tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[AUTH-9252] corrected permission check

This commit is contained in:
Michael Boelen 2020-03-23 10:44:45 +01:00
parent a067c4211a
commit 17ac4d2c1c
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -78,6 +78,7 @@ Using the relevant options, the scan will change base on the intended goal.
- Security: the 'nounset' (set -u) parameter is now activated by default - Security: the 'nounset' (set -u) parameter is now activated by default
- AUTH-9228 - HP-UX support - AUTH-9228 - HP-UX support
- AUTH-9234 - NetBSD support - AUTH-9234 - NetBSD support
- AUTH-9252 - corrected permission check
- AUTH-9266 - skip .pam-old files in /etc/pam.d - AUTH-9266 - skip .pam-old files in /etc/pam.d
- AUTH-9268 - Perform test also on FreeBSD and NetBSD - AUTH-9268 - Perform test also on FreeBSD and NetBSD
- AUTH-9282 - fix: temporary variable was overwritten - AUTH-9282 - fix: temporary variable was overwritten

4
include/tests_authentication
View File

@ -509,7 +509,7 @@
if [ -d "${SUDOERS_D}" ]; then if [ -d "${SUDOERS_D}" ]; then
LogText "Test: checking drop-in directory (${SUDOERS_D})" LogText "Test: checking drop-in directory (${SUDOERS_D})"
FIND=$(${LSBINARY} -ld ${SUDOERS_D} | ${CUTBINARY} -c 2-10) FIND=$(${LSBINARY} -ld ${SUDOERS_D} | ${CUTBINARY} -c 2-10)
FIND2=$(${LSBINARY} -nd ${SUDOERS_D} | ${AWKBINARY} '{print $3$4}') FIND2=$(${LSBINARY} -lnd ${SUDOERS_D} | ${AWKBINARY} '{print $3$4}')
LogText "Result: Found directory permissions: ${FIND} and owner UID GID: ${FIND2}" LogText "Result: Found directory permissions: ${FIND} and owner UID GID: ${FIND2}"
case "${FIND}" in case "${FIND}" in
rwx[r-][w-][x-]--- ) rwx[r-][w-][x-]--- )
@ -537,7 +537,7 @@
for f in ${SUDO_CONFIG_FILES}; do for f in ${SUDO_CONFIG_FILES}; do
LogText "Test: checking file (${f})" LogText "Test: checking file (${f})"
FIND=$(${LSBINARY} -l ${f} | ${CUTBINARY} -c 2-10) FIND=$(${LSBINARY} -l ${f} | ${CUTBINARY} -c 2-10)
FIND2=$(${LSBINARY} -n ${f} | ${AWKBINARY} '{print $3$4}') FIND2=$(${LSBINARY} -ln ${f} | ${AWKBINARY} '{print $3$4}')
LogText "Result: Found file permissions: ${FIND} and owner UID GID: ${FIND2}" LogText "Result: Found file permissions: ${FIND} and owner UID GID: ${FIND2}"
case "${FIND}" in case "${FIND}" in
r[w-]-[r-][w-]---- ) r[w-]-[r-][w-]---- )