tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-25 14:54:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

New function SafeFile

Browse Source
This commit is contained in:
Michael Boelen 2019-07-12 13:05:43 +02:00
parent 21f9a18e8b
commit 0f80fa07aa
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
include/functions
View File

@ -88,6 +88,7 @@
# ReportManual Log manual actions to report file # ReportManual Log manual actions to report file
# ReportSuggestion Add a suggestion to report file # ReportSuggestion Add a suggestion to report file
# ReportWarning Add a warning and priority to report file # ReportWarning Add a warning and priority to report file
# SafeFile Security tests to perform on a file before using it
# SafePerms Check if a file has safe permissions # SafePerms Check if a file has safe permissions
# SafeInput Test provided string to see if it contains unwanted characters # SafeInput Test provided string to see if it contains unwanted characters
# SearchItem Search a string in a file # SearchItem Search a string in a file
@ -2611,6 +2612,56 @@
} }
################################################################################
# Name : SafeFile()
# Description : Check if a file is safe to use
#
################################################################################
SafeFile() {
unsafe=0
if [ $# -ne 1 ]; then
ExitFatal "No argument or too many arguments provided to SafeFile()"
else
FILE="$1"
# Generic checks
if [ -g "${FILE}" ]; then
LogText "Security alert: file has setgid attribute"
unsafe=1
# sticky bit
elif [ -k "${FILE}" ]; then
LogText "Security alert: file has sticky bit"
unsafe=1
# symbolic link
elif [ -L "${FILE}" ]; then
LogText "Security alert: file is a symbolic link"
unsafe=1
elif [ -f "${FILE}" ]; then
LogText "Security check: file is normal"
else
unsafe=1
fi
# Perform additional checks based on privilege level
if [ ${PRIVILEGED} -eq 0 ]; then
# File is not owned by active user, but still able to write
if [ ! -O "${FILE}" -a -w "${FILE}" ]; then
unsafe=1
LogText "Security alert: file is not owned by active user, but can write to it"
fi
fi
# Check file permissions
if ! SafePerms "${FILE}"; then
unsafe=1
fi
fi
return ${unsafe}
}
################################################################################ ################################################################################
# Name : SafePerms() # Name : SafePerms()