Merge pull request #11180 from dodys/nftables

Ubuntu: nftables: Improve SCE
ComplianceAsCode · Oct 9, 2023 · a9a56a7 · a9a56a7
2 parents d5a041f + f8e656d
commit a9a56a7
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/...s/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/sce/ubuntu.sh b/...s/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/sce/ubuntu.sh
@@ -5,9 +5,9 @@
 # Check if default policy is drop
 output=$(nft list ruleset)
 
-if ! (grep 'hook input' "$output" |& grep -w 'policy drop' &>/dev/null &&\
-     grep 'hook forward' "$output" |&  grep -w 'policy drop' &>/dev/null &&\
-     grep 'hook output' "$output" |& grep -w 'policy drop' &>/dev/null); then
+if ! (echo "$output" | grep 'hook input' |& grep -wq 'policy drop' &&\
+     echo "$output" | grep 'hook forward' |&  grep -wq 'policy drop' &&\
+     echo "$output" | grep 'hook output' |& grep -wq 'policy drop'); then
     exit "${XCCDF_RESULT_FAIL}"
 fi