From 17ac4d2c1cfc1aa8432401cae834779874d3e734 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 23 Mar 2020 10:44:45 +0100 Subject: [PATCH] [AUTH-9252] corrected permission check --- CHANGELOG.md | 1 + include/tests_authentication | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2237cc5e..84f15898 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -78,6 +78,7 @@ Using the relevant options, the scan will change base on the intended goal. - Security: the 'nounset' (set -u) parameter is now activated by default - AUTH-9228 - HP-UX support - AUTH-9234 - NetBSD support +- AUTH-9252 - corrected permission check - AUTH-9266 - skip .pam-old files in /etc/pam.d - AUTH-9268 - Perform test also on FreeBSD and NetBSD - AUTH-9282 - fix: temporary variable was overwritten diff --git a/include/tests_authentication b/include/tests_authentication index f0b61ba2..d3f9d3aa 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -509,7 +509,7 @@ if [ -d "${SUDOERS_D}" ]; then LogText "Test: checking drop-in directory (${SUDOERS_D})" FIND=$(${LSBINARY} -ld ${SUDOERS_D} | ${CUTBINARY} -c 2-10) - FIND2=$(${LSBINARY} -nd ${SUDOERS_D} | ${AWKBINARY} '{print $3$4}') + FIND2=$(${LSBINARY} -lnd ${SUDOERS_D} | ${AWKBINARY} '{print $3$4}') LogText "Result: Found directory permissions: ${FIND} and owner UID GID: ${FIND2}" case "${FIND}" in rwx[r-][w-][x-]--- ) @@ -537,7 +537,7 @@ for f in ${SUDO_CONFIG_FILES}; do LogText "Test: checking file (${f})" FIND=$(${LSBINARY} -l ${f} | ${CUTBINARY} -c 2-10) - FIND2=$(${LSBINARY} -n ${f} | ${AWKBINARY} '{print $3$4}') + FIND2=$(${LSBINARY} -ln ${f} | ${AWKBINARY} '{print $3$4}') LogText "Result: Found file permissions: ${FIND} and owner UID GID: ${FIND2}" case "${FIND}" in r[w-]-[r-][w-]---- )