mirror of https://github.com/CISOfy/lynis.git
e054e9757c
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
|
||
|---|---|---|
| .. | ||
| README | ||
| custom_plugin.template | ||
| plugin_pam_phase1 | ||
| plugin_systemd_phase1 | ||
README
##########################################################################
#
# This directory contains plugins
#
##########################################################################
General notes
---------------
Custom plugins should be added to this directory, so they are included
in an audit.
Notes:
- File permissions of a plugin should be 600, 640 or the least
restrictive 400.
- Each plugin should be enabled in the profile, before it will be
activated.
- Custom plugins should use a test ID's with a "CUS-" prefix.
A generic example can be found in the custom_plugin.template file,
which includes several code snippets to assist in creating customer
plugins.
Community plugins are available under a restricted license.
**************************************************************************
Would your plugin or individual test benefit Lynis and others?
Share and be part of the Free and Open Source Software community!
Support address: lynis-dev@cisofy.com
**************************************************************************