tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix a bug for 12.10, and remove the unwanted exceptions.

This commit is contained in:
samson 2018-12-11 04:44:01 +08:00
parent e6f5e9a69a
commit 5eed5789f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/12.10_find_suid_files.sh
View File

@ -20,7 +20,7 @@ audit () {
for BINARY in $RESULT; do
if grep -q $BINARY <<< "$EXCEPTIONS"; then
debug "$BINARY is confirmed as an exception"
RESULT=$(sed "s!$BINARY!!" <<< $RESULT)
RESULT=$(grep -wv "$BINARY" <<< $RESULT)
fi
done
if [ ! -z "$RESULT" ]; then
@ -42,7 +42,7 @@ create_config() {
cat <<EOF
status=disabled
# Put Here your valid suid binaries so that they do not appear during the audit
EXCEPTIONS="/bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
EXCEPTIONS="/bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign"
EOF
}