mirror of https://github.com/CISOfy/lynis.git
e054e9757c
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
|
||
|---|---|---|
| .. | ||
| binaries | ||
| consts | ||
| data_upload | ||
| functions | ||
| helper_audit_dockerfile | ||
| helper_configure | ||
| helper_show | ||
| helper_system_remote_scan | ||
| helper_update | ||
| osdetection | ||
| parameters | ||
| profiles | ||
| report | ||
| tests_accounting | ||
| tests_authentication | ||
| tests_banners | ||
| tests_boot_services | ||
| tests_containers | ||
| tests_crypto | ||
| tests_custom.template | ||
| tests_databases | ||
| tests_file_integrity | ||
| tests_file_permissions | ||
| tests_filesystems | ||
| tests_firewalls | ||
| tests_hardening | ||
| tests_homedirs | ||
| tests_insecure_services | ||
| tests_kernel | ||
| tests_kernel_hardening | ||
| tests_ldap | ||
| tests_logging | ||
| tests_mac_frameworks | ||
| tests_mail_messaging | ||
| tests_malware | ||
| tests_memory_processes | ||
| tests_nameservices | ||
| tests_networking | ||
| tests_php | ||
| tests_ports_packages | ||
| tests_printers_spools | ||
| tests_scheduling | ||
| tests_shells | ||
| tests_snmp | ||
| tests_solaris | ||
| tests_squid | ||
| tests_ssh | ||
| tests_storage | ||
| tests_storage_nfs | ||
| tests_system_integrity | ||
| tests_time | ||
| tests_tooling | ||
| tests_virtualization | ||
| tests_webservers | ||
| tool_tips | ||