evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity

add quotes

Browse source
This commit is contained in:
Jérémy Lecour 2019-03-22 22:43:38 +01:00
parent c073f5ca87
commit 3a484cf694
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
evocheck.sh
View file

@ -1100,7 +1100,7 @@ if is_debian; then
# /sys/devices/system/cpu/vulnerabilities/ # /sys/devices/system/cpu/vulnerabilities/
if is_debian_stretch; then if is_debian_stretch; then
for vuln in meltdown spectre_v1 spectre_v2; do for vuln in meltdown spectre_v1 spectre_v2; do
test -f /sys/devices/system/cpu/vulnerabilities/$vuln \ test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|| failed "IS_MELTDOWN_SPECTRE" || failed "IS_MELTDOWN_SPECTRE"
done done
# For Jessie this is quite complicated to verify and we need to use kernel config file # For Jessie this is quite complicated to verify and we need to use kernel config file
@ -1110,10 +1110,10 @@ if is_debian; then
kernelVer=${kernelPath##*/vmlinuz-} kernelVer=${kernelPath##*/vmlinuz-}
kernelConfig="config-${kernelVer}" kernelConfig="config-${kernelVer}"
# Sometimes autodetection of kernel config file fail, so we test if the file really exists. # Sometimes autodetection of kernel config file fail, so we test if the file really exists.
if [ -f /boot/$kernelConfig ]; then if [ -f "/boot/${kernelConfig}" ]; then
grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' /boot/$kernelConfig \ grep -Eq '^CONFIG_PAGE_TABLE_ISOLATION=y' "/boot/$kernelConfig" \
|| failed "IS_MELTDOWN_SPECTRE" "PAGE_TABLE_ISOLATION vulnerability is not patched" || failed "IS_MELTDOWN_SPECTRE" "PAGE_TABLE_ISOLATION vulnerability is not patched"
grep -Eq '^CONFIG_RETPOLINE=y' /boot/$kernelConfig \ grep -Eq '^CONFIG_RETPOLINE=y' "/boot/$kernelConfig" \
|| failed "IS_MELTDOWN_SPECTRE" "RETPOLINE vulnerability is not patched" || failed "IS_MELTDOWN_SPECTRE" "RETPOLINE vulnerability is not patched"
fi fi
fi fi
@ -1122,7 +1122,7 @@ if is_debian; then
if [ "$IS_OLD_HOME_DIR" = 1 ]; then if [ "$IS_OLD_HOME_DIR" = 1 ]; then
homeDir=${homeDir:-/home} homeDir=${homeDir:-/home}
for dir in $homeDir/*; do for dir in "$homeDir"/*; do
statResult=$(stat -c "%n has owner %u resolved as %U" "$dir" \ statResult=$(stat -c "%n has owner %u resolved as %U" "$dir" \
| grep -Eve '.bak' -e '\.[0-9]{2}-[0-9]{2}-[0-9]{4}' \ | grep -Eve '.bak' -e '\.[0-9]{2}-[0-9]{2}-[0-9]{4}' \
| grep "UNKNOWN") | grep "UNKNOWN")
@ -1302,7 +1302,7 @@ fi
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
for f in /etc/ssl/private/*; do for f in /etc/ssl/private/*; do
perms=$(stat -L -c "%a" $f) perms=$(stat -L -c "%a" "$f")
if [ "${perms: -1}" != "0" ]; then if [ "${perms: -1}" != "0" ]; then
failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable" failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
## let's print an error for each key ## let's print an error for each key