Safe and Secure Bash

#!/bin/bash -

# File: <filename>
# Copyright (c) 2019 Justin Hanekom <justin_hanekom@yahoo.com>

# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files
# (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

# Setup a safe Bash scripting environment

set -o errexit      # Exit immediately if an error occurs
set -o noclobber    # Do not allow files to be overwritten via redirect
set -o nounset      # Do not allow unset variables

# Set the exit code of a pipeline to the rightmost non-zero on error
set -o pipefail
#set -o xtrace       # Trace script execution (i.e., debug mode)
# Set the internal field separator to newline or tab, but not space
IFS=$'\n\t'

# Setup a secure Bash scripting environment by: setting a secure path;
# clearing all aliases; clearing the command path hash; setting the hard limit
# to 0 to turn off core dumps; and setting a secure umask

PATH=$(PATH='/bin:/usr/bin' getconf PATH); export PATH
\unalias -a
hash -r
ulimit -H -c 0 --

UMASK=002
umask ${UMASK}