Merge pull request #11189 from dodys/nftables-v0.1.70

Mab879 · web-flow · commit 28b78170b04d · 2023-10-10T07:39:39.000-05:00
Cherry-pick of PR 11180 for v0.1.70
diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/sce/ubuntu.sh b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/sce/ubuntu.sh
@@ -5,9 +5,9 @@
 # Check if default policy is drop
 output=$(nft list ruleset)
 
-if ! (grep 'hook input' "$output" |& grep -w 'policy drop' &>/dev/null &&\
-     grep 'hook forward' "$output" |&  grep -w 'policy drop' &>/dev/null &&\
-     grep 'hook output' "$output" |& grep -w 'policy drop' &>/dev/null); then
+if ! (echo "$output" | grep 'hook input' |& grep -wq 'policy drop' &&\
+     echo "$output" | grep 'hook forward' |&  grep -wq 'policy drop' &&\
+     echo "$output" | grep 'hook output' |& grep -wq 'policy drop'); then
     exit "${XCCDF_RESULT_FAIL}"
 fi
 
