From 903016df362e39444d314a81dd4a0ebc61b67da0 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Sat, 10 Sep 2016 16:12:44 +0200
Subject: Code cleanups and generic enhancements

---
 include/tests_file_integrity | 38 ++++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 18 deletions(-)

(limited to 'include/tests_file_integrity')

diff --git a/include/tests_file_integrity b/include/tests_file_integrity
index a90eb4fe..687853ff 100644
--- a/include/tests_file_integrity
+++ b/include/tests_file_integrity
@@ -18,7 +18,8 @@
 #
 #################################################################################
 #
-    CSF_CONFIG="/etc/csf/csf.conf"
+    AIDECONFIG=""
+    CSF_CONFIG="${ROOTDIR}etc/csf/csf.conf"
     FILE_INT_TOOL=""
     FILE_INT_TOOL_FOUND=0     # Boolean, file integrity tool found
 #
@@ -34,13 +35,13 @@
     Register --test-no FINT-4310 --weight L --network NO --category security --description "AFICK availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking AFICK binary"
-        if [ ! "${AFICKBINARY}" = "" ]; then
+        if [ ! -z "${AFICKBINARY}" ]; then
             LogText "Result: AFICK is installed (${AFICKBINARY})"
             Report "file_integrity_tool[]=afick"
             FILE_INT_TOOL="afick"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- AFICK" --result "${STATUS_FOUND}" --color GREEN
-          else
+        else
             LogText "Result: AFICK is not installed"
             if IsVerbose; then Display --indent 4 --text "- AFICK" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
         fi
@@ -53,13 +54,13 @@
     Register --test-no FINT-4314 --weight L --network NO --category security --description "AIDE availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking AIDE binary"
-        if [ ! "${AIDEBINARY}" = "" ]; then
+        if [ ! -z "${AIDEBINARY}" ]; then
             LogText "Result: AIDE is installed (${AIDEBINARY})"
             Report "file_integrity_tool[]=aide"
             FILE_INT_TOOL="aide"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- AIDE" --result "${STATUS_FOUND}" --color GREEN
-          else
+        else
             LogText "Result: AIDE is not installed"
             if IsVerbose; then Display --indent 4 --text "- AIDE" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
         fi
@@ -80,7 +81,8 @@
                  AIDECONFIG="${I}/aide.conf"
             fi
         done
-        if [ "${AIDECONFIG}" = "" ]; then
+
+        if [ -z "${AIDECONFIG}" ]; then
             Display --indent 6 --text "- AIDE config file" --result "${STATUS_NOT_FOUND}" --color YELLOW
         else
             LogText "Checking configuration file ${AIDECONFIG} for errors"
@@ -101,7 +103,7 @@
     Register --test-no FINT-4318 --weight L --network NO --category security --description "Osiris availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking Osiris binary"
-        if [ ! "${OSIRISBINARY}" = "" ]; then
+        if [ ! -z "${OSIRISBINARY}" ]; then
             LogText "Result: Osiris is installed (${OSIRISBINARY})"
             Report "file_integrity_tool[]=osiris"
             FILE_INT_TOOL="osiris"
@@ -120,7 +122,7 @@
     Register --test-no FINT-4322 --weight L --network NO --category security --description "Samhain availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking Samhain binary"
-        if [ ! "${SAMHAINBINARY}" = "" ]; then
+        if [ ! -z "${SAMHAINBINARY}" ]; then
             LogText "Result: Samhain is installed (${SAMHAINBINARY})"
             Report "file_integrity_tool[]=samhain"
             FILE_INT_TOOL="samhain"
@@ -139,7 +141,7 @@
     Register --test-no FINT-4326 --weight L --network NO --category security --description "Tripwire availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking Tripwire binary"
-        if [ ! "${TRIPWIREBINARY}" = "" ]; then
+        if [ ! -z "${TRIPWIREBINARY}" ]; then
             LogText "Result: Tripwire is installed (${TRIPWIREBINARY})"
             Report "file_integrity_tool[]=tripwire"
             FILE_INT_TOOL="tripwire"
@@ -179,7 +181,7 @@
     Register --test-no FINT-4330 --weight L --network NO --category security --description "mtree availability"
     if [ ${SKIPTEST} -eq 0 ]; then
         LogText "Test: Checking mtree binary"
-        if [ ! "${MTREEBINARY}" = "" ]; then
+        if [ ! -z "${MTREEBINARY}" ]; then
             LogText "Result: mtree is installed (${MTREEBINARY})"
             Report "file_integrity_tool[]=mtree"
             FILE_INT_TOOL="mtree"
@@ -219,26 +221,26 @@
     Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check lfd configuration status"
     if [ ${SKIPTEST} -eq 0 ]; then
         # LFD configuration parameters
-        ENABLED=`${GREPBINARY} "^LF_DAEMON = \"1\"" ${CSF_CONFIG}`
+        ENABLED=$(${GREPBINARY} "^LF_DAEMON = \"1\"" ${CSF_CONFIG})
         if [ ! "${ENABLED}" = "" ]; then
             LogText "Result: lfd service is configured to run"
             Display --indent 6 --text "- Configuration status" --result "${STATUS_ENABLED}" --color GREEN
-          else
+        else
             LogText "Result: lfd service is configured NOT to run"
             Display --indent 6 --text "- Configuration status" --result "${STATUS_DISABLED}" --color YELLOW
         fi
-        ENABLED=`${GREPBINARY} "^LF_DIRWATCH =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g'`
+        ENABLED=$(${GREPBINARY} "^LF_DIRWATCH =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g')
         if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
             LogText "Result: lfd directory watching is enabled (value: ${ENABLED})"
             Display --indent 6 --text "- Temporary directory watches" --result "${STATUS_ENABLED}" --color GREEN
-          else
+        else
             LogText "Result: lfd directory watching is disabled"
             Display --indent 6 --text "- Temporary directory watches" --result "${STATUS_DISABLED}" --color YELLOW
         fi
-        ENABLED=`${GREPBINARY} "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g'`
+        ENABLED=$(${GREPBINARY} "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g')
         if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
             Display --indent 6 --text "- Directory/File watches" --result "${STATUS_ENABLED}" --color GREEN
-          else
+        else
             Display --indent 6 --text "- Directory/File watches" --result "${STATUS_DISABLED}" --color YELLOW
         fi
     fi
@@ -257,7 +259,7 @@
             FILE_INT_TOOL="osquery"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- osquery daemon (syscheck)" --result "${STATUS_FOUND}" --color GREEN
-          else
+        else
             LogText "Result: syscheck (osquery) not installed"
             if IsVerbose; then Display --indent 4 --text "- osquery daemon (syscheck)" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
         fi
@@ -271,7 +273,7 @@
     Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "AIDE configuration: Checksums (SHA256 or SHA512)"
     if [ ${SKIPTEST} -eq 0 ]; then
         FIND=$(${GREPBINARY} -v "^#" ${AIDECONFIG} | ${EGREPBINARY} "= .*(sha256|sha512)")
-        if [ "${FIND}" = "" ]; then
+        if [ -z "${FIND}" ]; then
             LogText "Result: No SHA256 or SHA512 found for creating checksums"
             Display --indent 6 --text "- AIDE config (Checksum)" --result Suggestion --color YELLOW
             ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE"
-- 
cgit v1.2.3