From b595cc0fb5f0dafe3604f2d2d4915de1acd9c754 Mon Sep 17 00:00:00 2001 From: hlein Date: Mon, 6 Mar 2017 00:41:21 -0700 Subject: Various cleanups (#363) * Typo fix. * Style change: always use $(), never ``. The Lynis code already mostly used $(), but backticks were sprinkled around. Converted all of them. * Lots of minor spelling/typo fixes. FWIW these were found with: find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less And then reviewing the list to pick out things that looked like misspelled words as opposed to variables, etc., and then manual inspection of context to determine the intention. --- plugins/plugin_pam_phase1 | 50 +++++++++++++++++++++---------------------- plugins/plugin_systemd_phase1 | 36 +++++++++++++++---------------- 2 files changed, 43 insertions(+), 43 deletions(-) (limited to 'plugins') diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index e558031e..55583f0d 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -68,25 +68,25 @@ # Check if the PAM directory structure exists if [ -d ${PAM_DIRECTORY} ]; then LogText "Result: /etc/pam.d exists" - FIND_FILES=`find ${PAM_DIRECTORY} -type f -print` + FIND_FILES=$(find ${PAM_DIRECTORY} -type f -print) # First check /etc/pam.conf if it exists. #if [ -f /etc/pam.conf ]; then FIND="/etc/pam.conf ${FIND}"; fi for PAM_FILE in ${FIND_FILES}; do LogText "Now checking PAM file ${PAM_FILE}" while read line; do # Strip empty lines, commented lines, tabs, line breaks (\), then finally remove all double spaces - LINE=`echo $line | grep -v "^#" | grep -v "^$" | tr '\011' ' ' | sed 's/\\\n/ /' | sed 's/ / /g' | sed 's/ #\(.*\)$//'` + LINE=$(echo $line | grep -v "^#" | grep -v "^$" | tr '\011' ' ' | sed 's/\\\n/ /' | sed 's/ / /g' | sed 's/ #\(.*\)$//') if [ ! "${LINE}" = "" ]; then - PAM_SERVICE=`echo ${PAM_FILE} | awk -F/ '{ print $NF }'` + PAM_SERVICE=$(echo ${PAM_FILE} | awk -F/ '{ print $NF }') PAM_CONTROL_FLAG="-" PAM_CONTROL_OPTIONS="-" PAM_MODULE="-" PAM_MODULE_OPTIONS="-" - PAM_TYPE=`echo ${LINE} | awk '{ print $1 }'` + PAM_TYPE=$(echo ${LINE} | awk '{ print $1 }') PARSELINE=0 case ${PAM_TYPE} in "@include") - FILE=`echo ${LINE} | awk '{ print $2 }'` + FILE=$(echo ${LINE} | awk '{ print $2 }') Debug "Result: Found @include in ${PAM_FILE}. Does include PAM settings from file ${FILE} (which is individually processed)" ;; "account") @@ -106,16 +106,16 @@ ;; esac if [ ${PARSELINE} -eq 1 ]; then - MULTIPLE_OPTIONS=`echo ${LINE} | awk '$2 ~ /^\[/'` + MULTIPLE_OPTIONS=$(echo ${LINE} | awk '$2 ~ /^\[/') if [ ! "${MULTIPLE_OPTIONS}" = "" ]; then # Needs more parsing, depending on the options found - PAM_CONTROL_OPTIONS=`echo ${LINE} | sed "s/^.*\[//" | sed "s/\].*$//"` + PAM_CONTROL_OPTIONS=$(echo ${LINE} | sed "s/^.*\[//" | sed "s/\].*$//") LogText "Result: Found brackets in line, indicating multiple options for control flags: ${PAM_CONTROL_OPTIONS}" - LINE=`echo ${LINE} | sed "s/ \[.*\] / other /"` + LINE=$(echo ${LINE} | sed "s/ \[.*\] / other /") fi - PAM_MODULE=`echo ${LINE} | awk '{ print $3 }'` - PAM_MODULE_OPTIONS=`echo ${LINE} | cut -d ' ' -f 4-` - PAM_CONTROL_FLAG=`echo ${LINE} | awk '{ print $2 }'` + PAM_MODULE=$(echo ${LINE} | awk '{ print $3 }') + PAM_MODULE_OPTIONS=$(echo ${LINE} | cut -d ' ' -f 4-) + PAM_CONTROL_FLAG=$(echo ${LINE} | awk '{ print $2 }') case ${PAM_CONTROL_FLAG} in "optional"|"required"|"requisite"|"sufficient") #Debug "Found a common control flag: ${PAM_CONTROL_FLAG} for ${PAM_MODULE}" @@ -135,7 +135,7 @@ LogText "Result: using module ${PAM_MODULE} (${PAM_CONTROL_FLAG}) without options configured" fi - PAM_MODULE_NAME=`echo ${PAM_MODULE} | sed 's/.so$//'` + PAM_MODULE_NAME=$(echo ${PAM_MODULE} | sed 's/.so$//') # # Specific PAMs are commonly seen on these platforms: # @@ -202,8 +202,8 @@ if [ "${PAM_PASSWORD_PWHISTORY_AMOUNT}" = "" ]; then PAM_PASSWORD_PWHISTORY_AMOUNT=10; fi if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in remember) @@ -231,8 +231,8 @@ LogText "Result: found ${PAM_MODULE} module (generic)" if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in remember) @@ -268,9 +268,9 @@ if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then Debug "Module options configured" for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') Debug ${OPTION} - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + VALUE=$(echo ${I} | awk -F= '{ print $2 }') CREDITS_CONFIGURED=0 case ${OPTION} in minlen) @@ -286,7 +286,7 @@ MAX_PASSWORD_RETRY=${VALUE} ;; minclass) - # Minimum number of class required out of upper, lower, digit and oters + # Minimum number of class required out of upper, lower, digit and others LogText "Result: Min number of password class is configured" MIN_PASSWORD_CLASS=${VALUE} ;; @@ -318,8 +318,8 @@ fi if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do - OPTION=`echo ${I} | awk -F= '{ print $1 }'` - VALUE=`echo ${I} | awk -F= '{ print $2 }'` + OPTION=$(echo ${I} | awk -F= '{ print $1 }') + VALUE=$(echo ${I} | awk -F= '{ print $2 }') case ${OPTION} in deny) AUTH_BLOCK_BAD_LOGIN_ATTEMPTS="${VALUE}" @@ -402,7 +402,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Digits if [ ${CREDITS_D_PASSWORD} -lt 0 ]; then - CREDITS_D_PASSWORD=`echo ${CREDITS_D_PASSWORD} | cut -b 2-` + CREDITS_D_PASSWORD=$(echo ${CREDITS_D_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Digital characters required: ${CREDITS_D_PASSWORD}" Report "password_min_digital_required=${CREDITS_D_PASSWORD}" elif [ ${CREDITS_D_PASSWORD} -ge 0 ]; then @@ -412,7 +412,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Lowercase if [ ${CREDITS_L_PASSWORD} -lt 0 ]; then - CREDITS_L_PASSWORD=`echo ${CREDITS_L_PASSWORD} | cut -b 2-` + CREDITS_L_PASSWORD=$(echo ${CREDITS_L_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Lowercase characters required: ${CREDITS_L_PASSWORD}" Report "password_min_l_required=${CREDITS_L_PASSWORD}" elif [ ${CREDITS_L_PASSWORD} -ge 0 ]; then @@ -422,7 +422,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Other characters if [ ${CREDITS_O_PASSWORD} -lt 0 ]; then - CREDITS_O_PASSWORD=`echo ${CREDITS_O_PASSWORD} | cut -b 2-` + CREDITS_O_PASSWORD=$(echo ${CREDITS_O_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Other characters required: ${CREDITS_O_PASSWORD}" Report "password_min_other_required=${CREDITS_O_PASSWORD}" elif [ ${CREDITS_O_PASSWORD} -ge 0 ]; then @@ -432,7 +432,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Uppercase if [ ${CREDITS_U_PASSWORD} -lt 0 ]; then - CREDITS_U_PASSWORD=`echo ${CREDITS_U_PASSWORD} | cut -b 2-` + CREDITS_U_PASSWORD=$(echo ${CREDITS_U_PASSWORD} | cut -b 2-) LogText "[PAM] Minimum number of Uppercase characters required: ${CREDITS_U_PASSWORD}" Report "password_min_u_required=${CREDITS_U_PASSWORD}" elif [ ${CREDITS_U_PASSWORD} -ge 0 ]; then diff --git a/plugins/plugin_systemd_phase1 b/plugins/plugin_systemd_phase1 index 53a72b12..a3544c3d 100644 --- a/plugins/plugin_systemd_phase1 +++ b/plugins/plugin_systemd_phase1 @@ -39,7 +39,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3800 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemctl exit code" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} > /dev/null` + FIND=$(${SYSTEMCTLBINARY} > /dev/null) if [ $? -gt 0 ]; then Report "systemctl_error_message=${FIND}" else @@ -57,13 +57,13 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3802 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd version and options" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -1` + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="systemd") { print $2 } }' | grep "^[1-9][0-9][0-9]$" | head -1) if [ ! "${FIND}" = "" ]; then SYSTEMD_VERSION=${FIND} Report "systemd_version=${FIND}" LogText "Result: found systemd version ${FIND}" fi - FIND=`${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1` + FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1) if [ ! "${FIND}" = "" ]; then Report "systemd_builtin_components=${FIND}" LogText "Result: found builtin components list" @@ -77,7 +77,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3804 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd unit files and their status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }') if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -94,7 +94,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3806 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather failed systemd units" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }') if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -111,7 +111,7 @@ if [ -f /etc/machine-id -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3808 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd machine ID" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`cat /etc/machine-id | head -1` + FIND=$(cat /etc/machine-id | head -1) if [ ! "${FIND}" = "" ]; then SYSTEMD_MACHINEID="${FIND}" LogText "Result: found machine ID: ${SYSTEMD_MACHINEID}" @@ -125,7 +125,7 @@ if [ ! "${FINDBINARY}" = "" -a -d /usr/lib/systemd -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3810 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query main systemd binaries" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`find /usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|"` + FIND=$(find /usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|") if [ ! "${FIND}" = "" ]; then Report "systemd_binaries=${FIND}" LogText "Result: found systemd binaries in /usr/lib/systemd" @@ -141,10 +141,10 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 -a ${SYSTEMD_VERSION} -ge 209 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3812 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal for boot related information" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --list-boots | wc -l` + FIND=$(${JOURNALCTLBINARY} --list-boots | wc -l) LogText "Output: number of boots listed in journal is ${FIND}" if [ ! "${FIND}" = "" ]; then Report "journal_bootlogs=${FIND}"; fi - FIND=`${JOURNALCTLBINARY} --list-boots | head -1 | awk '{ print $4 }'` + FIND=$(${JOURNALCTLBINARY} --list-boots | head -1 | awk '{ print $4 }') LogText "Output: oldest boot date in journal is ${FIND}" if [ ! "${FIND}" = "" ]; then Report "journal_oldest_bootdate=${FIND}"; fi fi @@ -156,11 +156,11 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3814 --preqs-met ${PREQS_MET} --weight L --network NO --description "Verify journal integrity" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --verify 2>&1 | grep FAIL | sed 's/[[:space:]]/:space:/g'` + FIND=$(${JOURNALCTLBINARY} --verify 2>&1 | grep FAIL | sed 's/[[:space:]]/:space:/g') if [ ! "${FIND}" = "" ]; then Report "journal_contains_errors=1" for I in ${FIND}; do - LINE=`echo ${I} | sed 's/:space:/ /g'` + LINE=$(echo ${I} | sed 's/:space:/ /g') LogText "Output (fails): ${LINE}" done else @@ -176,7 +176,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal for boot related information" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}'` + FIND=$(${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}') Report "journal_disk_size=${FIND}" LogText "Result: journals are ${FIND} in size" fi @@ -188,7 +188,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal meta data" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g'` + FIND=$(${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g') Report "journal_meta_data=${FIND}" fi # @@ -214,7 +214,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 -a ${SYSTEMD_VERSION} -ge 215 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3830 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -1` + FIND=$(${SYSTEMCTLBINARY} is-system-running 2> /dev/null | head -1) if [ ! "${FIND}" = "" ]; then Report "systemd_status=${FIND}" LogText "Result: found systemd status = ${FIND}" @@ -228,7 +228,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3832 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status for processes which can not be found" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }'` + FIND=$(${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }') if [ ! "${FIND}" = "" ]; then for I in ${FIND}; do Report "systemd_unit_not_found[]=${I}" @@ -243,7 +243,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ! "${AWKBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3834 --preqs-met ${PREQS_MET} --weight L --network NO --description "Collect service units which can not be found in systemd" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}'` + FIND=$(${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}') if [ ! "${FIND}" = "" ]; then LogText "Result: found one or more services with faulty state" for I in ${FIND}; do @@ -261,7 +261,7 @@ Register --test-no PLGN-3856 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query coredumps from journals since Yesterday" --progress if [ ${SKIPTEST} -eq 0 ]; then SYSTEMD_COREDUMP_USED=1 - FIND=`cat /proc/sys/kernel/core_pattern | grep systemd-coredump` + FIND=$(cat /proc/sys/kernel/core_pattern | grep systemd-coredump) if [ ! "${FIND}" = "" ]; then LogText "Result: systemd uses systemd-coredump to handle coredumps" Report "systemd_coredump_used=1" @@ -281,7 +281,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_COREDUMP_USED} -eq 1 -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3860 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query coredumps from journals since Yesterday" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${JOURNALCTLBINARY} SYSLOG_IDENTIFIER=systemd-coredump --since=yesterday -o cat 2> /dev/null` + FIND=$(${JOURNALCTLBINARY} SYSLOG_IDENTIFIER=systemd-coredump --since=yesterday -o cat 2> /dev/null) if [ ! "${FIND}" = "" ]; then Report "journal_coredumps_lastday=1" LogText "Result: found recent coredumps" -- cgit v1.2.3