mirror of
https://github.com/hardenedlinux/harbian-audit.git
synced 2025-07-24 14:16:31 +02:00
Update audit and apply methods for 2.17
This commit is contained in:
parent
f4633c21af
commit
c9ba18c101
@ -1,8 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# harbian audit 7/8/9 Hardening
|
||||
#
|
||||
# harbian audit 7/8/9/10 or CentOS Hardening
|
||||
# Modify by: Samson-W (samson@hardenedlinux.org)
|
||||
|
||||
#
|
||||
# 2.17 Set Sticky Bit on All World-Writable Directories (Scored)
|
||||
@ -24,6 +24,15 @@ audit () {
|
||||
else
|
||||
ok "All world writable directories have a sticky bit"
|
||||
fi
|
||||
# Check sticky dir group-owned is root
|
||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' $SUDO_CMD find '{}' -xdev -type d ! -group root \( -perm -0002 -a -perm -1000 \) -print 2>/dev/null)
|
||||
if [ ! -z "$RESULT" ]; then
|
||||
crit "Some world writable directories are sticky bit mode, but not group owned is root!"
|
||||
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')
|
||||
crit "$FORMATTED_RESULT"
|
||||
else
|
||||
ok "All world writable directories have a sticky bit, and group owner is root."
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
@ -34,6 +43,12 @@ apply () {
|
||||
else
|
||||
ok "All world writable directories have a sticky bit, nothing to apply"
|
||||
fi
|
||||
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' $SUDO_CMD find '{}' -xdev -type d ! -group root \( -perm -0002 -a -perm -1000 \) -print 2>/dev/null)
|
||||
if [ ! -z "$RESULT" ]; then
|
||||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' $SUDO_CMD find '{}' -xdev -type d ! -group root \( -perm -0002 -a -perm -1000 \) -print 2>/dev/null | xargs chgrp root
|
||||
else
|
||||
ok "All world writable directories have a sticky bit, and group owner is root."
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
|
Loading…
x
Reference in New Issue
Block a user