feat[script] added check/fix/check logic

Added check/fix/check logic to compliance script
2026-03-01 07:52:54 +00:00 · 2022-12-13 12:59:53 -05:00
parent 8e80136e2c
commit ccb2cc398b
1 changed files with 6 additions and 5 deletions
--- a/scripts/generate_guidance.py
+++ b/scripts/generate_guidance.py
@@ -628,7 +628,7 @@ vared -p "Press [Enter] key to continue..." -c fackEnterKey

 ask() {{
    # if fix flag is passed, assume YES for everything
-    if [[ $fix ]]; then
+    if [[ $fix ]] || [[ $cfc ]]; then
        return 0
    fi

@@ -1004,7 +1004,7 @@ fi
 lastComplianceScan=$(defaults read "$audit_plist" lastComplianceCheck)
 echo "Results written to $audit_plist"

-if [[ ! $check ]];then
+if [[ ! $check ]] && [[ ! $cfc ]];then
    pause
 fi

@@ -1024,7 +1024,7 @@ if [[ ! -e "$audit_plist" ]]; then
    fi
 fi

-if [[ ! $fix ]]; then
+if [[ ! $fix ]] && [[ ! $cfc ]]; then
    ask 'THE SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER. WOULD YOU LIKE TO CONTINUE? ' N

    if [[ $? != 0 ]]; then
@@ -1048,13 +1048,14 @@ echo "$(date -u) Remediation complete" >> "$audit_log"

 }

-zparseopts -D -E -check=check -fix=fix -stats=stats -compliant=compliant_opt -non_compliant=non_compliant_opt -reset=reset
+zparseopts -D -E -check=check -fix=fix -stats=stats -compliant=compliant_opt -non_compliant=non_compliant_opt -reset=reset -cfc=cfc

 if [[ $reset ]]; then reset_plist; fi

-if [[ $check ]] || [[ $fix ]] || [[ $stats ]] || [[ $compliant_opt ]] || [[ $non_compliant_opt ]]; then
+if [[ $check ]] || [[ $fix ]] || [[ $cfc ]] || [[ $stats ]] || [[ $compliant_opt ]] || [[ $non_compliant_opt ]]; then
    if [[ $fix ]]; then run_fix; fi
    if [[ $check ]]; then run_scan; fi
+    if [[ $cfc ]]; then run_scan; run_fix; run_scan; fi
    if [[ $stats ]];then generate_stats; fi
    if [[ $compliant_opt ]];then compliance_count "compliant"; fi
    if [[ $non_compliant_opt ]];then compliance_count "non-compliant"; fi