tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-16 10:24:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Lots of cleanups (#366)

Browse Source 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
This commit is contained in:
hlein 2017-03-07 12:23:08 -07:00 committed by Michael Boelen
parent 7e915df1ee
commit e054e9757c
16 changed files with 591 additions and 591 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions
View File

@ -81,7 +81,7 @@
# ReportManual Log manual actions to report file # ReportManual Log manual actions to report file
# ReportSuggestion Add a suggestion to report file # ReportSuggestion Add a suggestion to report file
# ReportWarning Add a warning and priority to report file # ReportWarning Add a warning and priority to report file
# SafePerms Check if a directory has safe permissions # SafePerms Check if a file has safe permissions
# SearchItem Search a string in a file # SearchItem Search a string in a file
# ShowComplianceFinding Display a particular finding regarding compliance or a security standard # ShowComplianceFinding Display a particular finding regarding compliance or a security standard
# ShowSymlinkPath Show a path behind a symlink # ShowSymlinkPath Show a path behind a symlink

2
plugins/plugin_pam_phase1
View File

@ -173,7 +173,7 @@
PAM_2F_AUTH_REQUIRED=1 PAM_2F_AUTH_REQUIRED=1
Report "authentication_2f_provider[]=${PAM_MODULE_NAME}" Report "authentication_2f_provider[]=${PAM_MODULE_NAME}"
Report "authentication_2f_service[]=${PAM_SERVICE}" Report "authentication_2f_service[]=${PAM_SERVICE}"
elif -o "${PAM_CONTROL_FLAG}" = "sufficient" ]; then elif [ "${PAM_CONTROL_FLAG}" = "sufficient" ]; then
PAM_2F_AUTH_ENABLED=1 PAM_2F_AUTH_ENABLED=1
Report "authentication_2f_provider[]=${PAM_MODULE_NAME}" Report "authentication_2f_provider[]=${PAM_MODULE_NAME}"
Report "authentication_2f_service[]=${PAM_SERVICE}" Report "authentication_2f_service[]=${PAM_SERVICE}"