumps" Report "systemd_coredump_used=1" @@ -281,7 +281,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_COREDUMP_USED} -eq 1 -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3860 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query coredumps from journals since Yesterday" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} SYSLOG_IDENTIFIER=systemd-coredump --since=yesterday -o cat 2> /dev/null` + FIND=$(${JOURNALCTLBINARY} SYSLOG_IDENTIFIER=systemd-coredump --since=yesterday -o cat 2> /dev/null) if [ ! "${FIND}" = "" ]; then Report "journal_coredumps_lastday=1" LogText "Result: found recent coredumps" |