tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved logging of HasCorrectFilePermissions function and use correct value when data has a value of zero

This commit is contained in:
Michael Boelen 2019-09-14 13:22:50 +02:00
parent d6324ee29a
commit 13a4dff7fe
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
include/functions
View File

@ -239,7 +239,6 @@
# busybox does not support format # busybox does not support format
if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then
DATA=$(${STATBINARY} --format=%a ${CHECKFILE}) DATA=$(${STATBINARY} --format=%a ${CHECKFILE})
LogText "Output: ${DATA}"
fi fi
fi fi
@ -266,15 +265,20 @@
else else
DATA=$(${LSBINARY} -l ${CHECKFILE} | cut -c 2-10) DATA=$(${LSBINARY} -l ${CHECKFILE} | cut -c 2-10)
fi fi
# Convert permissions to octal
LogText "Converting ${DATA} to octal"
DATA=$(echo ${DATA} | ${AWKBINARY} '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o",k)}')
LogText "Output: ${DATA}"
fi fi
# Convert permissions to octal when needed
case ${DATA} in
"r"|"w"|"x"|"-")
LogText "Converting value ${DATA} to octal"
DATA=$(echo ${DATA} | ${AWKBINARY} '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o",k)}')
if [ "${DATA}" = "0" ]; then DATA="000"; fi
;;
esac
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
if [ "${DATA}" = "${CHECK_PERMISSION}" ]; then if [ "${DATA}" = "${CHECK_PERMISSION}" ]; then
LogText "Outcome: correct permissions" LogText "Outcome: correct permissions (${DATA})"
return 0 return 0
fi fi
else else
@ -282,7 +286,7 @@
fi fi
done done
LogText "Did not find the permissions of file ${CHECKFILE} matching any of the ${CHECKPERMISSION_FULL} values" LogText "Outcome: permissions of file ${CHECKFILE} are not matching expected value (${DATA} != ${CHECKPERMISSION_FULL})"
# No match, return exit code 1 # No match, return exit code 1
return 1 return 1
fi fi