| #!/bin/bash |
| # Copyright 2021 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # Runs all of the alphabet compliance scripts in {SCRIPTS_DIR}. |
| |
| SCRIPTS_DIR=/usr/share/google/security/cis-compliance/scripts |
| ENV_VARS_FILE=/etc/cis-scanner/env_vars |
| # Gets benchmarks after the = as a space separated list to be used below |
| OPTED_OUT_BENCHMARKS=$(grep -o -- --benchmark-opt-out-ids=.* "${ENV_VARS_FILE}" | awk '{print $1}' | cut -f2- -d= | cut -f1 -d\" | tr ',' ' ') |
| exit_code=0 |
| |
| # Loops through both list of scripts and opted out benchmarks to make sure benchmarks that are |
| # opted out of don't run. Done this way to work with potential benchmarks that are substrings of others |
| for script in "${SCRIPTS_DIR}"/[0-9][0-9][0-9][0-9]-*.sh ; do |
| num_with_id="$(basename "${script%.*}")" |
| benchmark_id="${num_with_id:5}" |
| script_opted_out=0 |
| for opted_out_benchmark in ${OPTED_OUT_BENCHMARKS}; do |
| if [[ "${opted_out_benchmark}" == "${benchmark_id}" ]]; then |
| script_opted_out=1 |
| fi |
| done |
| if [[ ${script_opted_out} == 0 ]]; then |
| . "${script}" |
| fi |
| ret_code=$? |
| if [ "${ret_code}" -ne 0 ]; then |
| exit_code="${ret_code}" |
| echo "Error code: ${ret_code} returned while executing ${script}" |
| fi |
| done |
| |
| exit "${exit_code}" |