From d894963f718bf456d719f84bfeff0ea9055099b5 Mon Sep 17 00:00:00 2001 From: Samson-W Date: Fri, 1 Apr 2022 01:12:42 +0800 Subject: [PATCH] Add 14.2: Check abuse 777 permissions --- .../14.2_check_abuse_777_permissions.sh | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100755 bin/hardening/14.2_check_abuse_777_permissions.sh diff --git a/bin/hardening/14.2_check_abuse_777_permissions.sh b/bin/hardening/14.2_check_abuse_777_permissions.sh new file mode 100755 index 0000000..c5521c4 --- /dev/null +++ b/bin/hardening/14.2_check_abuse_777_permissions.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# +# harbian-audit for Debian GNU/Linux 9/10/11 Hardening +# + +# +# 14.2 To ensure there are no files permissions are set to 777 (Scored) +# Author: Samson-W (samson@hardenedlinux.org) author add this +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +HARDENING_LEVEL=3 +HARDENING_EXCEPTION=sechardened + +# This function will be called if the script status is on enabled / audit mode +audit () { + if [ $ISEXCEPTION -eq 1 ]; then + warn "Exception is set to 1, so it's pass!" + else + ABUSECOUNT=$(find / -xdev -type f -perm -777 | wc -l ) + if [ $ABUSECOUNT -gt 0 ]; then + crit "$ABUSECOUNT files abuse the 777 permission." + FNRET=1 + else + ok "There are no files that abuse 777 permissions." + FNRET=0 + fi + fi +} + +# This function will be called if the script status is on enabled mode +apply () { + if [ $ISEXCEPTION -eq 1 ]; then + warn "Exception is set to 1, so it's pass!" + else + if [ $FNRET -eq 0 ]; then + ok "There are no files that abuse 777 permissions." + else + warn "Some files abuse 777 permissions. Please check and correct yourself!" + fi + fi +} + +# This function will create the config file for this check with default values +create_config() { +cat <