diff --git a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh index 1a94987..f246e69 100755 --- a/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh +++ b/bin/hardening/10.1.11_set_maxlogins_for_all_accounts.sh @@ -32,10 +32,10 @@ audit () { crit "$FILE does not exist" FNRET=2 else - COUNT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILE | grep "${OPTIONS}" | wc -l) + COUNT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILE | grep -c "${OPTIONS}") if [ $COUNT -gt 0 ]; then ok "$OPTIONS is set in $FILE." - VALUE=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILE | grep ".*[[:space:]].*${OPTIONS}[[:space:]].*${OPVALUE}" | wc -l) + VALUE=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILE | grep -c ".*[[:space:]].*${OPTIONS}[[:space:]].*${OPVALUE}") if [ $VALUE -eq 0 ]; then crit "$OPTIONS value is incorrect in $FILE" FNRET=4 diff --git a/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh b/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh index 3669250..4f98a07 100755 --- a/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh +++ b/bin/hardening/10.1.7_remove_nopasswd_sudoers.sh @@ -28,7 +28,7 @@ audit () FNRET=1 else ok "$NOPASSWD is not set on $FILE, it's ok" - if [ $(grep $NOPASSWD $INCLUDFILE | wc -l) -gt 0 ]; then + if [ $(grep -c $NOPASSWD $INCLUDFILE) -gt 0 ]; then crit "$NOPASSWD is set on $INCLUDFILE, it's error conf" FNRET=1 else diff --git a/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh b/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh index 9dcf3ea..38ea420 100755 --- a/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh +++ b/bin/hardening/10.1.8_remove_noauthenticate_sudoers.sh @@ -28,7 +28,7 @@ audit () FNRET=1 else ok "$NOAUTH is not set on $FILE, it's ok" - if [ $(grep $NOAUTH $INCLUDFILE | wc -l) -gt 0 ]; then + if [ $(grep -c $NOAUTH $INCLUDFILE) -gt 0 ]; then crit "$NOAUTH is set on $INCLUDFILE, it's error conf" FNRET=1 else diff --git a/bin/hardening/5.9_disable_ctrl_alt_del_target.sh b/bin/hardening/5.9_disable_ctrl_alt_del_target.sh index 194c772..ae1b77b 100755 --- a/bin/hardening/5.9_disable_ctrl_alt_del_target.sh +++ b/bin/hardening/5.9_disable_ctrl_alt_del_target.sh @@ -18,7 +18,7 @@ TARGETNAME='ctrl-alt-del.target' # This function will be called if the script status is on enabled / audit mode audit () { - if [ $(find /lib/systemd/ /etc/systemd/ -name ctrl-alt-del.target -exec ls -l {} \; | grep "/dev/null" | wc -l) -ne $(find /lib/systemd/ /etc/systemd/ -name ctrl-alt-del.target -exec ls -l {} \; | wc -l) ]; then + if [ $(find /lib/systemd/ /etc/systemd/ -name ctrl-alt-del.target -exec ls -l {} \; | grep -c "/dev/null") -ne $(find /lib/systemd/ /etc/systemd/ -name ctrl-alt-del.target -exec ls -l {} \; | wc -l) ]; then crit "$TARGETNAME is enabled." FNRET=1 else diff --git a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh index 122be07..042830f 100755 --- a/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh +++ b/bin/hardening/6.17_ensure_virul_scan_server_is_enabled.sh @@ -17,8 +17,8 @@ VIRULSERVER='clamav-daemon' # This function will be called if the script status is on enabled / audit mode audit () { - if [ $(dpkg -l | grep $VIRULSERVER | wc -l) -ge 1 ]; then - if [ $(systemctl | grep $VIRULSERVER | grep "active running" | wc -l) -ne 1 ]; then + if [ $(dpkg -l | grep -c $VIRULSERVER) -ge 1 ]; then + if [ $(systemctl | grep $VIRULSERVER | grep -c "active running") -ne 1 ]; then crit "$VIRULSERVER is not runing" FNRET=2 else diff --git a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh index f1e2dd6..12b955b 100755 --- a/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh +++ b/bin/hardening/6.18_ensure_virusscan_program_update_is_enabled.sh @@ -19,7 +19,7 @@ UPDATE_SERVER='clamav-freshclam' # This function will be called if the script status is on enabled / audit mode audit () { - if [ $(systemctl | grep $VIRULSERVER | grep "active running" | wc -l) -ne 1 ]; then + if [ $(systemctl | grep $VIRULSERVER | grep -c "active running") -ne 1 ]; then crit "$VIRULSERVER is not runing" FNRET=1 else diff --git a/bin/hardening/7.1.3_disable_interface_promisc_mode.sh b/bin/hardening/7.1.3_disable_interface_promisc_mode.sh index b1b5373..e54fc3a 100755 --- a/bin/hardening/7.1.3_disable_interface_promisc_mode.sh +++ b/bin/hardening/7.1.3_disable_interface_promisc_mode.sh @@ -18,7 +18,7 @@ KEYWORD='promisc' # This function will be called if the script status is on enabled / audit mode audit () { - COUNT=$(ip link | grep -i "${KEYWORD}" | wc -l) + COUNT=$(ip link | grep -ic "${KEYWORD}") if [ $COUNT -gt 0 ]; then crit "The total number of network interfaces with ${KEYWORD} mode set is ${COUNT}" FNRET=1 diff --git a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh index e1953bb..39bf172 100755 --- a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh +++ b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh @@ -32,7 +32,7 @@ audit () { FNRET=2 else ok "$FILE exists, checking configuration" - VALUE=$(grep -v "^#" $FILE | grep -i "$PATTERN" | wc -l) + VALUE=$(grep -v "^#" $FILE | grep -ic "$PATTERN") if [ $VALUE -gt 0 ]; then VALUE=$(grep $PATTERN $FILE | grep -v '^#' | awk -F= '{print $2}') if [ $VALUE == $SETVALUE ]; then diff --git a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh index 9c24bde..ac9332f 100755 --- a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh +++ b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh @@ -32,7 +32,7 @@ audit () { FNRET=2 else ok "$FILE exists, checking configuration" - VALUE=$(grep -v "^#" $FILE | grep -i "$PATTERN" | wc -l) + VALUE=$(grep -v "^#" $FILE | grep -ic "$PATTERN") if [ $VALUE -gt 0 ]; then VALUE=$(grep $PATTERN $FILE | grep -v '^#' | awk -F= '{print $2}') if [ $VALUE == $SETVALUE ]; then