improve bash remediation of mount_option template #11009
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this regex was not anchored at the begining of the line. Therefore, it captured also lines which were commented.
This test scenario tests the case where a correct but commented line is added to fstab, followed by incorrect uncommented line. It is tied to the previous commit.
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the trimmed diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/boot/efi")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/boot/efi")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/boot/efi' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /boot/efi)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /boot/efi)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /boot/efi defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_noauto' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_noauto
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_noauto
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/boot")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/boot")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/boot' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /boot)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /boot)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noauto)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /boot defaults,${previous_mount_opts}noauto 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noauto"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noauto"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noauto|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/boot")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/boot")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/boot' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /boot)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /boot)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /boot defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/boot")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/boot")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/boot' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /boot)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /boot)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /boot defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/boot")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/boot")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/boot' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /boot)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /boot)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /boot defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev
@@ -5,10 +5,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -21,7 +21,7 @@
fi
echo "tmpfs /dev/shm tmpfs defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec
@@ -5,10 +5,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -21,7 +21,7 @@
fi
echo "tmpfs /dev/shm tmpfs defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid
@@ -5,10 +5,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /dev/shm)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -21,7 +21,7 @@
fi
echo "tmpfs /dev/shm tmpfs defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_home_grpquota' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_home_grpquota
+++ xccdf_org.ssgproject.content_rule_mount_option_home_grpquota
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/home")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/home")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/home' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /home)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /home)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|grpquota)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /home defaults,${previous_mount_opts}grpquota 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "grpquota"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "grpquota"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,grpquota|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_home_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_home_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_home_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/home")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/home")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/home' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /home)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /home)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /home defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_home_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_home_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_home_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/home")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/home")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/home' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /home)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /home)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /home defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_home_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_home_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_home_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/home")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/home")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/home' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /home)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /home)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /home defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_home_usrquota' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_home_usrquota
+++ xccdf_org.ssgproject.content_rule_mount_option_home_usrquota
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/home")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/home")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/home' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /home)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /home)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|usrquota)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /home defaults,${previous_mount_opts}usrquota 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "usrquota"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "usrquota"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,usrquota|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_nodev_nonroot_local_partitions' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_nodev_nonroot_local_partitions
+++ xccdf_org.ssgproject.content_rule_mount_option_nodev_nonroot_local_partitions
@@ -17,10 +17,10 @@
device_type="$(echo ${partition_record} | cut -d " " -f3)"
if ! printf '%s\0' "${polyinstantiated_dirs[@]}" | grep -qxzF "$mount_point"; then
# device and device_type will be used only in case when the device doesn't have fstab record
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" $mount_point)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" $mount_point)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|$MOUNT_OPTION)(,|$)//g;s/,$//")
@@ -33,7 +33,7 @@
fi
echo "$device $mount_point $device_type defaults,${previous_mount_opts}$MOUNT_OPTION 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "$MOUNT_OPTION"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "$MOUNT_OPTION"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,$MOUNT_OPTION|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_opt_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_opt_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_opt_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/opt")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/opt")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/opt' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /opt)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /opt)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /opt defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_proc_hidepid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_proc_hidepid
+++ xccdf_org.ssgproject.content_rule_mount_option_proc_hidepid
@@ -8,10 +8,10 @@
var_mount_option_proc_hidepid=''
mountoption="hidepid=$var_mount_option_proc_hidepid"
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /proc)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /proc)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|$mountoption)(,|$)//g;s/,$//")
@@ -24,7 +24,7 @@
fi
echo "proc /proc proc defaults,${previous_mount_opts}$mountoption 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "$mountoption"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "$mountoption"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,$mountoption|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_srv_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_srv_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_srv_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/srv")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/srv")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/srv' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /srv)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /srv)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /srv defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_tmp_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_tmp_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_tmp_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /tmp defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_tmp_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_tmp_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_tmp_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /tmp defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_tmp_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_tmp_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_tmp_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /tmp defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log/audit' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log/audit defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log/audit' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log/audit defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log/audit")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log/audit' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log/audit)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log/audit defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_log_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_log_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_var_log_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/log")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/log' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/log)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/log)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/log defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_var_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_var_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_var_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nodev' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nodev
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/tmp defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_tmp_noexec' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_tmp_noexec
+++ xccdf_org.ssgproject.content_rule_mount_option_var_tmp_noexec
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/tmp defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid
@@ -3,7 +3,7 @@
function perform_remediation {
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" "/var/tmp")"
grep "$mount_point_match_regexp" -q /etc/fstab \
|| { echo "The mount point '/var/tmp' is not even in /etc/fstab, so we can't set up mount options" >&2;
@@ -11,10 +11,10 @@
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" /var/tmp)"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//")
@@ -27,7 +27,7 @@
fi
echo " /var/tmp defaults,${previous_mount_opts}nosuid 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nosuid"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nosuid"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nosuid|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_krb_sec_remote_filesystems' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_krb_sec_remote_filesystems
+++ xccdf_org.ssgproject.content_rule_mount_option_krb_sec_remote_filesystems
@@ -6,10 +6,10 @@
for vfstype_point in "${vfstype_points[@]}"
do
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|sec=krb5:krb5i:krb5p)(,|$)//g;s/,$//")
@@ -22,7 +22,7 @@
fi
echo " ${vfstype_point//\\/\\\\} nfs4 defaults,${previous_mount_opts}sec=krb5:krb5i:krb5p 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "sec=krb5:krb5i:krb5p"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "sec=krb5:krb5i:krb5p"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,sec=krb5:krb5i:krb5p|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_nodev_remote_filesystems' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_nodev_remote_filesystems
+++ xccdf_org.ssgproject.content_rule_mount_option_nodev_remote_filesystems
@@ -6,10 +6,10 @@
for vfstype_point in "${vfstype_points[@]}"
do
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nodev)(,|$)//g;s/,$//")
@@ -22,7 +22,7 @@
fi
echo " ${vfstype_point//\\/\\\\} nfs4 defaults,${previous_mount_opts}nodev 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "nodev"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "nodev"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,nodev|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_noexec_remote_filesystems' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_noexec_remote_filesystems
+++ xccdf_org.ssgproject.content_rule_mount_option_noexec_remote_filesystems
@@ -6,10 +6,10 @@
for vfstype_point in "${vfstype_points[@]}"
do
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|noexec)(,|$)//g;s/,$//")
@@ -22,7 +22,7 @@
fi
echo " ${vfstype_point//\\/\\\\} nfs4 defaults,${previous_mount_opts}noexec 0 0" >> /etc/fstab
# If the mount_opt option is not already in the mount point's /etc/fstab entry, add it
- elif ! grep "$mount_point_match_regexp" /etc/fstab | grep "noexec"; then
+ elif ! grep "$mount_point_match_regexp" /etc/fstab | grep -q "noexec"; then
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/fstab | awk '{print $4}')
sed -i "s|\(${mount_point_match_regexp}.*${previous_mount_opts}\)|\1,noexec|" /etc/fstab
fi
bash remediation for rule 'xccdf_org.ssgproject.content_rule_mount_option_nosuid_remote_filesystems' differs.
--- xccdf_org.ssgproject.content_rule_mount_option_nosuid_remote_filesystems
+++ xccdf_org.ssgproject.content_rule_mount_option_nosuid_remote_filesystems
@@ -6,10 +6,10 @@
for vfstype_point in "${vfstype_points[@]}"
do
- mount_point_match_regexp="$(printf "[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
+ mount_point_match_regexp="$(printf "^[[:space:]]*[^#].*[[:space:]]%s[[:space:]]" ${vfstype_point//\\/\\\\})"
# If the mount point is not in /etc/fstab, get previous mount options from /etc/mtab
- if ! grep "$mount_point_match_regexp" /etc/fstab; then
+ if ! grep -q "$mount_point_match_regexp" /etc/fstab; then
# runtime opts without some automatic kernel/userspace-added defaults
previous_mount_opts=$(grep "$mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
| sed -E "s/(rw|defaults|seclabel|nosuid)(,|$)//g;s/,$//
... The diff is trimmed here ... |
dodys
reviewed
Aug 22, 2023
|
Code Climate has analyzed commit cc8b8ec and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.3% (0.0% change). View more on Code Climate. |
dodys
approved these changes
Aug 28, 2023
|
I will try to reproduce the the failed Automatus tests in local VMs before merging this PR. |
All local tests passed. Waiving failed Automatus tests. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Rationale:
there was a case described by newly added test which was not caught by Bash remediation.
Fixes Bash remediation of mount_option template incorrectly handles commented lines #10526
Review Hints: