Style improvements and command replacements

2025-07-27 15:54:09 +02:00 · 2016-09-08 21:04:17 +02:00 · 2016-09-08 21:04:17 +02:00 · 82ededed31
commit 82ededed31
parent 81d8486cb0
25 changed files with 333 additions and 350 deletions
--- a/include/tests_accounting
+++ b/include/tests_accounting
@ -36,7 +36,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f ${ROOTDIR}var/account/acct ]; then
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
-            LogText "Result: /var/account/acct available"
+            LogText "Result: ${ROOTDIR}var/account/acct available"
            AddHP 3 3
        else
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW
@ -53,9 +53,9 @@
    # Description : Check availability OpenBSD accounting data
    Register --test-no ACCT-2760 --os OpenBSD --weight L --network NO --category security --description "Check for available OpenBSD accounting information"
    if [ ${SKIPTEST} -eq 0 ]; then
-        if [ -f /var/account/acct ]; then
+        if [ -f ${ROOTDIR}var/account/acct ]; then
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
-            LogText "Result: /var/account/acct available"
+            LogText "Result: ${ROOTDIR}var/account/acct available"
            AddHP 3 3
        else
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW
@ -104,7 +104,7 @@
        LogText "Test: check /etc/default/sysstat presence"
        if [ -f ${ROOTDIR}etc/default/sysstat ]; then
            LogText "Result: ${ROOTDIR}etc/default/sysstat found"
-            FIND=`${GREPBINARY} "^ENABLED" ${ROOTDIR}etc/default/sysstat | ${GREPBINARY} -i true`
+            FIND=$(${GREPBINARY} "^ENABLED" ${ROOTDIR}etc/default/sysstat | ${GREPBINARY} -i true)
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: sysstat enabled via ${ROOTDIR}etc/default/sysstat"
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN
@ -114,8 +114,8 @@
                ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (disabled)"
            fi
        elif [ -f ${ROOTDIR}etc/cron.d/sysstat ]; then
-            FIND=`${GREPBINARY} -v '^[[:space:]]*\(#\|$\)' ${ROOTDIR}etc/cron.d/sysstat`
+            FIND=$(${GREPBINARY} -v '^[[:space:]]*\(#\|$\)' ${ROOTDIR}etc/cron.d/sysstat)
-            if [ ! "${FIND}" = "" ]; then
+            if [ ! -z "${FIND}" ]; then
                LogText "Result: sysstat enabled via ${ROOTDIR}etc/cron.d/sysstat"
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN
            else
@ -163,12 +163,12 @@
 #
    # Test        : ACCT-9630
    # Description : Check auditd rules
-    if [ ! "${AUDITDBINARY}" = "" -a ! "${AUDITCTLBINARY}" = "" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ ! -z "${AUDITDBINARY}" -a ! -z "${AUDITCTLBINARY}" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for auditd rules"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd rules"
-        FIND=`${AUDITCTLBINARY} -l | ${GREPBINARY} -v "No rules"`
+        FIND=$(${AUDITCTLBINARY} -l | ${GREPBINARY} -v "No rules")
-        if [ "${FIND}" = "" ]; then
+        if [ -z "${FIND}" ]; then
            LogText "Result: auditd rules empty"
            Display --indent 4 --text "- Checking audit rules" --result "${STATUS_SUGGESTION}" --color YELLOW
            AddHP 0 2
@ -177,10 +177,10 @@
            LogText "Result: found auditd rules"
            Display --indent 4 --text "- Checking audit rules" --result "${STATUS_OK}" --color GREEN
            # Log audit daemon rules
-            FIND=`${AUDITCTLBINARY} -l | sed 's/ /!space!/g'`
+            FIND=$(${AUDITCTLBINARY} -l | ${SEDBINARY} 's/ /!space!/g')
-            for I in ${FIND}; do
+            for RULE in ${FIND}; do
-                I=`echo ${I} | sed 's/!space!/ /g'`
+                RULE=$(echo ${RULE} | ${SEDBINARY} 's/!space!/ /g')
-                LogText "Output: ${I}"
+                LogText "Output: ${RULE}"
            done
        fi
    fi
@ -193,12 +193,12 @@
    Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd configuration file"
-        for I in ${AUDITD_CONF_LOCS}; do
+        for DIR in ${AUDITD_CONF_LOCS}; do
-            if [ -f ${I}/auditd.conf ]; then
+            if [ -f ${DIR}/auditd.conf ]; then
-                AUDITD_CONF_FILE="${I}/auditd.conf"
+                AUDITD_CONF_FILE="${DIR}/auditd.conf"
-                LogText "Result: Found ${I}/auditd.conf"
+                LogText "Result: Found ${DIR}/auditd.conf"
            else
-                LogText "Result: ${I}/auditd.conf not found"
+                LogText "Result: ${DIR}/auditd.conf not found"
            fi
        done
        # Check if we discovered the configuration file. It should be there is the binaries are available and process is running
@ -215,12 +215,12 @@
 #
    # Test        : ACCT-9634
    # Description : Check auditd log file
-    if [ ! "${AUDITDBINARY}" = "" -a ${LINUX_AUDITD_RUNNING} -eq 1 -a ! "${AUDITD_CONF_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ ! -z "${AUDITDBINARY}" -a ${LINUX_AUDITD_RUNNING} -eq 1 -a ! -z "${AUDITD_CONF_FILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd log file"
-        FIND=`${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }'`
+        FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }')
-        if [ ! "${FIND}" = "" ]; then
+        if [ ! -z "${FIND}" ]; then
            LogText "Result: log file is defined"
            LogText "Defined value: ${FIND}"
            if [ -f ${FIND} ]; then
@ -251,7 +251,7 @@
            Display --indent 2 --text "- Checking Snoopy" --result "${STATUS_FOUND}" --color GREEN
            if [ -f ${ROOTDIR}etc/ld.so.preload ]; then
                LogText "Result: found ${ROOTDIR}etc/ld.so.preload, testing if snoopy.so is listed"
-                FIND=`${GREPBINARY} ${FILE} ${ROOTDIR}etc/ld.so.preload`
+                FIND=$(${GREPBINARY} ${FILE} ${ROOTDIR}etc/ld.so.preload)
                if [ ! "${FIND}" = "" ]; then
                    LogText "Result: found snoopy in ld.so.preload"
                    LogText "Output: ${FIND}"
@ -297,8 +297,8 @@
    Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check auditd SMF status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if auditd service is enabled and online"
-        FIND=`/usr/bin/svcs svc:/system/auditd:default | ${GREPBINARY} "^online"`
+        FIND=$(/usr/bin/svcs svc:/system/auditd:default | ${GREPBINARY} "^online")
-        if [ ! "${FIND}" = "" ]; then
+        if [ ! -z "${FIND}" ]; then
            LogText "Result: auditd service is online"
            Display --indent 4 --text "- Checking Solaris audit daemon status" --result "${STATUS_ON}"LINE --color GREEN
        else
@ -316,8 +316,8 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if BSM is enabled in ${ROOTDIR}etc/system"
        if [ -f ${ROOTDIR}etc/system ]; then
-            FIND=`${GREPBINARY} 'set c2audit:audit_load = 1' ${ROOTDIR}etc/system`
+            FIND=$(${GREPBINARY} 'set c2audit:audit_load = 1' ${ROOTDIR}etc/system)
-            if [ ! "${FIND}" = "" ]; then
+            if [ ! -z "${FIND}" ]; then
                LogText "Result: BSM is enabled in ${ROOTDIR}etc/system"
                Display --indent 4 --text "- Checking Solaris BSM (${ROOTDIR}etc/system)" --result "${STATUS_ENABLED}" --color GREEN
            else
@ -332,12 +332,13 @@
 #
    # Test        : ACCT-9656
    # Description : Check Solaris BSM (c2audit) module status
    # Notes       : todo - replace direct binary call
    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in module list"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if c2audit module is active"
        if [ -x /usr/sbin/modinfo ]; then
-            FIND=`/usr/sbin/modinfo | ${GREPBINARY} c2audit`
+            FIND=$(/usr/sbin/modinfo | ${GREPBINARY} c2audit)
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: c2audit found in modinfo output"
                Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result "${STATUS_ENABLED}" --color GREEN
@ -360,7 +361,7 @@
        LogText "Test: check /etc/security/audit_control for event logging location"
        if [ -f ${ROOTDIR}etc/security/audit_control ]; then
            LogText "Result: file ${ROOTDIR}etc/security/audit_control found"
-            FIND=`${GREPBINARY} "^dir" ${ROOTDIR}etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }'`
+            FIND=$(${GREPBINARY} "^dir" ${ROOTDIR}etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }')
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: found location ${FIND}"
                LogText "Test: Checking if location is a valid directory"
@ -392,9 +393,9 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check auditing statistics"
        if [ -x /usr/sbin/auditstat ]; then
-            FIND=`/usr/sbin/auditstat | tr -s ' ' ','`
+            FIND=$(/usr/sbin/auditstat | ${TRBINARY} -s ' ' ',')
-            for I in ${FIND}; do
+            for ITEM in ${FIND}; do
-                LogText "Output: ${I}"
+                LogText "Output: ${ITEM}"
            done
            Display --indent 4 --text "- Checking Solaris audit statistics" --result "${STATUS_DONE}" --color GREEN
        else
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -40,7 +40,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        # Search accounts with UID 0
        LogText "Test: Searching accounts with UID 0"
-        FIND=$(${GREPBINARY} ':0:' /etc/passwd | ${EGREPBINARY} -v '^#|^root:|^(\+:\*)?:0:0:::' | cut -d ":" -f1,3 | ${GREPBINARY} ':0')
+        FIND=$(${GREPBINARY} ':0:' /etc/passwd | ${EGREPBINARY} -v '^#|^root:|^(\+:\*)?:0:0:::' | ${CUTBINARY} -d ":" -f1,3 | ${GREPBINARY} ':0')
        if [ ! "${FIND}" = "" ]; then
            Display --indent 2 --text "- Administrator accounts" --result "${STATUS_WARNING}" --color RED
            LogText "Result: Found more than one administrator accounts"
@ -74,7 +74,7 @@
        fi
        # Check password file
        if [ -f ${PASSWD_FILE} ]; then
-            FIND=$(${GREPBINARY} -v '^#' ${PASSWD_FILE} | cut -d ':' -f3 | ${SORTBINARY} | uniq -d)
+            FIND=$(${GREPBINARY} -v '^#' ${PASSWD_FILE} | ${CUTBINARY} -d ':' -f3 | ${SORTBINARY} | uniq -d)
            if [ "${FIND}" = "" ]; then
                Display --indent 2 --text "- Unique UIDs" --result "${STATUS_OK}" --color GREEN
                LogText "Result: all accounts found in ${PASSWD_FILE} are unique"
@ -158,13 +158,13 @@
        LogText "Test: Checking login shells"
        if [ -f /etc/master.passwd ]; then
            # Check for all shells, except: (/usr)/sbin/nologin /nonexistent
-            FIND=`${GREPBINARY} "[a-z]:\*:" /etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | sed 's/ /!space!/g'`
+            FIND=`${GREPBINARY} "[a-z]:\*:" /etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g'`
            if [ "${FIND}" = "" ]; then
                Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN
            else
                Display --indent 2 --text "- Login shells" --result "${STATUS_WARNING}" --color RED
                for LINE in ${FIND}; do
-                    LINE=$(echo ${LINE} | sed 's/!space!/ /g')
+                    LINE=$(echo ${LINE} | ${SEDBINARY} 's/!space!/ /g')
                    SHELL=$(echo ${LINE} | ${AWKBINARY} -F: '{ print $10 }')
                    LogText "Output: ${LINE}"
                    if [ -z "${SHELL}" ]; then
@ -420,7 +420,7 @@
    Register --test-no AUTH-9252 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sudoers file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking sudoers file (${SUDOERS_FILE}) permissions"
-        FIND=`ls -l ${SUDOERS_FILE} | cut -c 2-10`
+        FIND=`ls -l ${SUDOERS_FILE} | ${CUTBINARY} -c 2-10`
        LogText "Result: Found file permissions: ${FIND}"
        if [ "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "r--r-----" ]; then
            LogText "Result: file ${SUDOERS_FILE} has correct permissions"
@ -530,13 +530,13 @@
            LogText "Result: file /etc/pam.conf exists"
            Display --indent 2 --text "- PAM configuration files (pam.conf)" --result "${STATUS_FOUND}" --color GREEN
            LogText "Test: searching PAM configuration files"
-            FIND=$(${EGREPBINARY} -v "^#" /etc/pam.conf | ${EGREPBINARY} -v "^$" | sed 's/[[:space:]]/ /g' | sed 's/  / /g' | sed 's/ /:space:/g')
+            FIND=$(${EGREPBINARY} -v "^#" /etc/pam.conf | ${EGREPBINARY} -v "^$" | ${SEDBINARY} 's/[[:space:]]/ /g' | ${SEDBINARY} 's/  / /g' | ${SEDBINARY} 's/ /:space:/g')
            if [ "${FIND}" = "" ]; then
                LogText "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)"
            else
                LogText "Result: found one or more configuration lines"
                for LINE in ${FIND}; do
-                    LINE=$(echo ${LINE} | sed 's/:space:/ /g')
+                    LINE=$(echo ${LINE} | ${SEDBINARY} 's/:space:/ /g')
                    LogText "Found line: ${LINE}"
                done
            fi
@ -926,7 +926,7 @@
            if [ ! -z "${FIND}" ]; then
                LogText "Result: found /etc/profile.d, with one or more files in it"
                for FILE in ${FIND}; do
-                    HAS_MASK=$(${GREPBINARY} umask ${FILE} | sed 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }')
+                    HAS_MASK=$(${GREPBINARY} umask ${FILE} | ${SEDBINARY} 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }')
                    for MASK in ${HAS_MASK}; do
                        if [ "${MASK}" = "077" -o "${MASK}" = "027" ]; then
                            LogText "Result: found a strong umask '${MASK}' set in ${FILE}"
@ -949,8 +949,8 @@
        if [ -f /etc/profile -a ${GOOD_UMASK} -eq 0 ]; then
            LogText "Result: file /etc/profile exists"
            LogText "Test: Checking umask value in /etc/profile"
-            FIND=$(${GREPBINARY} "umask" /etc/profile | sed 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }')
+            FIND=$(${GREPBINARY} "umask" /etc/profile | ${SEDBINARY} 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }')
-            FIND2=$(${GREPBINARY} "umask" /etc/profile | sed 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }' | wc -l)
+            FIND2=$(${GREPBINARY} "umask" /etc/profile | ${SEDBINARY} 's/^[ \t]*//' | ${GREPBINARY} -v "^#" | ${AWKBINARY} '{ print $2 }' | wc -l)
            FOUND_UMASK=0
            if [ "${FIND2}" = "0" ]; then
                LogText "Result: did not find umask in /etc/profile"
@ -1092,7 +1092,7 @@
            FOUND=0
            WEAK_UMASK=0
            LogText "Result: file /etc/login.conf exists"
-            FIND=`${GREPBINARY} "umask" /etc/login.conf | sed 's/#.*//' | sed -E 's/^[[:cntrl:]]//' | ${GREPBINARY} -v '^$' | ${AWKBINARY} -F: '{ print $2}' | ${AWKBINARY} -F= '{ if ($1=="umask") { print $2 }}'`
+            FIND=`${GREPBINARY} "umask" /etc/login.conf | ${SEDBINARY} 's/#.*//' | ${SEDBINARY} -E 's/^[[:cntrl:]]//' | ${GREPBINARY} -v '^$' | ${AWKBINARY} -F: '{ print $2}' | ${AWKBINARY} -F= '{ if ($1=="umask") { print $2 }}'`
            if [ ! "${FIND}" = "" ]; then
                for UMASK_VALUE in ${FIND}; do
                    case ${UMASK_VALUE} in
--- a/include/tests_boot_services
+++ b/include/tests_boot_services
@ -37,13 +37,14 @@
    # Test        : BOOT-5102
    # Description : Check for AIX boot device
    # Notes       : The AIX bootstrap is called as software ROS. Bootstrap contains IPL (Initial Program loader)
    #               TODO - binary detection of bootinfo and replace with variable
    Register --test-no BOOT-5102 --os AIX --weight L --network NO --root-only YES --category security --description "Check for AIX boot device"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        LogText "Test: Query bootinfo for AIX boot device"
        if [ -x /usr/sbin/bootinfo ]; then
-            FIND=`/usr/sbin/bootinfo -b`
+            FIND=$(/usr/sbin/bootinfo -b)
-            if [ ! "${FIND}" = "" ]; then
+            if [ ! -z "${FIND}" ]; then
                LogText "Result: found boot device ${FIND}"
                Display --indent 2 --text "- Checking boot device (bootinfo)" --result "${STATUS_FOUND}" --color GREEN
                BOOT_LOADER="ROS"
@ -117,7 +118,7 @@
                fi
            ;;
            "DragonFly"|"NetBSD"|"FreeBSD")
-                if [ -x /sbin/init -a -d /etc/rc.d -a -f /etc/rc ]; then
+                if [ -x /sbin/init -a -d ${ROOTDIR}etc/rc.d -a -f ${ROOTDIR}etc/rc ]; then
                    SERVICE_MANAGER="bsdrc"
                fi
            ;;
@ -138,7 +139,7 @@
    # Description : Check if boot.efi is found on Mac OS X
    Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X"
    if [ ${SKIPTEST} -eq 0 ]; then
-        FileExists /System/Library/CoreServices/boot.efi
+        FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi
        if [ ${FILE_FOUND} -eq 1 ]; then
            LogText "Result: found Mac OS X boot.efi file"
            BOOT_LOADER="MacOS-boot-EFI"
@ -152,7 +153,7 @@
    # Description : Check for Syslinux
    Register --test-no BOOT-5108 --os "Linux" --weight L --network NO --root-only YES --category security --description "Check Syslinux as bootloader"
    if [ ${SKIPTEST} -eq 0 ]; then
-        FileExists /boot/syslinux/syslinux.cfg
+        FileExists ${ROOTDIR}boot/syslinux/syslinux.cfg
        if [ ${FILE_FOUND} -eq 1 ]; then
            LogText "Result: found Syslinux"
            BOOT_LOADER="Syslinux"
@ -172,7 +173,7 @@
                UEFI_TESTS_PERFORMED=1
                # Check if UEFI is available in this boot
                LogText "Test: checking if UEFI is used"
-                if [ -d /sys/firmware/efi ]; then
+                if [ -d ${ROOTDIR}sys/firmware/efi ]; then
                    LogText "Result: system booted in UEFI mode"
                    UEFI_BOOTED=1
                else
@ -181,17 +182,18 @@
                # Test if Secure Boot is enabled
                LogText "Test: determine if Secure Boot is used"
-                if [ -d /sys/firmware/efi/efivars ]; then
+                if [ -d ${ROOTDIR}sys/firmware/efi/efivars ]; then
-                    FIND=`ls /sys/firmware/efi/efivars/SecureBoot-* 2> /dev/null`
+                    FIND=$(${LSBINARY} ${ROOTDIR}sys/firmware/efi/efivars/SecureBoot-* 2> /dev/null)
-                    if [ ! "${FIND}" = "" ]; then
+                    if [ ! -z "${FIND}" ]; then
-                        for I in ${FIND}; do
+                        for FILE in ${FIND}; do
-                            LogText "Test: checking file ${I}"
+                            LogText "Test: checking file ${FILE}"
-                            J=`od -An -t u1 ${I} | ${AWKBINARY} '{ print $5 }'`
+                            # TODO: add detection for od
                            J=$(od -An -t u1 ${FILE} | ${AWKBINARY} '{ print $5 }')
                            if [ "${J}" = "1" ]; then
                                LogText "Result: found SecureBoot file with enabled status"
                                UEFI_BOOTED_SECURE=1
                            else
-                                LogText "Result: system not booted with Secure Boot (status 0 in file ${I})"
+                                LogText "Result: system not booted with Secure Boot (status 0 in file ${FILE})"
                            fi
                        done
                    fi
@ -200,7 +202,7 @@
                fi
            ;;
            #MacOS)
-            # Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
+            # TODO: Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
            #;;
            *)
                LogText "Result: no test implemented yet to test for UEFI on this platform"
@ -254,8 +256,9 @@
        fi
        # Some OSes like Gentoo do not have /boot mounted by default
        # TODO: root directory and rewrite ls statement
        if [ -d /boot ]; then
-            if [ "`ls /boot/* 2> /dev/null`" = "" -a ! "${GRUB2INSTALLBINARY}" = "" ]; then
+            if [ "`ls /boot/* 2> /dev/null`" = "" -a ! -z "${GRUB2INSTALLBINARY}" ]; then
                BOOT_LOADER_FOUND=1
                LogText "Result: found empty /boot, however with GRUB2 binary installed. Best guess is that GRUB2 is actually installed, but /boot not mounted"
                Display --indent 2 --text "- Checking presence GRUB2" --result "POSSIBLE MATCH" --color YELLOW
@ -279,16 +282,16 @@
        LogText "Found file ${GRUBCONFFILE}, proceeding with tests."
        FileIsReadable ${GRUBCONFFILE}
        if [ ${CANREAD} -eq 1 ]; then
-            FIND=`${GREPBINARY} 'password --md5' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#'`
+            FIND=$(${GREPBINARY} 'password --md5' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#')
-            FIND2=`${GREPBINARY} 'password --encrypted' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#'`
+            FIND2=$(${GREPBINARY} 'password --encrypted' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#')
-            FIND3=`${GREPBINARY} 'set superusers' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#'`
+            FIND3=$(${GREPBINARY} 'set superusers' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#')
-            FIND4=`${GREPBINARY} 'password_pbkdf2' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#'`
+            FIND4=$(${GREPBINARY} 'password_pbkdf2' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#')
-            FIND5=`${GREPBINARY} 'grub.pbkdf2' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#'`
+            FIND5=$(${GREPBINARY} 'grub.pbkdf2' ${GRUBCONFFILE} | ${GREPBINARY} -v '^#')
            # GRUB1: Password should be set (MD5 or SHA1)
-            if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then
+            if [ ! -z "${FIND}" -o ! -z "${FIND2}" ]; then
                FOUND=1
            # GRUB2: Superusers AND password should be defined
-            elif [ ! "${FIND3}" = "" ]; then
+            elif [ ! -z "${FIND3}" ]; then
                if [ ! -z "${FIND4}" -o ! -z "${FIND5}" ]; then FOUND=1; fi
            fi
            if [ ${FOUND} -eq 1 ]; then
@ -313,13 +316,13 @@
    Register --test-no BOOT-5124 --os FreeBSD --weight L --network NO --category security --description "Check for FreeBSD boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
-        if [ -f /boot/boot1 -a -f /boot/boot2 -a -f /boot/loader ]; then
+        if [ -f ${ROOTDIR}boot/boot1 -a -f ${ROOTDIR}boot/boot2 -a -f ${ROOTDIR}boot/loader ]; then
-            LogText "Result: found boot1, boot2 and loader files in /boot"
+            LogText "Result: found boot1, boot2 and loader files in ${ROOTDIR}boot"
            Display --indent 2 --text "- Checking presence FreeBSD loader" --result "${STATUS_FOUND}" --color GREEN
            BOOT_LOADER="FreeBSD"
            BOOT_LOADER_FOUND=1
        else
-            LogText "Result: Not all expected files found in /boot"
+            LogText "Result: Not all expected files found in ${ROOTDIR}boot"
        fi
    fi
 #
@ -330,7 +333,7 @@
    Register --test-no BOOT-5126 --os NetBSD --weight L --network NO --category security --description "Check for NetBSD boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
-        if [ -f /boot.${HARDWARE} -o -f /boot -o -f /ofwboot ]; then
+        if [ -f ${ROOTDIR}boot.${HARDWARE} -o -f ${ROOTDIR}boot -o -f ${ROOTDIR}ofwboot ]; then
            LogText "Result: found NetBSD secondary bootstrap"
            Display --indent 2 --text "- Checking presence NetBSD loader" --result "${STATUS_FOUND}" --color GREEN
            BOOT_LOADER="NetBSD"
@ -349,7 +352,7 @@
    Register --test-no BOOT-5139 --weight L --network NO --category security --description "Check for LILO boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
-        LILOCONFFILE="/etc/lilo.conf"
+        LILOCONFFILE="${ROOTDIR}etc/lilo.conf"
        LogText "Test: checking for presence LILO configuration file"
        if [ -f ${LILOCONFFILE} ]; then
            FileIsReadable ${LILOCONFFILE}
@ -358,8 +361,8 @@
                BOOT_LOADER_FOUND=1
                Display --indent 2 --text "- Checking presence LILO" --result "${STATUS_OK}" --color GREEN
                LogText "Checking password option LILO"
-                FIND=`${EGREPBINARY} 'password[[:space:]]?=' ${LILOCONFFILE} | ${GREPBINARY} -v "^#"`
+                FIND=$(${EGREPBINARY} 'password[[:space:]]?=' ${LILOCONFFILE} | ${GREPBINARY} -v "^#")
-                if [ "${FIND}" = "" ]; then
+                if [ -z "${FIND}" ]; then
                    Display --indent 4 --text "- Password option presence " --result "${STATUS_WARNING}" --color RED
                    LogText "Result: no password set for LILO. Bootloader is unprotected to"
                    LogText "dropping to single user mode or unauthorized access to devices/data."
@ -397,26 +400,6 @@
    fi
 #
 #################################################################################
 #
    # Test        : BOOT-5144
    # Description : Check for SILO boot loader consistency
    # Notes       : To be tested on Gentoo
 #    Register --test-no BOOT-5144 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #        if [ -f /etc/silo.conf -a -x /sbin/silo ]; then
 #            FIND=`/sbin/silo | ${GREPBINARY} "appears to be valid"`
 #            if [ ! "${FIND}" = "" ]; then
 #                LogText "Result: Found SILO configuration file (/etc/silo.conf)"
 #                Display --indent 6 --text "- Checking SILO consistency" --result "${STATUS_OK}" --color GREEN
 #              else
 #                LogText "Result: no positive result received from silo binary"
 #                ReportWarning ${TEST_NO} "Possible issue with boot loader (SILO)"
 #                Display --indent 6 --text "- Checking SILO consistency" --result "${STATUS_WARNING}" --color RED
 #            fi
 #        fi
 #    fi
 #
 #################################################################################
 #
    # Test        : BOOT-5155
    # Description : Check for YABOOT boot loader
@ -446,35 +429,33 @@
        # Boot files
        # /usr/mdec/biosboot: first stage bootstrap
        # /boot             : second stage bootstrap
-        if [ -f /usr/mdec/biosboot -a -f /boot ]; then
+        if [ -f ${ROOTDIR}usr/mdec/biosboot -a -f ${ROOTDIR}boot ]; then
            FOUND=1
        fi
        # Configuration file
-        if [ -f /etc/boot.conf ]; then
+        if [ -f ${ROOTDIR}etc/boot.conf ]; then
            FOUND=1
-            Display --indent 2 --text "- Checking /etc/boot.conf" --result "${STATUS_FOUND}" --color GREEN
+            Display --indent 2 --text "- Checking ${ROOTDIR}etc/boot.conf" --result "${STATUS_FOUND}" --color GREEN
-            FIND=`${GREPBINARY} '^boot' /etc/boot.conf`
+            FIND=$(${GREPBINARY} '^boot' ${ROOTDIR}etc/boot.conf)
-            if [ "${FIND}" = "" ]; then
+            if [ -z "${FIND}" ]; then
                Display --indent 4 --text "- Checking boot option" --result "${STATUS_WARNING}" --color RED
-                #ReportSuggestion ${TEST_NO} "Add 'boot' to the /etc/boot.conf file to disable the default 5 seconds waiting time, to disallow booting into single user mode."
+                #ReportSuggestion ${TEST_NO} "Add 'boot' to the ${ROOTDIR}etc/boot.conf file to disable the default 5 seconds waiting time, to disallow booting into single user mode."
                ReportWarning ${TEST_NO} "System can be booted into single user mode without password"
            else
                Display --indent 4 --text "- Checking boot option" --result "${STATUS_OK}" --color GREEN
                LogText "Ok, boot option is enabled."
            fi
        else
-            Display --indent 2 --text "- Checking /etc/boot.conf" --result "${STATUS_NOT_FOUND}" --color YELLOW
+            Display --indent 2 --text "- Checking ${ROOTDIR}etc/boot.conf" --result "${STATUS_NOT_FOUND}" --color YELLOW
-            LogText "Result: no /etc/boot.conf found. When using the default boot loader, physical"
+            LogText "Result: no ${ROOTDIR}etc/boot.conf found. When using the default boot loader, physical"
            LogText "access to the server can be used to possibly enter single user mode."
-            ReportSuggestion ${TEST_NO} "Add 'boot' to the /etc/boot.conf file to disable the default 5 seconds waiting time."
+            ReportSuggestion ${TEST_NO} "Add 'boot' to the ${ROOTDIR}etc/boot.conf file to disable the default 5 seconds waiting time."
        fi
        if [ ${FOUND} -eq 1 ]; then
            LogText "Result: found OpenBSD boot loader"
            BOOT_LOADER="OpenBSD"
            BOOT_LOADER_FOUND=1
        fi
    fi
 #
 #################################################################################
@ -494,11 +475,11 @@
        if [ ! "${SERVICEBINARY}" = "" ]; then
            # FreeBSD (Ask services(8) for enabled services)
            LogText "Searching for services at startup (service)"
-            FIND=`${SERVICEBINARY} -e | sed 's|^.*\/||' | sort`
+            FIND=$(${SERVICEBINARY} -e | ${SEDBINARY} 's|^.*\/||' | ${SORTBINARY})
        else
            # FreeBSD (Read /etc/rc.conf file for enabled services)
            LogText "Searching for services at startup (rc.conf)"
-            FIND=`${EGREPBINARY} -v -i '^#|none' /etc/rc.conf | ${EGREPBINARY} -i '_enable.*(yes|on|1)' | ${SORTBINARY} | ${AWKBINARY} -F= '{ print $1 }' | sed 's/_enable//'`
+            FIND=$(${EGREPBINARY} -v -i '^#|none' /etc/rc.conf | ${EGREPBINARY} -i '_enable.*(yes|on|1)' | ${SORTBINARY} | ${AWKBINARY} -F= '{ print $1 }' | ${SEDBINARY} 's/_enable//')
        fi
        N=0
        for I in ${FIND}; do
@ -521,11 +502,11 @@
        CHECKED=0
        LogText "Test: checking presence systemctl binary"
        # Determine if we have systemctl on board
-        if [ ! "${SYSTEMCTLBINARY}" = "" ]; then
+        if [ ! -z "${SYSTEMCTLBINARY}" ]; then
            LogText "Result: systemctl binary found, trying that to discover information"
            # Running services
            LogText "Searching for running services (systemctl services only)"
-            FIND=`${SYSTEMCTLBINARY} --full --type=service | ${AWKBINARY} '{ if ($4=="running") { print $1 } }' | ${AWKBINARY} -F. '{ print $1 }'`
+            FIND=$(${SYSTEMCTLBINARY} --full --type=service | ${AWKBINARY} '{ if ($4=="running") { print $1 } }' | ${AWKBINARY} -F. '{ print $1 }')
            N=0
            Report "running_service_tool=systemctl"
            for I in ${FIND}; do
@ -540,7 +521,7 @@
            # Services at boot
            LogText "Searching for enabled services (systemctl services only)"
-            FIND=`${SYSTEMCTLBINARY} list-unit-files --type=service | ${AWKBINARY} '{ if ($2=="enabled") { print $1 } }' | ${AWKBINARY} -F. '{ print $1 }'`
+            FIND=$(${SYSTEMCTLBINARY} list-unit-files --type=service | ${AWKBINARY} '{ if ($2=="enabled") { print $1 } }' | ${AWKBINARY} -F. '{ print $1 }')
            N=0
            Report "boot_service_tool=systemctl"
            for I in ${FIND}; do
@ -554,11 +535,12 @@
            LogText "Result: Found $N running services"
          else
            LogText "Result: systemctl binary not found, checking chkconfig binary"
-            if [ ! "${CHKCONFIGBINARY}" = "" ]; then
+            if [ ! -z "${CHKCONFIGBINARY}" ]; then
                LogText "Result: chkconfig binary found, trying that to discover information"
                LogText "Searching for services at startup (chkconfig, runlevel 3 and 5)"
-                FIND=`${CHKCONFIGBINARY} --list | ${EGREPBINARY} '3:on|5:on' | ${AWKBINARY} '{ print $1 }'`
+                FIND=$(${CHKCONFIGBINARY} --list | ${EGREPBINARY} '3:on|5:on' | ${AWKBINARY} '{ print $1 }')
                N=0
                Report "boot_service_tool=chkconfig"
                for I in ${FIND}; do
@ -585,22 +567,22 @@
    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Runlevel check
-        sRUNLEVEL=`${RUNLEVELBINARY} | ${GREPBINARY} "N [0-9]" | ${AWKBINARY} '{ print $2} '`
+        sRUNLEVEL=$(${RUNLEVELBINARY} | ${GREPBINARY} "N [0-9]" | ${AWKBINARY} '{ print $2} ')
        LogText "Result: found runlevel ${sRUNLEVEL}"
        if [ "${sRUNLEVEL}" = "2" ]; then
            LogText "Result: performing find in /etc/rc2.d as runlevel 2 is found"
-            FIND=`find /etc/rc2.d -type l -print | cut -d '/' -f4 | sed "s/S[0-9][0-9]//g" | sort`
+            FIND=$(${FINDBINARY} ${ROOTDIR}etc/rc2.d -type l -print | ${CUTBINARY} -d '/' -f4 | ${SEDBINARY} "s/S[0-9][0-9]//g" | sort)
            if [ ! "${FIND}" = "" ]; then
                N=0
-                for I in ${FIND}; do
+                for SERVICE in ${FIND}; do
-                    LogText "Found service (at boot, runlevel 2): ${I}"
+                    LogText "Found service (at boot, runlevel 2): ${SERVICE}"
                    N=$((N + 1))
                done
                Display --indent 2 --text "- Check services at startup (rc2.d)" --result "${STATUS_DONE}" --color WHITE
                Display --indent 4 --text "Result: found $N services"
                LogText "Result: found $N services"
            fi
-        elif [ "${sRUNLEVEL}" = "" ]; then
+        elif [ -z "${sRUNLEVEL}" ]; then
            ReportSuggestion ${TEST_NO} "Determine runlevel and services at startup"
        else
            LogText "Result: skipping further actions"
@ -614,7 +596,7 @@
    Register --test-no BOOT-5184 --os Linux --weight L --network NO --category security --description "Check permissions for boot files/scripts"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
-        CHECKDIRS="/etc/init.d /etc/rc.d /etc/rcS.d"
+        CHECKDIRS="${ROOTDIR}etc/init.d ${ROOTDIR}etc/rc.d ${ROOTDIR}etc/rcS.d"
        LogText "Result: checking /etc/init.d scripts for writable bit"
        for I in ${CHECKDIRS}; do
@ -622,8 +604,8 @@
            if [ -d ${I} ]; then
                LogText "Result: directory ${I} found"
                LogText "Test: checking for available files in directory"
-                FIND=`find ${I} -type f -print`
+                FIND=$(${FINDBINARY} ${I} -type f -print)
-                if [ ! "${FIND}" = "" ]; then
+                if [ ! -z "${FIND}" ]; then
                    LogText "Result: found files in directory, checking permissions now"
                    for J in ${FIND}; do
                        LogText "Test: checking permissions of file ${J}"
@ -645,8 +627,8 @@
        # /etc/rc[0-6].d
        for NO in 0 1 2 3 4 5 6; do
            LogText "Test: Checking /etc/rc${NO}.d scripts for writable bit"
-            if [ -d /etc/rc${NO}.d ]; then
+            if [ -d ${ROOTDIR}etc/rc${NO}.d ]; then
-                FIND=`find /etc/rc${NO}.d -type f -print`
+                FIND=$(${FINDBINARY} ${ROOTDIR}etc/rc${NO}.d -type f -print)
                for I in ${FIND}; do
                    if IsWorldWritable ${I}; then
                        FOUND=1
@ -659,7 +641,7 @@
        done
        # Other files
-        CHECKFILES="/etc/rc /etc/rc.local /etc/rc.d/rc.sysinit"
+        CHECKFILES="${ROOTDIR}etc/rc ${ROOTDIR}etc/rc.local ${ROOTDIR}etc/rc.d/rc.sysinit"
        for I in ${CHECKFILES}; do
            if [ -f ${I} ]; then
                ShowSymlinkPath "${I}"
@ -704,7 +686,7 @@
            Linux)
                # Idle time, not real uptime
                if [ -f /proc/uptime ]; then
-                    FIND=`cat /proc/uptime | cut -d ' ' -f1 | cut -d '.' -f1`
+                    FIND=$(cat /proc/uptime | ${CUTBINARY} -d ' ' -f1 | ${CUTBINARY} -d '.' -f1)
                else
                    Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW
                    ReportException "${TEST_NO}:1" "No uptime test available for this operating system (/proc/uptime missing)"
@ -712,8 +694,8 @@
                ;;
             DragonFly|FreeBSD|MacOS)
-                if [ ! "${SYSCTLBINARY}" = "" ]; then
+                if [ ! -z "${SYSCTLBINARY}" ]; then
-                    FIND=`${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | sed -e 's/,//' | ${GREPBINARY} "[0-9]"`
+                    FIND=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]")
                else
                    Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW
                    ReportException "${TEST_NO}:4" "No uptime test available for this operating system (sysctl missing)"
@ -722,11 +704,11 @@
             NetBSD|OpenBSD)
                if [ ! "${SYSCTLBINARY}" = "" ]; then
-                    TIME_BOOT=`${SYSCTLBINARY} -n kern.boottime`
+                    TIME_BOOT=$(${SYSCTLBINARY} -n kern.boottime)
-                    TIME_NOW=`date "+%s"`
+                    TIME_NOW=$(date "+%s")
                    LogText "Boot time: ${TIME_BOOT}"
                    LogText "Current time: ${TIME_NOW}"
-                    if [ ! "${TIME_BOOT}" = "" -a ! "${TIME_NOW}" = "" ]; then
+                    if [ ! -z "${TIME_BOOT}" -a ! -z "${TIME_NOW}" ]; then
                        UPTIME_IN_SECS=$((TIME_NOW - TIME_BOOT))
                    else
                        ReportException "${TEST_NO}:5" "Most likely kern.boottime empty, unable to determine uptime"
@ -738,8 +720,8 @@
                ;;
            Solaris)
-                if [ ! "${KSTATBINARY}" = "" ]; then
+                if [ ! -z "${KSTATBINARY}" ]; then
-                    FIND=`${KSTATBINARY} -p unix:0:system_misc:snaptime | ${GREPBINARY} "^unix" | ${AWKBINARY} '{print $2}' | cut -d "." -f1`
+                    FIND=$(${KSTATBINARY} -p unix:0:system_misc:snaptime | ${GREPBINARY} "^unix" | ${AWKBINARY} '{print $2}' | ${CUTBINARY} -d "." -f1)
                else
                    Display --indent 2 --text "- Checking uptime" --result "${STATUS_SKIPPED}" --color YELLOW
                    ReportException "${TEST_NO}:2" "No uptime test available for this operating system (kstat missing)"
@ -753,7 +735,7 @@
                ReportException "${TEST_NO}:3" "No uptime test available yet for this operating system"
                ;;
        esac
-        if [ ! "${FIND}" = "" ]; then
+        if [ ! -z "${FIND}" ]; then
            UPTIME_IN_SECS="${FIND}"
            UPTIME_IN_DAYS=$((UPTIME_IN_SECS / 60 / 60 / 24))
            LogText "Uptime (in seconds): ${UPTIME_IN_SECS}"
@ -771,13 +753,12 @@
    # Description : Check single user mode for systemd
    Register --test-no BOOT-5260 --weight L --network NO --category security --description "Check single user mode for systemd"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if file exists
        LogText "Test: Searching /usr/lib/systemd/system/rescue.service"
-         if [ -f /usr/lib/systemd/system/rescue.service ]; then
+        if [ -f ${ROOTDIR}usr/lib/systemd/system/rescue.service ]; then
            LogText "Result: file /usr/lib/systemd/system/rescue.service"
            LogText "Test: checking presence sulogin for single user mode"
-             FIND=`${EGREPBINARY} "^ExecStart=-(/bin/sh -c \")?(/usr)?/(s)?bin/sulogin" /usr/lib/systemd/system/rescue.service`
+            FIND=$(${EGREPBINARY} "^ExecStart=-(/bin/sh -c \")?(/usr)?/(s)?bin/sulogin" ${ROOTDIR}usr/lib/systemd/system/rescue.service)
-             if [ ! "${FIND}" = "" ]; then
+            if [ ! -z "${FIND}" ]; then
                FOUND=1
                LogText "Result: found sulogin, so single user is protected"
                AddHP 3 3
@ -788,7 +769,7 @@
                ReportSuggestion "${TEST_NO}" "Protect rescue.service by using sulogin"
            fi
        else
-             LogText "Result: file /usr/lib/systemd/system/rescue.service does not exist"
+            LogText "Result: file ${ROOTDIR}usr/lib/systemd/system/rescue.service does not exist"
        fi
    fi
 #
--- a/include/tests_containers
+++ b/include/tests_containers
@ -39,13 +39,13 @@
    Register --test-no CONT-8004 --os Solaris --weight L --network NO --category security --description "Query running Solaris zones"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: query zoneadm to list all running zones"
-        FIND=`/usr/sbin/zoneadm list -p | ${AWKBINARY} -F: '{ if ($2!="global") print $0 }'`
+        FIND=$(/usr/sbin/zoneadm list -p | ${AWKBINARY} -F: '{ if ($2!="global") print $0 }')
-        if [ ! "${FIND}" = "" ]; then
+        if [ ! -z "${FIND}" ]; then
            N=0
            for I in ${FIND}; do
                N=$((N + 1))
-                ZONEID=`echo ${I} | cut -d ':' -f1`
+                ZONEID=$(echo ${I} | ${CUTBINARY} -d ':' -f1)
-                ZONENAME=`echo ${I} | cut -d ':' -f2`
+                ZONENAME=$(echo ${I} | ${CUTBINARY} -d ':' -f2)
                LogText "Result: found zone ${ZONENAME} (running)"
                Report "solaris_running_zone[]=${ZONENAME} [id:${ZONEID}]"
            done
@ -67,8 +67,8 @@
        # Show Xen guests
        #FIND=`xm list | ${AWKBINARY} '$1 != "Name|Domain-0" {print $1","$2}'`
        #for I in ${FIND}; do
-            #XENGUESTNAME=`echo ${I} | cut -d ':' -f1`
+            #XENGUESTNAME=`echo ${I} | ${CUTBINARY} -d ':' -f1`
-            #XENGUESTID=`echo ${I} | cut -d ':' -f2`
+            #XENGUESTID=`echo ${I} | ${CUTBINARY} -d ':' -f2`
            #LogText "Result: found Xen guest ${XENGUESTNAME} (ID: ${XENGUESTID})"
        #done
    #fi
@ -95,7 +95,7 @@
    # Test        : CONT-8104
    # Description : Checking Docker info for any warnings
    # Notes       : Hardening points are awarded, as usually warnings are the result of missing controls to restrict boundaries like memory
-    if [ ! "${DOCKERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ ! -z "${DOCKERBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no CONT-8104 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Docker info for any warnings"
    if [ ${SKIPTEST} -eq 0 ]; then
        COUNT=0
@ -106,11 +106,11 @@
            LogText "Result: disabling further Docker tests as docker version gave exit code other than zero (0)"
            RUN_DOCKER_TESTS=0
        fi
-        FIND=`${DOCKERBINARY} info 2>&1 | ${GREPBINARY} "^WARNING:" | cut -d " " -f 2- | sed 's/ /:space:/g'`
+        FIND=$(${DOCKERBINARY} info 2>&1 | ${GREPBINARY} "^WARNING:" | ${CUTBINARY} -d " " -f 2- | ${SEDBINARY} 's/ /:space:/g')
        if [ ! "${FIND}" = "" ]; then
            LogText "Result: found warning(s) in output"
            for I in ${FIND}; do
-                J=`echo ${I} | sed 's/:space:/ /g'`
+                J=$(echo ${I} | ${SEDBINARY} 's/:space:/ /g')
                LogText "Output: ${J}"
                COUNT=$((COUNT + 1))
            done
@ -129,7 +129,7 @@
    # Test        : CONT-8106
    # Description : Checking Docker containers (basic stats)
    # Notes       : Hardening points are awarded, if there aren't a lot of stopped containers
-    if [ ! "${DOCKERBINARY}" = "" -a ${RUN_DOCKER_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ ! -z "${DOCKERBINARY}" -a ${RUN_DOCKER_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no CONT-8106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Gather basic stats from Docker"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 6 --text "- Containers"
@ -140,6 +140,7 @@
        if [ "${DOCKER_CONTAINERS_TOTAL}" = "" ]; then
            DOCKER_CONTAINERS_TOTAL=0
        fi
        LogText "Result: docker info shows ${DOCKER_CONTAINERS_TOTAL} containers"
        DOCKER_CONTAINERS_TOTAL2=$(${DOCKERBINARY} ps -a 2> /dev/null | ${GREPBINARY} -c -v "CONTAINER")
        LogText "Result: docker ps -a shows ${DOCKER_CONTAINERS_TOTAL2} containers"
@ -195,16 +196,16 @@
    Register --test-no CONT-8108 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check file permissions for Docker files"
    if [ ${SKIPTEST} -eq 0 ]; then
        NOT_WORLD_WRITABLE="/var/run/docker.sock"
-        for I in ${NOT_WORLD_WRITABLE}; do
+        for FILE in ${NOT_WORLD_WRITABLE}; do
-            LogText "Test: Check ${I}"
+            LogText "Test: Check ${FILE}"
-            if [ -f ${I} ]; then
+            if [ -f ${FILE} ]; then
-                LogText "Result: file ${I} found, permissions will be tested"
+                LogText "Result: file ${FILE} found, permissions will be tested"
-                if IsWorldWritable ${I}; then
+                if IsWorldWritable ${FILE}; then
                    LogText "Result: file is writable by others, which is a security risk (e.g. privilege escalation)"
-                    ReportWarning "${TEST_NO}" "Docker file is world writable" "${I}" "-"
+                    ReportWarning "${TEST_NO}" "Docker file is world writable" "${FILE}" "-"
                    DOCKER_FILE_PERMISSIONS_WARNINGS=$((DOCKER_FILE_PERMISSIONS_WARNINGS + 1))
                else
-                    LogText "Result: file is not writable by others, which is fine"
+                    LogText "Result: file ${FILE} is not writable by others, which is fine"
                fi
            fi
        done
--- a/include/tests_databases
+++ b/include/tests_databases
@ -222,7 +222,7 @@
            fi
        done
        # Sort the list of discovered configuration files so we can make them unique
-        REDIS_CONFIGURATION_FILES=$(echo ${REDIS_CONFIGURATION_FILES} | sed 's/^ //' | tr ' ' '\n' | ${SORTBINARY} | uniq | tr '\n' ' ')
+        REDIS_CONFIGURATION_FILES=$(echo ${REDIS_CONFIGURATION_FILES} | ${SEDBINARY} 's/^ //' | ${TRBINARY} ' ' '\n' | ${SORTBINARY} | uniq | ${TRBINARY} '\n' ' ')
        for FILE in ${REDIS_CONFIGURATION_FILES}; do
            if IsWorldReadable ${FILE}; then
                LogText "Result: configuration file ${FILE} is world readable, this might leak sensitive information!"
--- a/include/tests_file_integrity
+++ b/include/tests_file_integrity
@ -227,7 +227,7 @@
            LogText "Result: lfd service is configured NOT to run"
            Display --indent 6 --text "- Configuration status" --result "${STATUS_DISABLED}" --color YELLOW
        fi
-        ENABLED=`${GREPBINARY} "^LF_DIRWATCH =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | sed 's/\"//g'`
+        ENABLED=`${GREPBINARY} "^LF_DIRWATCH =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g'`
        if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
            LogText "Result: lfd directory watching is enabled (value: ${ENABLED})"
            Display --indent 6 --text "- Temporary directory watches" --result "${STATUS_ENABLED}" --color GREEN
@ -235,7 +235,7 @@
            LogText "Result: lfd directory watching is disabled"
            Display --indent 6 --text "- Temporary directory watches" --result "${STATUS_DISABLED}" --color YELLOW
        fi
-        ENABLED=`${GREPBINARY} "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | sed 's/\"//g'`
+        ENABLED=`${GREPBINARY} "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | ${AWKBINARY} '{ print $3 }' | ${SEDBINARY} 's/\"//g'`
        if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
            Display --indent 6 --text "- Directory/File watches" --result "${STATUS_ENABLED}" --color GREEN
          else
--- a/include/tests_file_permissions
+++ b/include/tests_file_permissions
@ -34,7 +34,7 @@
        LogText "Test: Checking file permissions"
        for PROFILE in ${PROFILES}; do
            LogText "Using profile ${PROFILE} for baseline."
-            FIND=`${EGREPBINARY} '^permfile:|^permdir:' ${PROFILE} | cut -d: -f2`
+            FIND=`${EGREPBINARY} '^permfile:|^permdir:' ${PROFILE} | ${CUTBINARY} -d: -f2`
            for I in ${FIND}; do
                LogText "Checking ${I}"
                CheckFilePermissions ${I}
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@ -151,8 +151,8 @@
        if [ ! "${FIND}" = "" ]; then
            LogText "Result: found one or more EXT file systems"
            for I in ${FIND}; do
-                FILESYSTEM=`echo ${I} | cut -d ',' -f1`
+                FILESYSTEM=`echo ${I} | ${CUTBINARY} -d ',' -f1`
-                FILETYPE=`echo ${I} | cut -d ',' -f2`
+                FILETYPE=`echo ${I} | ${CUTBINARY} -d ',' -f2`
                LogText "File system: ${FILESYSTEM} (type: ${FILETYPE})"
                Report "file_systems_ext[]=${FILESYSTEM}|${FILETYPE}|"
            done
@ -231,7 +231,7 @@
                UUID=`echo ${HAS_UUID} | ${AWKBINARY} -F= '{ print $2 }'`
                LogText "Result: Using ${UUID} as UUID"
                if [ ! "${BLKIDBINARY}" = "" ]; then
-                    FIND2=$(${BLKIDBINARY} | ${AWKBINARY} '{ if ($2=="UUID=\"${UUID}\"") print $1 }' | sed 's/:$//')
+                    FIND2=$(${BLKIDBINARY} | ${AWKBINARY} '{ if ($2=="UUID=\"${UUID}\"") print $1 }' | ${SEDBINARY} 's/:$//')
                    if [ ! "${FIND2}" = "" ]; then
                        REAL="${FIND2}"
                    fi
@ -335,7 +335,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for old files in /tmp"
        # Search for files only in /tmp, with an access time older than X days
-        FIND=`find /tmp -xdev -type f -atime +${TMP_OLD_DAYS} | sed 's/ /!space!/g'`
+        FIND=`find /tmp -xdev -type f -atime +${TMP_OLD_DAYS} | ${SEDBINARY} 's/ /!space!/g'`
        if [ "${FIND}" = "" ]; then
            Display --indent 2 --text "- Checking for old files in /tmp" --result "${STATUS_OK}" --color GREEN
            LogText "Result: no files found in /tmp which are older than 3 months"
@ -343,7 +343,7 @@
            Display --indent 2 --text "- Checking for old files in /tmp" --result "${STATUS_FOUND}" --color RED
            N=0
            for I in ${FIND}; do
-                FILE=`echo ${I} | sed 's/!space!/ /g'`
+                FILE=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
                LogText "Old temporary file: ${FILE}"
                N=$((N + 1))
            done
@ -501,17 +501,17 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/fstab ]; then
            for I in ${FILESYSTEMS_TO_CHECK}; do
-                FILESYSTEM=$(echo ${I} | cut -d: -f1)
+                FILESYSTEM=$(echo ${I} | ${CUTBINARY} -d: -f1)
-                EXPECTED_FLAGS=$(echo ${I} | cut -d: -f2 | sed 's/,/ /g')
+                EXPECTED_FLAGS=$(echo ${I} | ${CUTBINARY} -d: -f2 | ${SEDBINARY} 's/,/ /g')
                FS_FSTAB=$(${AWKBINARY} -v fs=${FILESYSTEM} '{ if ($2==fs) { print $3 } }' /etc/fstab)
                if [ "${FS_FSTAB}" = "glusterfs" ]; then
-                    EXPECTED_FLAGS=$(echo ${EXPECTED_FLAGS} | sed 's/\<\(nodev\|nosuid\)\> *//g')
+                    EXPECTED_FLAGS=$(echo ${EXPECTED_FLAGS} | ${SEDBINARY} 's/\<\(nodev\|nosuid\)\> *//g')
                    if [ "${EXPECTED_FLAGS}" = "" ]; then
                        FS_FSTAB=""
                    fi
                fi
                if [ ! "${FS_FSTAB}" = "" ]; then
-                    FOUND_FLAGS=$(${AWKBINARY} -v fs=${FILESYSTEM} '{ if ($2==fs) { print $4 } }' /etc/fstab | sed 's/,/ /g' | tr '\n' ' ')
+                    FOUND_FLAGS=$(${AWKBINARY} -v fs=${FILESYSTEM} '{ if ($2==fs) { print $4 } }' /etc/fstab | ${SEDBINARY} 's/,/ /g' | ${TRBINARY} '\n' ' ')
                    LogText "File system:    ${FILESYSTEM}"
                    LogText "Expected flags: ${EXPECTED_FLAGS}"
                    LogText "Found flags:    ${FOUND_FLAGS}"
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@ -71,7 +71,7 @@
                    LogText "Result: found kernel configuration file (${LINUXCONFIGFILE})"
                    FIND=`${tCATCMD} ${LINUXCONFIGFILE} | ${GREPBINARY} -v '^#' | ${GREPBINARY} "CONFIG_IP_NF_IPTABLES" | head -n 1`
                    if [ ! "${FIND}" = "" ]; then
-                        HAVEMOD=`echo ${FIND} | cut -d '=' -f2`
+                        HAVEMOD=`echo ${FIND} | ${CUTBINARY} -d '=' -f2`
                        # Do not use iptables if it's compiled as a module (=m), since we already tested for it in the
                        # active list.
                        if [ "${HAVEMOD}" = "y" ]; then
@ -148,7 +148,7 @@
    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset"
    if [ ${SKIPTEST} -eq 0 ]; then
-        FIND=`${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | wc -l | tr -d ' '`
+        FIND=`${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | wc -l | ${TRBINARY} -d ' '`
        if [ ! "${FIND}" = "" ]; then
            FIREWALL_ACTIVE=1
            if [ ${FIND} -le 10 ]; then
--- a/include/tests_kernel
+++ b/include/tests_kernel
@ -184,7 +184,7 @@
        if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then
            LogText "Test: checking if kernel is monolithic or modular"
            # Checking if any modules are loaded
-            FIND=`${LSMODBINARY} | ${GREPBINARY} -v "^Module" | wc -l | tr -s ' ' | tr -d ' '`
+            FIND=`${LSMODBINARY} | ${GREPBINARY} -v "^Module" | wc -l | ${TRBINARY} -s ' ' | ${TRBINARY} -d ' '`
            Display --indent 2 --text "- Checking kernel type" --result "${STATUS_DONE}" --color GREEN
            if [ "${FIND}" = "0" ]; then
                LogText "Result: Found monolithic kernel"
@ -267,7 +267,7 @@
        if [ ${LINUXCONFIGFILE_ZIPPED} -eq 1 ]; then GREPTOOL="${ZGREPBINARY}"; else GREPTOOL="${GREPBINARY}"; fi
        if [ ! "${GREPTOOL}" = "" ]; then
            LogText "Test: Checking the default I/O kernel scheduler"
-            LINUX_KERNEL_IOSCHED=`${GREPTOOL} "CONFIG_DEFAULT_IOSCHED" ${LINUXCONFIGFILE} | ${AWKBINARY} -F= '{ print $2 }' | sed s/\"//g`
+            LINUX_KERNEL_IOSCHED=`${GREPTOOL} "CONFIG_DEFAULT_IOSCHED" ${LINUXCONFIGFILE} | ${AWKBINARY} -F= '{ print $2 }' | ${SEDBINARY} s/\"//g`
            if [ ! "${LINUX_KERNEL_IOSCHED}" = "" ]; then
                LogText "Result: found IO scheduler '${LINUX_KERNEL_IOSCHED}'"
                Display --indent 2 --text "- Checking default I/O kernel scheduler" --result "${STATUS_FOUND}" --color GREEN
@ -292,7 +292,7 @@
        LogText "Description: View all active kernel modules (including kernel)"
        LogText "Test: Checking modules"
        if [ -f /sbin/kldstat ]; then
-            FIND=`kldstat | ${GREPBINARY} -v 'Name' | tr -s ' ' | cut -d ' ' -f6`
+            FIND=`kldstat | ${GREPBINARY} -v 'Name' | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f6`
            if [ $? -eq 0 ]; then
                LogText "Loaded modules according kldstat:"
                N=0
@ -358,8 +358,8 @@
                ReportSuggestion ${TEST_NO} "Discover why /vmlinuz is missing. Consider manually re-linking."
            fi
            LogText "Test: Using apt-cache policy to determine if there is an update available"
-            FINDINST=`apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | cut -d ':' -f2 | tr -d ' '`
+            FINDINST=`apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' '`
-            FINDCAND=`apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | cut -d ':' -f2 | tr -d ' '`
+            FINDCAND=`apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' '`
            LogText "Kernel installed: ${FINDINST}"
            LogText "Kernel candidate: ${FINDCAND}"
            if [ "${FINDINST}" = "" ]; then
@ -527,7 +527,7 @@
                        LogText "Result: /boot/vmlinuz not on disk, trying to find /boot/vmlinuz*"
                    fi
                    # Extra current kernel version and replace dashes to allow numeric ${SORTBINARY} later on
-                    MYKERNEL=`uname -r | sed 's/\.[a-z].*.//g' | sed 's/-[a-z].*.//g' | sed 's/-/./g'`
+                    MYKERNEL=`uname -r | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's/-/./g'`
                    LogText "Result: using ${MYKERNEL} as my kernel version (stripped)"
                    FIND=$(ls /boot/vmlinuz* 2> /dev/null)
                    if [ ! "${FIND}" = "" ]; then
@ -537,8 +537,8 @@
                         # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers)
                         # Ignore rescue images. Remove generic. and huge. for Slackware machines
                         LogText "Action: checking relevant kernels"
-                         KERNELS=`ls /boot/vmlinuz* | ${GREPBINARY} -v rescue | sed 's/vmlinuz-//' | sed 's/generic.//' | sed 's/huge.//' | sed 's/\.[a-z].*.//g' | sed 's/-[a-z].*.//g' | sed 's./boot/..' | sed 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.`
+                         KERNELS=`ls /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.`
-                         KERNELS_ONE_LINE=$(echo ${KERNELS} | tr '\n' ' ')
+                         KERNELS_ONE_LINE=$(echo ${KERNELS} | ${TRBINARY} '\n' ' ')
                         LogText "Output: ${KERNELS_ONE_LINE}"
                    elif [ ! "$(ls /boot/kernel* 2> /dev/null)" = "" ]; then
                         LogText "Output: Found a kernel file in /boot"
--- a/include/tests_kernel_hardening
+++ b/include/tests_kernel_hardening
@ -41,14 +41,14 @@
        for PROFILE in ${PROFILES}; do
            FILE=$(echo ${PROFILE} | ${AWKBINARY} -F/ '{print $NF}')
            if [ ! "${FILE}" = "default.prf" -a ! "${FILE}" = "custom.prf" ]; then
-                FIND=$(${GREPBINARY} "^config-data=sysctl;" ${PROFILE} | sed 's/ /-space-/g')
+                FIND=$(${GREPBINARY} "^config-data=sysctl;" ${PROFILE} | ${SEDBINARY} 's/ /-space-/g')
                DATA_TO_SCAN="${DATA_TO_SCAN} ${FIND}"
            fi
        done
        # Scan custom profile
        if [ ! -z "${CUSTOM_PROFILE}" ]; then
-            FIND=$(${GREPBINARY} "^config-data=sysctl;" ${CUSTOM_PROFILE} | sed 's/ /-space-/g')
+            FIND=$(${GREPBINARY} "^config-data=sysctl;" ${CUSTOM_PROFILE} | ${SEDBINARY} 's/ /-space-/g')
            for LINE in ${FIND}; do
                SYSCTLKEY=$(echo ${LINE} | ${AWKBINARY} -F\; '{ print $2 }')
                HAS_KEY=$(echo ${DATA_TO_SCAN} | ${GREPBINARY} ";${SYSCTLKEY};")
@ -58,7 +58,7 @@
        # Last, use data from default profile
        if [ ! -z "${DEFAULT_PROFILE}" ]; then
-            FIND=$(${GREPBINARY} "^config-data=sysctl;" ${DEFAULT_PROFILE} | sed 's/ /-space-/g')
+            FIND=$(${GREPBINARY} "^config-data=sysctl;" ${DEFAULT_PROFILE} | ${SEDBINARY} 's/ /-space-/g')
            for LINE in ${FIND}; do
                SYSCTLKEY=$(echo ${LINE} | ${AWKBINARY} -F\; '{ print $2 }')
                HAS_KEY=$(echo ${DATA_TO_SCAN} | ${GREPBINARY} ";${SYSCTLKEY};")
@ -67,13 +67,13 @@
        fi
        # Sort the results
-        DATA_TO_SCAN=$(echo ${DATA_TO_SCAN} | tr ' ' '\n' | sort)
+        DATA_TO_SCAN=$(echo ${DATA_TO_SCAN} | ${TRBINARY} ' ' '\n' | sort)
        for I in ${DATA_TO_SCAN}; do
            tFINDkey=$(echo ${I} | ${AWKBINARY} -F\; '{ print $2 }')
            tFINDexpvalue=$(echo ${I} | ${AWKBINARY} -F\; '{ print $3 }')
            tFINDhp=$(echo ${I} | ${AWKBINARY} -F\; '{ print $4 }' | ${GREPBINARY} "[0-9]")
-            tFINDdesc=$(echo ${I} | ${AWKBINARY} -F\; '{ print $5 }' | sed 's/-space-/ /g')
+            tFINDdesc=$(echo ${I} | ${AWKBINARY} -F\; '{ print $5 }' | ${SEDBINARY} 's/-space-/ /g')
            tFINDcurvalue=$(${SYSCTL_READKEY} ${tFINDkey} 2> /dev/null)
            if [ ! "${tFINDcurvalue}" = "" ]; then
                if [ "${tFINDexpvalue}" = "${tFINDcurvalue}" ]; then
--- a/include/tests_logging
+++ b/include/tests_logging
@ -279,7 +279,7 @@
    Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --category security --description "Checking directories in logrotate configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking which directories can be found in logrotate configuration"
-        FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | ${EGREPBINARY} "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2=="log") { print $3 } }' | sed 's@/[^/]*$@@g' | ${SORTBINARY} -u`
+        FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | ${EGREPBINARY} "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2=="log") { print $3 } }' | ${SEDBINARY} 's@/[^/]*$@@g' | ${SORTBINARY} -u`
        if [ "${FIND}" = "" ]; then
            LogText "Result: nothing found"
          else
@ -399,7 +399,7 @@
    Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking directories in /etc/newsyslog.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: parsing directories from /etc/newsyslog.conf file"
-        FIND=`${AWKBINARY} '/^\// { print $1 }' /etc/newsyslog.conf | sed 's/\/*[a-zA-Z_.-]*$//g' | ${SORTBINARY} -u`
+        FIND=`${AWKBINARY} '/^\// { print $1 }' /etc/newsyslog.conf | ${SEDBINARY} 's/\/*[a-zA-Z_.-]*$//g' | ${SORTBINARY} -u`
        for I in ${FIND}; do
            if [ -d ${I} ]; then
                LogText "Result: Directory ${I} found and exists"
--- a/include/tests_memory_processes
+++ b/include/tests_memory_processes
@ -53,8 +53,8 @@
        LogText "Test: Searching /usr/sbin/prtconf"
        if [ -x /usr/sbin/prtconf ]; then
            Display --indent 2 --text "- Querying prtconf for installed memory" --result "${STATUS_DONE}" --color GREEN
-            MEMORY_SIZE=`/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | cut -d ' ' -f3`
+            MEMORY_SIZE=`/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | ${CUTBINARY} -d ' ' -f3`
-            MEMORY_UNITS=`/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | cut -d ' ' -f4`
+            MEMORY_UNITS=`/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | ${CUTBINARY} -d ' ' -f4`
            LogText "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
            Report "memory_size=${MEMORY_SIZE}"
            Report "memory_units=${MEMORY_UNITS}"
--- a/include/tests_nameservices
+++ b/include/tests_nameservices
@ -209,7 +209,7 @@
              else
                LogText "Result: using domain name from FQDN hostname"
                #DOMAINNAME=${FQDN#${HOSTNAME}.}
-                DOMAINNAME=`echo ${FQDN} | cut -d . -f2-`
+                DOMAINNAME=`echo ${FQDN} | ${CUTBINARY} -d . -f2-`
            fi
        fi
@ -555,7 +555,7 @@
        if [ -f /etc/sysconfig/network ]; then
            LogText "Result: file /etc/sysconfig/network exists"
            LogText "Test: checking NISDOMAIN value in file"
-            FIND3=`${GREPBINARY} "^NISDOMAIN" /etc/sysconfig/network | ${AWKBINARY} -F= '{ print $2 }' | sed 's/"//g'`
+            FIND3=`${GREPBINARY} "^NISDOMAIN" /etc/sysconfig/network | ${AWKBINARY} -F= '{ print $2 }' | ${SEDBINARY} 's/"//g'`
            if [ ! "${FIND3}" = "" ]; then
                LogText "Found NIS domain: ${FIND3}"
                NISDOMAIN="${FIND3}"
@ -569,7 +569,7 @@
        if [ ! "${SYSCTLBINARY}" = "" ]; then
            # Check sysctl (e.g. FreeBSD)
            LogText "Test: checking sysctl for kern.domainname"
-            FIND=`${SYSCTLBINARY} -a 2>&1 | ${GREPBINARY} "^kern.domainname" | ${AWKBINARY} -F: '{ print $2 }' | sed 's/ //g' | ${GREPBINARY} -v "^$"`
+            FIND=`${SYSCTLBINARY} -a 2>&1 | ${GREPBINARY} "^kern.domainname" | ${AWKBINARY} -F: '{ print $2 }' | ${SEDBINARY} 's/ //g' | ${GREPBINARY} -v "^$"`
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: found NIS domain via sysctl"
                NISDOMAIN="${FIND}"
--- a/include/tests_networking
+++ b/include/tests_networking
@ -46,7 +46,7 @@
        IPV6_ONLY=255
        IPV6_MISCONFIGURED=0
        IPV6_MISCONFIGURED_MTU=0
-        FIND=`sysctl -a 2> /dev/null | ${GREPBINARY} "^net.ipv6" | sed "s/ = /=/"`
+        FIND=`sysctl -a 2> /dev/null | ${GREPBINARY} "^net.ipv6" | ${SEDBINARY} "s/ = /=/"`
        if [ ! "${FIND}" = "" ]; then
            IPV6_CONFIGURED=1
            for I in ${FIND}; do
@ -89,7 +89,7 @@
        LogText "Result: IPV6 mode is ${IPV6_MODE}"
        if [ ${IPV6_CONFIGURED} -eq 1 ]; then
            Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE
-            STATUS=`echo ${IPV6_MODE} | tr '[:lower:]' '[:upper:]'`
+            STATUS=`echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]'`
            Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE
            if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi
            LogText "Result: IPv6 only configuration: ${STATUS}"
@ -123,7 +123,7 @@
        LogText "Test: Checking /etc/resolv.conf file"
        if [ -f /etc/resolv.conf ]; then
            LogText "Result: Found /etc/resolv.conf file"
-            FIND=`${GREPBINARY} '^nameserver' /etc/resolv.conf | tr -d '\t' | sed 's/nameserver*//g' | uniq`
+            FIND=`${GREPBINARY} '^nameserver' /etc/resolv.conf | ${TRBINARY} -d '\t' | ${SEDBINARY} 's/nameserver*//g' | uniq`
            if [ ! "${FIND}" = "" ]; then
                Display --indent 4 --text "- Testing nameservers"
                LogText "Test: Querying nameservers"
@ -196,7 +196,7 @@
    Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Find default gateway (route)"
    if [ $SKIPTEST -eq 0 ]; then
        LogText "Test: Searching default gateway(s)"
-        FIND=`${NETSTATBINARY} -rn | ${EGREPBINARY} "^0.0.0.0|default" | tr -s ' ' | cut -d ' ' -f2`
+        FIND=`${NETSTATBINARY} -rn | ${EGREPBINARY} "^0.0.0.0|default" | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2`
        if [ ! "${FIND}" = "" ]; then
            for I in ${FIND}; do
                LogText "Result: Found default gateway ${I}"
@ -223,7 +223,7 @@
            ;;
            Linux)
                if [ ! "${IPBINARY}" = "" ]; then
-                    FIND=`${IPBINARY} link show | ${GREPBINARY} "^[0-9]" | ${AWKBINARY} '{ print $2 }' | sed 's/://g'`
+                    FIND=`${IPBINARY} link show | ${GREPBINARY} "^[0-9]" | ${AWKBINARY} '{ print $2 }' | ${SEDBINARY} 's/://g'`
                elif [ ! "${IFCONFIGBINARY}" = "" ]; then
                    FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print  $1 }}'`
                fi
@ -260,7 +260,7 @@
        FIND=""
        case ${OS} in
            AIX)
-                FIND=`lscfg -vl ent* | f${GREPBINARY} "Network Address" | cut -d"." -f14 | ${AWKBINARY} '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'`
+                FIND=`lscfg -vl ent* | f${GREPBINARY} "Network Address" | ${CUTBINARY} -d"." -f14 | ${AWKBINARY} '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'`
                ;;
            DragonFly|FreeBSD)
                FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="ether") print $2 }' | ${SORTBINARY} -u`
@ -320,14 +320,14 @@
                ;;
            Linux)
                if [ ! "${IFCONFIGBINARY}" = "" ]; then
-                    FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }' | cut -d ':' -f2`
+                    FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }' | ${CUTBINARY} -d ':' -f2`
                    # Version which works for multiple types of ifconfig (e.g. Slackware)
                    FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6" && $2=="addr:") { print $3 } else { if ($1=="inet6" && $3=="prefixlen") { print $2 } } }'`
                  else
                    if [ ! "${IPBINARY}" = "" ]; then
                        LogText "Test: Using ip binary to gather IP addresses"
-                        FIND=`${IPBINARY} addr | ${AWKBINARY} '{ if ($1=="inet") { print $2 }}' | sed 's/\/.*//'`
+                        FIND=`${IPBINARY} addr | ${AWKBINARY} '{ if ($1=="inet") { print $2 }}' | ${SEDBINARY} 's/\/.*//'`
-                        FIND2=`${IPBINARY} addr | ${AWKBINARY} '{ if ($1=="inet6") { print $2 }}' | sed 's/\/.*//'`
+                        FIND2=`${IPBINARY} addr | ${AWKBINARY} '{ if ($1=="inet6") { print $2 }}' | ${SEDBINARY} 's/\/.*//'`
                      else
                        ReportException "${TEST_NO}:2" "Missing ifconfig or ip command to collect hardware address (MAC)"
                    fi
@ -378,7 +378,7 @@
            DragonFly|FreeBSD)
                if [ ! "${SOCKSTATBINARY}" = "" ]; then
                    FIND=`${SOCKSTATBINARY} | ${AWKBINARY} '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u`
-                    # To strip off IP's: sed 's/|.*:/|/'
+                    # To strip off IP's: ${SEDBINARY} 's/|.*:/|/'
                  else
                    FIND=""
                fi
@ -387,9 +387,9 @@
            Linux)
                if [ ! "${NETSTATBINARY}" = "" ]; then
                    # UDP
-                    FIND=`${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | sed 's:|[0-9]*/:|:'`
+                    FIND=`${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:'`
                    # TCP
-                    FIND2=`${NETSTATBINARY} -nlp 2> /dev/null  | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | sed 's:|[0-9]*/:|:'`
+                    FIND2=`${NETSTATBINARY} -nlp 2> /dev/null  | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:'`
                  else
                    if [ ! "${SSBINARY}" = "" ]; then
                        # UDP
@ -405,7 +405,7 @@
            MacOS)
                if [ ! "${LSOFBINARY}" = "" ]; then
                    # UDP and TCP combined
-                    FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | sed 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | sed 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`
+                    FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`
                  else
                    FIND=""
                fi
@ -472,7 +472,7 @@
    Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (BSD)"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking promiscuous interfaces (FreeBSD)"
-        FIND=`${IFCONFIGBINARY} | ${GREPBINARY} PROMISC | cut -d ':' -f1`
+        FIND=`${IFCONFIGBINARY} | ${GREPBINARY} PROMISC | ${CUTBINARY} -d ':' -f1`
        if [ ! "${FIND}" = "" ]; then
            LogText "Result: Promiscuous interfaces: ${FIND}"
            for I in ${FIND}; do
@ -514,7 +514,7 @@
    Register --test-no NETW-3015 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (Linux)"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking promiscuous interfaces (Linux)"
-        NETWORK=`${IFCONFIGBINARY} | ${GREPBINARY} Link | tr -s ' ' | cut -d ' ' -f1`
+        NETWORK=`${IFCONFIGBINARY} | ${GREPBINARY} Link | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f1`
        if [ ! "${NETWORK}" = "" ]; then
            for I in ${NETWORK}; do
                FIND=`${IFCONFIGBINARY} ${I} | ${GREPBINARY} PROMISC`
@ -552,7 +552,7 @@
    # Description : Netstat/socktstat compare (FreeBSD)
    #	    echo -n "        - Comparing output sockstat and netstat"
    #	    LogText "Comparing output of sockstat and netstat"
-    #	    NETSTATOUTPUT=`netstat -an | ${GREPBINARY} -v 'TIME_WAIT' | ${GREPBINARY} -v 'ESTABLISHED' | ${GREPBINARY} -v 'SYN_SENT' | ${GREPBINARY} -v 'CLOSE_WAIT' | ${GREPBINARY} -v 'LAST_ACK' | ${GREPBINARY} -v 'SYN_RECV' | ${GREPBINARY} -v 'CLOSING' | cut -c 1-44 | ${GREPBINARY} '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | ${GREPBINARY} -v '*' | ${SORTBINARY} -u`
+    #	    NETSTATOUTPUT=`netstat -an | ${GREPBINARY} -v 'TIME_WAIT' | ${GREPBINARY} -v 'ESTABLISHED' | ${GREPBINARY} -v 'SYN_SENT' | ${GREPBINARY} -v 'CLOSE_WAIT' | ${GREPBINARY} -v 'LAST_ACK' | ${GREPBINARY} -v 'SYN_RECV' | ${GREPBINARY} -v 'CLOSING' | ${CUTBINARY} -c 1-44 | ${GREPBINARY} '*.' | ${CUTBINARY} -c 24-32 | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v '*' | ${SORTBINARY} -u`
    #
    #	    if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then
    #	        ShowResult OK
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@ -51,8 +51,8 @@
            LogText "Output:"; LogText "-----"
            SPACKAGES=`/usr/sbin/pkg query %n,%v`
            for J in ${SPACKAGES}; do
-                sPKG_NAME=`echo ${J} | cut -d ',' -f1`
+                sPKG_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f1`
-                sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
+                sPKG_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f2`
                LogText "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
                INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
            done
@ -73,11 +73,11 @@
        LogText "Test: Querying pkg_info to get package list"
        Display --indent 6 --text "- Querying pkg_info for installed packages"
        LogText "Output:"; LogText "-----"
-        SPACKAGES=`/usr/sbin/pkg_info 2>&1 | ${SORTBINARY} | tr -s ' ' | cut -d ' ' -f1 | sed -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
+        SPACKAGES=`/usr/sbin/pkg_info 2>&1 | ${SORTBINARY} | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f1 | ${SEDBINARY} -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
        for J in ${SPACKAGES}; do
            N=$((N + 1))
-            sPKG_NAME=`echo ${J} | cut -d ',' -f1`
+            sPKG_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f1`
-            sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
+            sPKG_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f2`
            LogText "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
        done
@ -121,7 +121,7 @@
        LogText "Test: Querying portage to get package list"
        Display --indent 4 --text "- Querying portage for installed packages"
        LogText "Output:"; LogText "-----"
-        GPACKAGES=`equery l '*' | sed -e 's/[.*]//g'`
+        GPACKAGES=`equery l '*' | ${SEDBINARY} -e 's/[.*]//g'`
        for J in ${GPACKAGES}; do
            LogText "Found package ${J}"
            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
@ -145,7 +145,7 @@
            Display --indent 4 --text "- Querying pkginfo for installed packages"
            LogText "Output:"; LogText "-----"
            # Strip SUNW from strings
-            SPACKAGES=`/usr/bin/pkginfo -i | tr -s ' ' | cut -d ' ' -f2 | sed "s#^SUNW##"`
+            SPACKAGES=`/usr/bin/pkginfo -i | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2 | ${SEDBINARY} "s#^SUNW##"`
            for J in ${SPACKAGES}; do
                LogText "Found package ${J}"
                INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
@ -201,7 +201,7 @@
        LogText "Test: Querying 'pacman -Q' to get package list"
        Display --indent 6 --text "- Querying pacman package manager"
        LogText "Output:"; LogText "--------"
-        SPACKAGES=`${PACMANBINARY} -Q | ${SORTBINARY} | sed 's/ /,/g'`
+        SPACKAGES=`${PACMANBINARY} -Q | ${SORTBINARY} | ${SEDBINARY} 's/ /,/g'`
        if [ "${SPACKAGES}" = "" ]; then
            LogText "Result: pacman binary available, but package list seems to be empty"
            LogText "Info: looks like the pacman binary is installed, but not used for package installation"
@ -257,17 +257,17 @@
        COUNT=0
        # Check configuration options (options start with a capital)
        LogText "Test: searching configured options in ${PACMANCONF}"
-        FIND=`${GREPBINARY} "^[A-Z]" ${PACMANCONF} | ${SORTBINARY} -u | sed 's/ /:space:/g'`
+        FIND=`${GREPBINARY} "^[A-Z]" ${PACMANCONF} | ${SORTBINARY} -u | ${SEDBINARY} 's/ /:space:/g'`
        for I in ${FIND}; do
-            PMOPTION=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }'`
+            PMOPTION=`echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }'`
-            PMVALUE=`echo ${I} | sed 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }'`
+            PMVALUE=`echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }'`
            LogText "Result: found option ${PMOPTION} configured with value ${PMVALUE}"
            Report "pacman_option[]=${PMOPTION}:${PMVALUE}:"
        done
        # Check software repositories
        LogText "Test: checking available repositories"
-        FIND=`${GREPBINARY} "^\[.*\]$" ${PACMANCONF} | tr -d '[]'`
+        FIND=`${GREPBINARY} "^\[.*\]$" ${PACMANCONF} | ${TRBINARY} -d '[]'`
        for I in ${FIND}; do
            COUNT=$((COUNT + 1))
            Report "package_repository[]=${I}"
@ -315,7 +315,7 @@
                LogText "Result: Zypper found one or more installed packages which are vulnerable."
                ReportWarning ${TEST_NO} "Found one or more vulnerable packages installed"
                # Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
-                FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u`
+                FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | ${SEDBINARY} 's/:$//' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u`
                LogText "List of vulnerable packages/version:"
                for I in ${FIND}; do
                    VULNERABLE_PACKAGES_FOUND=1
@ -341,11 +341,11 @@
        LogText "Test: Querying dpkg -l to get package list"
        Display --indent 6 --text "- Querying package manager"
        LogText "Output:"
-        SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^ii" | tr -s ' ' | tr ' ' ',' | sort`
+        SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^ii" | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | sort`
        for J in ${SPACKAGES}; do
            N=$((N + 1))
-            PACKAGE_NAME=`echo ${J} | cut -d ',' -f2`
+            PACKAGE_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f2`
-            PACKAGE_VERSION=`echo ${J} | cut -d ',' -f3`
+            PACKAGE_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f3`
            LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
        done
@ -358,13 +358,13 @@
 #
    # Test        : PKGS-7346
    # Description : Check packages which are removed, but still own configuration files, cron jobs etc
-    # Notes       : Cleanup: for pkg in `dpkg -l | ${GREPBINARY} "^rc" | cut -d' ' -f3`; do aptitude purge ${pkg}; done
+    # Notes       : Cleanup: for pkg in `dpkg -l | ${GREPBINARY} "^rc" | ${CUTBINARY} -d' ' -f3`; do aptitude purge ${pkg}; done
    if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Search unpurged packages on system"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Querying dpkg -l to get unpurged packages"
-        SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^rc" | cut -d ' ' -f3 | sort`
+        SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^rc" | ${CUTBINARY} -d ' ' -f3 | sort`
        if [ "${SPACKAGES}" = "" ]; then
            Display --indent 4 --text "- Query unpurged packages" --result "${STATUS_NONE}" --color GREEN
            LogText "Result: no packages found with left overs"
@ -392,7 +392,7 @@
    Register --test-no PKGS-7348 --os FreeBSD --weight L --network NO --category security --description "Check for old distfiles"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -x /usr/local/sbin/portsclean ]; then
-            FIND=`/usr/local/sbin/portsclean -n -DD | ${GREPBINARY} 'Delete' | wc -l | tr -d ' '`
+            FIND=`/usr/local/sbin/portsclean -n -DD | ${GREPBINARY} 'Delete' | wc -l | ${TRBINARY} -d ' '`
            if [ ${FIND} -eq 0 ]; then
                Display --indent 2 --text "- Checking presence old distfiles" --result "${STATUS_OK}" --color GREEN
                LogText "Result: no unused distfiles found"
@ -422,8 +422,8 @@
        SPACKAGES=`${DNFBINARY} -q list installed 2> /dev/null | ${AWKBINARY} '{ if ($1!="Installed" && $1!="Last") {print $1","$2 }}'`
        for J in ${SPACKAGES}; do
            N=$((N + 1))
-            PACKAGE_NAME=`echo ${J} | cut -d ',' -f1`
+            PACKAGE_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f1`
-            PACKAGE_VERSION=`echo ${J} | cut -d ',' -f2`
+            PACKAGE_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f2`
            LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
        done
@ -631,7 +631,7 @@
                #ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
                #ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
                #LogText "List of vulnerable packages/version:"
-                #for I in `/usr/sbin/pkg audit -F | ${GREPBINARY} "Affected package" | cut -d ' ' -f3 | ${SORTBINARY} -u`; do
+                #for I in `/usr/sbin/pkg audit -F | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do
                #    Report "vulnerable_package[]=${I}"
                #    LogText "Vulnerable package: ${I}"
                #    # Decrease hardening points for every found vulnerable package
@ -663,7 +663,7 @@
                ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
                ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
                LogText "List of vulnerable packages/version:"
-                for I in `/usr/local/sbin/portaudit | ${GREPBINARY} "Affected package" | cut -d ' ' -f3 | ${SORTBINARY} -u`; do
+                for I in `/usr/local/sbin/portaudit | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do
                    VULNERABLE_PACKAGES_FOUND=1
                    Report "vulnerable_package[]=${I}"
                    LogText "Vulnerable package: ${I}"
@ -682,7 +682,7 @@
    Register --test-no PKGS-7383 --preqs-met ${PREQS_MET} --os Linux --weight M --network NO --category security --description "Check for YUM package update management"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: YUM package update management"
-        FIND=$(${YUMBINARY} repolist 2>/dev/null | ${GREPBINARY} repolist | sed 's/ //g' | sed 's/[,.]//g' | ${AWKBINARY} -F ":" '{print $2}' | ${EGREPBINARY} "^[0-9]+$")
+        FIND=$(${YUMBINARY} repolist 2>/dev/null | ${GREPBINARY} repolist | ${SEDBINARY} 's/ //g' | ${SEDBINARY} 's/[,.]//g' | ${AWKBINARY} -F ":" '{print $2}' | ${EGREPBINARY} "^[0-9]+$")
        if [ -z "${FIND}" -o "${FIND}" = "0" ]; then
            LogText "Result: YUM package update management failed"
            Display --indent 2 --text "- YUM package management consistency" --result "${STATUS_WARNING}" --color RED
@ -845,26 +845,26 @@
        if [ ${OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY} -eq 0 ]; then
            if [ -f /etc/apt/sources.list ]; then
                LogText "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list file"
-                FIND=$(${EGREPBINARY} "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list | ${GREPBINARY} -v '#' | sed 's/ /!space!/g')
+                FIND=$(${EGREPBINARY} "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g')
                if [ ! "${FIND}" = "" ]; then
                    FOUND=1
                    Display --indent 2 --text "- Checking security repository in sources.list file" --result "${STATUS_OK}" --color GREEN
                    LogText "Result: Found security repository in /etc/apt/sources.list"
                    for REPO in ${FIND}; do
-                        REPO=$(echo ${REPO} | sed 's/!space!/ /g')
+                        REPO=$(echo ${REPO} | ${SEDBINARY} 's/!space!/ /g')
                        LogText "Output: ${REPO}"
                    done
                fi
            fi
            if [ -d /etc/apt/sources.list.d ]; then
                LogText "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list.d directory"
-                FIND=$(${EGREPBINARY} -r "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list.d | ${GREPBINARY} -v '#' | sed 's/ /!space!/g')
+                FIND=$(${EGREPBINARY} -r "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list.d | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g')
                if [ ! -z "${FIND}" ]; then
                    FOUND=1
                    Display --indent 2 --text "- Checking security repository in sources.list.d directory" --result "${STATUS_OK}" --color GREEN
                    LogText "Result: Found security repository in one or more files in directory /etc/apt/sources.list.d"
                    for REPO in ${FIND}; do
-                        REPO=$(echo ${REPO} | sed 's/!space!/ /g')
+                        REPO=$(echo ${REPO} | ${SEDBINARY} 's/!space!/ /g')
                        LogText "Output: ${REPO}"
                    done
                fi
@ -949,7 +949,7 @@
        # Trying also with apt-get directly (does not always work, as updates are distributed on both -security and -updates)
        # Show packages which would be upgraded and match 'security' in repository name
-        FIND=`/usr/bin/apt-get --dry-run --show-upgraded upgrade 2> /dev/null | ${GREPBINARY} '-security' | ${GREPBINARY} "^Inst" | cut -d ' ' -f2 | ${SORTBINARY} -u`
+        FIND=`/usr/bin/apt-get --dry-run --show-upgraded upgrade 2> /dev/null | ${GREPBINARY} '-security' | ${GREPBINARY} "^Inst" | ${CUTBINARY} -d ' ' -f2 | ${SORTBINARY} -u`
        if [ ! "${FIND}" = "" ]; then
            VULNERABLE_PACKAGES_FOUND=1
            SCAN_PERFORMED=1
@ -1038,7 +1038,7 @@
        if [ -x /usr/bin/apt-show-versions ]; then
            LogText "Result: found /usr/bin/apt-show-versions"
            LogText "Test: Checking packages which can be upgraded via apt-show-versions"
-            FIND=`/usr/bin/apt-show-versions -u | sed 's/ /!space!/g'`
+            FIND=`/usr/bin/apt-show-versions -u | ${SEDBINARY} 's/ /!space!/g'`
            if [ "${FIND}" = "" ]; then
                LogText "Result: no packages found which can be upgraded"
                Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_NONE}" --color GREEN
@ -1048,7 +1048,7 @@
                Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_FOUND}" --color YELLOW
                # output: program/repository upgradeable from version X to Y
                for I in ${FIND}; do
-                    I=`echo ${I} | sed 's/!space!/ /g'`
+                    I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
                    LogText "${I}"
                done
            fi
@ -1086,7 +1086,7 @@
 #################################################################################
 #
    # Description : AIX patches
-    # Notes       : /usr/sbin/instfix -c -i | cut -d":" -f1
+    # Notes       : /usr/sbin/instfix -c -i | ${CUTBINARY} -d":" -f1
 #
 #################################################################################
 #
--- a/include/tests_printers_spools
+++ b/include/tests_printers_spools
@ -117,7 +117,7 @@
    Register --test-no PRNT-2307 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd configuration file permissions"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking CUPS configuration file permissions"
-        FIND=`ls -l ${CUPSD_CONFIG_FILE} | cut -c 2-10`
+        FIND=`ls -l ${CUPSD_CONFIG_FILE} | ${CUTBINARY} -c 2-10`
        LogText "Result: found ${FIND}"
        if [ "${FIND}" = "r--------" -o "${FIND}" = "rw-------" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-rw----" ]; then
            Display --indent 4 --text "- File permissions" --result "${STATUS_OK}" --color GREEN
@ -271,11 +271,11 @@
        LogText "Test: Checking old print jobs"
        DirectoryExists /var/spool/lpd/qdir
        if [ ${DIRECTORY_FOUND} -eq 1 ]; then
-            FIND=`find /var/spool/lpd/qdir -type f -mtime +1 2> /dev/null | sed 's/ /!space!/g'`
+            FIND=`find /var/spool/lpd/qdir -type f -mtime +1 2> /dev/null | ${SEDBINARY} 's/ /!space!/g'`
            if [ ! "${FIND}" = "" ]; then
                N=0
                for I in ${FIND}; do
-                    FILE=`echo ${I} | sed 's/!space!/ /g'`
+                    FILE=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
                    LogText "Found old print job: ${FILE}"
                    N=$((N + 1))
                done
--- a/include/tests_scheduling
+++ b/include/tests_scheduling
@ -55,7 +55,7 @@
        BAD_FILE_PERMISSIONS=0
        BAD_FILE_OWNERSHIP=0
        FindCronJob() {
-            sCRONJOBS=$(${EGREPBINARY} '^([0-9*])' $1 | tr '\t' ' ' | tr -s ' ' | tr ' ' ',')
+            sCRONJOBS=$(${EGREPBINARY} '^([0-9*])' $1 | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',')
        }
        CRONTAB_FILE="/etc/crontab"
@ -155,7 +155,7 @@
        if [ "${OS}" = "Linux" ]; then
            if [ -f /etc/anacrontab ]; then
                LogText "Test: checking anacrontab"
-                sANACRONJOBS=$(${EGREPBINARY} '^([0-9@])' /etc/anacrontab | tr '\t' ' ' | tr -s ' ' | tr ' ' ',')
+                sANACRONJOBS=$(${EGREPBINARY} '^([0-9@])' /etc/anacrontab | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',')
                if [ ! "${sANACRONJOBS}" = "" ]; then
                    Report "scheduler[]=anacron"
                    for J in ${sANACRONJOBS}; do
@ -273,11 +273,11 @@
    Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check at jobs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check scheduled at jobs"
-        FIND=$(atq | ${GREPBINARY} -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g')
+        FIND=$(atq | ${GREPBINARY} -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g')
        if [ ! "${FIND}" = "" ]; then
            LogText "Result: found one or more jobs"
            for I in ${FIND}; do
-                VALUE=$(echo ${I} | sed 's/!space!/ /g')
+                VALUE=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g')
                LogText "Found at job: ${VALUE}"
            done
            Display --indent 4 --text "- Checking at jobs" --result "${STATUS_FOUND}" --color GREEN
--- a/include/tests_shells
+++ b/include/tests_shells
@ -117,9 +117,9 @@
        if [ -f /etc/profile ]; then
            # Determine if we can find a TMOUT value
-            FIND=`${GREPBINARY} 'TMOUT=' /etc/profile | tr -d ' ' | tr -d '\t' | ${GREPBINARY} -v "^#" | sed 's/export//' | sed 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'`
+            FIND=`${GREPBINARY} 'TMOUT=' /etc/profile | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'`
            # Determine if the value is exported (with export, readonly, or typeset)
-            FIND2=`${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | ${GREPBINARY} -v "^#" | sed 's/#.*//' | ${AWKBINARY} '{ print $1 }'`
+            FIND2=`${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }'`
            if [ ! "${FIND}" = "" ]; then
                N=0; IDLE_TIMEOUT=1
                for I in ${FIND}; do
@ -163,9 +163,9 @@
            FIND=`ls /etc/profile.d/*.sh 2> /dev/null`
            if [ ! "${FIND}" = "" ]; then
                # Determine if we can find a TMOUT value
-                FIND=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | tr -d ' ' | tr -d '\t' | ${GREPBINARY} -v "^#" | sed 's/export//' | sed 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'`
+                FIND=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }'`
                # Determine if the value is exported (with export, readonly, or typeset)
-                FIND2=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | sed 's/#.*//' | ${AWKBINARY} '{ print $1 }'`
+                FIND2=`cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }'`
                if [ ! "${FIND}" = "" ]; then
                    N=0; IDLE_TIMEOUT=1
@ -231,7 +231,7 @@
            if [ -f ${FILE} ]; then
                LogText "Result: file ${FILE} exists"
                FOUND=1
-                FIND=`${GREPBINARY} umask ${FILE} | sed 's/^[ \t]*//g' | sed 's/#.*$//' | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ print $2 }'`
+                FIND=`${GREPBINARY} umask ${FILE} | ${SEDBINARY} 's/^[ \t]*//g' | ${SEDBINARY} 's/#.*$//' | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ print $2 }'`
                if [ "${FIND}" = "" ]; then
                    LogText "Result: did not find umask configured in ${FILE}"
                    Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_NONE}" --color YELLOW
--- a/include/tests_squid
+++ b/include/tests_squid
@ -114,9 +114,9 @@
    Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}"
-        FIND=`${GREPBINARY} -v "^#" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
+        FIND=`${GREPBINARY} -v "^#" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g'`
        for I in ${FIND}; do
-            I=`echo ${I} | sed 's/!space!/ /g'`
+            I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
            LogText "Found Squid option: ${I}"
            Report "squid_option=${I}"
        done
@ -203,14 +203,14 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: checking ACLs"
-        FIND=`${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'`
+        FIND=`${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g'`
        if [ "${FIND}" = "" ]; then
            LogText "Result: No ACLs found"
            Display --indent 6 --text "- Checking Access Control Lists" --result "${STATUS_NONE}" --color RED
          else
            for I in ${FIND}; do
                N=$((N + 1))
-                I=`echo ${I} | sed 's/!space!/ /g'`
+                I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
                LogText "Found ACL: ${I}"
                #Report "squid_acl=${I}"
            done
@ -279,7 +279,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: checking option reply_body_max_size"
-        FIND=`${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'`
+        FIND=`${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g'`
        if [ "${FIND}" = "" ]; then
            LogText "Result: option reply_body_max_size not configured"
            Display --indent 6 --text "- Checking option: reply_body_max_size" --result "${STATUS_NONE}" --color RED
--- a/include/tests_ssh
+++ b/include/tests_ssh
@ -136,12 +136,12 @@
        # Go through our list of options
        for I in ${SSHOPS}; do
-            OPTIONNAME=`echo ${I} | cut -d ':' -f1`
+            OPTIONNAME=`echo ${I} | ${CUTBINARY} -d ':' -f1`
-            OPTIONNAME_LOWER=`echo ${I} | cut -d ':' -f1 | ${AWKBINARY} '{ print tolower($1) }'`
+            OPTIONNAME_LOWER=`echo ${I} | ${CUTBINARY} -d ':' -f1 | ${AWKBINARY} '{ print tolower($1) }'`
-            EXPECTEDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f1`
+            EXPECTEDVALUE=`echo ${I} | ${CUTBINARY} -d ':' -f2 | ${CUTBINARY} -d',' -f1`
-            MEDIUMSCOREDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f2`
+            MEDIUMSCOREDVALUE=`echo ${I} | ${CUTBINARY} -d ':' -f2 | ${CUTBINARY} -d',' -f2`
-            WEAKVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
+            WEAKVALUE=`echo ${I} | ${CUTBINARY} -d ':' -f2 | ${CUTBINARY} -d',' -f3`
-            TESTTYPE=`echo ${I} | cut -d ':' -f3`
+            TESTTYPE=`echo ${I} | ${CUTBINARY} -d ':' -f3`
            RESULT="NONE"
            if ! SkipAtomicTest "${TEST_NO}:${OPTIONNAME_LOWER}"; then
--- a/include/tests_storage_nfs
+++ b/include/tests_storage_nfs
@ -37,7 +37,7 @@
    Register --test-no STRG-1902 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check rpcinfo registered programs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking rpcinfo registered programs"
-        FIND=`${RPCINFOBINARY} -p 2> /dev/null | tr -s ' ' ','`
+        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${TRBINARY} -s ' ' ','`
        for I in ${FIND}; do
            LogText "rpcinfo: ${I}"
        done
@ -122,10 +122,10 @@
        LogText "Test: check /etc/exports"
        if [ -f /etc/exports ]; then
            LogText "Result: /etc/exports exists"
-            FIND=`${GREPBINARY} -v "^$" /etc/exports | ${GREPBINARY} -v "^#" | sed 's/ /!space!/g'`
+            FIND=`${GREPBINARY} -v "^$" /etc/exports | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/ /!space!/g'`
            if [ ! "${FIND}" = "" ]; then
                for I in ${FIND}; do
-                    I=`echo ${I} | sed 's/!space!/ /g'`
+                    I=`echo ${I} | ${SEDBINARY} 's/!space!/ /g'`
                    LogText "Found line: ${I}"
                done
              else
@ -161,7 +161,7 @@
    Register --test-no STRG-1930 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check client access to nfs share"
    if [ ${SKIPTEST} -eq 0 ]; then
        #LogText "Test: "
-        sFIND=`${SHOWMOUNTBINARY} -e | ${AWKBINARY} '{ print $2 }' | sed '1d'| ${GREPBINARY} "\*"`
+        sFIND=`${SHOWMOUNTBINARY} -e | ${AWKBINARY} '{ print $2 }' | ${SEDBINARY} '1d'| ${GREPBINARY} "\*"`
        if [ "${sFIND}" != "" ]; then
            LogText "Result: all client are allowed to access a NFS share in /etc/exports"
            Display --indent 4 --text "- Checking NFS client access" --result "ALL CLIENTS" --color YELLOW
--- a/include/tests_time
+++ b/include/tests_time
@ -274,7 +274,7 @@
    Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check unreliable NTP peers"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking unreliable ntp peers"
-        FIND=`${NTPQBINARY} -p -n | ${EGREPBINARY} "^(-|#)" | ${AWKBINARY} '{ print $1 }' | sed 's/^-//g'`
+        FIND=`${NTPQBINARY} -p -n | ${EGREPBINARY} "^(-|#)" | ${AWKBINARY} '{ print $1 }' | ${SEDBINARY} 's/^-//g'`
        if [ "${FIND}" = "" ]; then
            Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_NONE}" --color GREEN
            LogText "Result: No unreliable peers found"
@ -301,7 +301,7 @@
        FIND2=$(${NTPQBINARY} -p -n | ${GREPBINARY} '^*' | ${AWKBINARY} '{ print $1 }')
        if [ -z "${FIND}" -a ! -z "${FIND2}" ]; then
            Display --indent 2 --text "- Checking selected time source" --result "${STATUS_OK}" --color GREEN
-            FIND2=`echo ${FIND2} | sed 's/*//g'`
+            FIND2=`echo ${FIND2} | ${SEDBINARY} 's/*//g'`
            LogText "Result: Found selected time source (value: ${FIND2})"
        else
            Display --indent 2 --text "- Checking selected time source" --result "${STATUS_WARNING}" --color RED
@ -328,7 +328,7 @@
            Display --indent 2 --text "- Checking time source candidates" --result "${STATUS_OK}" --color GREEN
            LogText "Result: Found one or more candidates to synchronize time with."
            for I in ${FIND}; do
-                I=$(echo ${I} | sed 's/+//g')
+                I=$(echo ${I} | ${SEDBINARY} 's/+//g')
                LogText "Candidate found: ${I}"
            done
        fi
@ -350,7 +350,7 @@
            Display --indent 2 --text "- Checking falsetickers" --result "${STATUS_NONE}" --color YELLOW
            LogText "Result: Found one or more falsetickers  (items preceeding with an 'x')"
            for I in ${FIND}; do
-                I=$(echo ${I} | sed 's/x//g')
+                I=$(echo ${I} | ${SEDBINARY} 's/x//g')
                LogText "Falseticker found: ${I}"
                Report "ntp_falseticker[]=${I}"
            done
--- a/include/tests_tooling
+++ b/include/tests_tooling
@ -195,7 +195,7 @@
    if [ ${PERFORM_FAIL2BAN_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no TOOL-5104 --weight L --network NO --preqs-met ${PREQS_MET} --category security --description "Enabled tests in Fail2ban"
    if [ ${SKIPTEST} -eq 0 ]; then
-        FIND=$(${FAIL2BANCLIENT} -d | tr -d '[]' | tr -d "'" | ${AWKBINARY} -F, '{ if ($1=="add") { print $2 }}' | tr -d ' ')
+        FIND=$(${FAIL2BANCLIENT} -d | ${TRBINARY} -d '[]' | ${TRBINARY} -d "'" | ${AWKBINARY} -F, '{ if ($1=="add") { print $2 }}' | ${TRBINARY} -d ' ')
        if [ ! "${FIND}" = "" ]; then
            for F2BSERVICE in ${FIND}; do
                LogText "Result: service '${F2BSERVICE}' enabled"
--- a/include/tests_webservers
+++ b/include/tests_webservers
@ -93,7 +93,7 @@
    Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing main Apache configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        APACHE_CONFIGFILE=""
-        APACHE_TEST=`${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D SERVER_CONFIG_FILE=" | sed 's/[ ]-D SERVER_CONFIG_FILE=//' | tr -d '"' | tr -d ' ' | tr -d '[:cntrl:]'`
+        APACHE_TEST=`${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D SERVER_CONFIG_FILE=" | ${SEDBINARY} 's/[ ]-D SERVER_CONFIG_FILE=//' | ${TRBINARY} -d '"' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '[:cntrl:]'`
        if [ "${APACHE_TEST}" = "" ]; then
            LogText "Result: Can't find the configuration file, so skipping some Apache related tests"
@ -104,7 +104,7 @@
                Display --indent 6 --text "Info: Configuration file found (${APACHE_CONFIGFILE})"
              else
                # Probably the prefix is missing, so we are going to search that
-                APACHE_HTTPDROOT=`${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D HTTPD_ROOT=" | sed 's/[ ]-D HTTPD_ROOT=//' | tr -d '"' | tr -d ' '`
+                APACHE_HTTPDROOT=`${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D HTTPD_ROOT=" | ${SEDBINARY} 's/[ ]-D HTTPD_ROOT=//' | ${TRBINARY} -d '"' | ${TRBINARY} -d ' '`
                #echo "Apache root prefix: ${APACHE_HTTPDROOT}"
                #echo "Complete path to configuration file: ${APACHE_HTTPDROOT}/${APACHE_TEST}"
                APACHE_TESTFILE="${APACHE_HTTPDROOT}/${APACHE_TEST}"
@ -156,7 +156,7 @@
                    fi
                done
                # Search Server aliases
-                for J in `${GREPBINARY} "ServerAlias" ${I} | ${GREPBINARY} -v "^#" | sed "s/.* ServerAlias//g" | sed "s/#.*//g"`; do
+                for J in `${GREPBINARY} "ServerAlias" ${I} | ${GREPBINARY} -v "^#" | ${SEDBINARY} "s/.* ServerAlias//g" | ${SEDBINARY} "s/#.*//g"`; do
                    if [ ! -z ${J} ]; then
                        tVHOSTS="${tVHOSTS} ${J}"
                        cVHOSTS=$((cVHOSTS + 1))
@ -208,9 +208,9 @@
 #	        	SERVERTOKENSTEST=`${GREPBINARY} ServerTokens ${APACHE_CONFIGFILE} | ${GREPBINARY} -v '^#'`
 #	        	if [ ! "${SERVERTOKENSTEST}" = "" ]; then
 #	    		    Display --indent 4 --text "- Checking option ServerTokens" --result "${STATUS_FOUND}" --color WHITE
-#	        	    SERVERTOKENSTEST=`echo ${SERVERTOKENSTEST} | sed 's/ServerTokens//' | tr -d ' '`
+#	        	    SERVERTOKENSTEST=`echo ${SERVERTOKENSTEST} | ${SEDBINARY} 's/ServerTokens//' | ${TRBINARY} -d ' '`
 #	    		    LogText "Option ServerTokens found: ${SERVERTOKENSTEST}"
-#	    		    SERVERTOKENSEXPECTED=`${GREPBINARY} 'apache' ${PROFILE} | ${GREPBINARY} 'ServerTokens' | cut -d ':' -f3`
+#	    		    SERVERTOKENSEXPECTED=`${GREPBINARY} 'apache' ${PROFILE} | ${GREPBINARY} 'ServerTokens' | ${CUTBINARY} -d ':' -f3`
 #	    		    if [ "${SERVERTOKENSEXPECTED}" = "${SERVERTOKENSTEST}" ]; then
 #	    		        LogText "Result: Value from configuration file yielded the same output as in template"
 #	    		        SERVERTOKENSFOUND=1
@ -250,7 +250,7 @@
    #if [ ${SKIPTEST} -eq 0 ]; then
        # Testing Debian style
        #LogText "Test: searching loaded/enabled Apache modules"
-        #apachectl -t -D DUMP_MODULES 2>&1 | ${EGREPBINARY} -v "(Loaded Modules|Syntax OK)" | sed 's/(\(shared\|static\))//' | sed 's/ //'
+        #apachectl -t -D DUMP_MODULES 2>&1 | ${EGREPBINARY} -v "(Loaded Modules|Syntax OK)" | ${SEDBINARY} 's/(\(shared\|static\))//' | ${SEDBINARY} 's/ //'
        #for I in ${APACHE_MODULES_ENABLED_LOCS}; do
            #LogText "Test: checking ${I}"
            #if [ -d ${I} ]; then
@ -428,9 +428,9 @@
        # Remove temp file
        if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
        N=0
-        sed -e 's/^[ 	]*//' ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | sed 's/[	]/ /g' | sed 's/  / /g' | sed 's/  / /g' >> ${TMPFILE}
+        ${SEDBINARY} -e 's/^[ 	]*//' ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[	]/ /g' | ${SEDBINARY} 's/  / /g' | ${SEDBINARY} 's/  / /g' >> ${TMPFILE}
        # Search for included configuration files (may include directories and wild cards)
-        FIND=`${GREPBINARY} "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | sed 's/;$//g'`
+        FIND=`${GREPBINARY} "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | ${SEDBINARY} 's/;$//g'`
        for I in ${FIND}; do
            FIND2=`${LSBINARY} ${I} 2>/dev/null`
            for J in ${FIND2}; do
@ -442,7 +442,7 @@
                        FileIsReadable ${J}
                        if [ ${CANREAD} -eq 1 ]; then
                            NGINX_CONF_FILES="${NGINX_CONF_FILES} ${J}"
-                            FIND3=`sed -e 's/^[ 	]*//' ${J} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | sed 's/[	]/ /g' | sed 's/  / /g' | sed 's/  / /g' >> ${TMPFILE}`
+                            FIND3=`sed -e 's/^[ 	]*//' ${J} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[	]/ /g' | ${SEDBINARY} 's/  / /g' | ${SEDBINARY} 's/  / /g' >> ${TMPFILE}`
                        else
                            ReportException "${TEST_NO}:1" "Can not parse file ${J}, as it is not readable"
                        fi
@ -451,9 +451,9 @@
        done
        # Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx
-        SORTFILE=`${SORTBINARY} -u ${TMPFILE} | sed 's/ /:space:/g' | ${EGREPBINARY} -v "(application|audio|image|text|video)/" | ${EGREPBINARY} -v "({|})"`
+        SORTFILE=`${SORTBINARY} -u ${TMPFILE} | ${SEDBINARY} 's/ /:space:/g' | ${EGREPBINARY} -v "(application|audio|image|text|video)/" | ${EGREPBINARY} -v "({|})"`
        for I in ${SORTFILE}; do
-            I=`echo ${I} | sed 's/:space:/ /g'`
+            I=`echo ${I} | ${SEDBINARY} 's/:space:/ /g'`
            Report "nginx_config_option[]=${I}";
        done
@ -651,7 +651,7 @@
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #	N=0
 #	LogText "Test: searching proxy_pass statement in configuration file ${NGINX_CONF_LOCATION}"
-#	FIND=`${GREPBINARY} "proxy_pass" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | sed 's/proxy_pass//g' | tr -d ';'`
+#	FIND=`${GREPBINARY} "proxy_pass" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | ${SEDBINARY} 's/proxy_pass//g' | ${TRBINARY} -d ';'`
 #	for I in ${FIND}; do
 #	    LogText "Found reverse proxy configuration for: ${I}"
 #	    N=$((N + 1))
@ -675,7 +675,7 @@
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #	N=0
 #	LogText "Test: searching nginx virtual hosts"
-#	FIND=`${GREPBINARY} "server_name" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | sed 's/server_name//g' | tr -d ';'`
+#	FIND=`${GREPBINARY} "server_name" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | ${SEDBINARY} 's/server_name//g' | ${TRBINARY} -d ';'`
 #	for I in ${FIND}; do
 #	    if [ "${I}" = "_" ]; then I="Default virtual host"; fi
 #	    LogText "Found virtual host: ${I}"
@ -703,7 +703,7 @@
            LogText "Test: Checking ${DIR}"
            if [ -d ${DIR} ]; then
                LogText "Result: Directory ${DIR} exists, so will be used as search path"
-                FIND=$(find ${DIR} -type f -exec ${GREPBINARY} access_log \{\} \; | ${GREPBINARY} -v "#" | ${AWKBINARY} '{ if($1=="access_log") { print $2 } }' | sed 's/;$//g' | ${SORTBINARY} -u)
+                FIND=$(find ${DIR} -type f -exec ${GREPBINARY} access_log \{\} \; | ${GREPBINARY} -v "#" | ${AWKBINARY} '{ if($1=="access_log") { print $2 } }' | ${SEDBINARY} 's/;$//g' | ${SORTBINARY} -u)
                if [ -z "${FIND}" ]; then
                    LogText "Result: no log files found"
                else