tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved umask detection and logging

This commit is contained in:
mboelen 2015-08-20 18:46:06 +02:00
parent 649f0cfb3c
commit 210ba41a3c
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/tests_authentication
View File

@ -813,7 +813,9 @@
#FIND2=`egrep "^([[:space:]])([[:tab:]])*umask" /etc/profile | awk '{ print $2 }' | wc -l`
WEAK_UMASK=0
FOUND_UMASK=0
if [ "${FIND2}" = "1" ]; then
if [ "${FIND2}" = "0" ]; then
logtext "Result: did not find umask in /etc/profile"
elif [ "${FIND2}" = "1" ]; then
logtext "Result: found umask (prefixed with spaces)"
FOUND_UMASK=1
if [ ! "${FIND}" = "077" -a ! "${FIND}" = "027" ]; then
@ -824,7 +826,7 @@
fi
# Found more than 1 umask value in profile
else
logtext "Result: found several umask values configured in /etc/profile"
logtext "Result: found multiple umask values configured in /etc/profile"
FOUND_UMASK=1
for I in ${FIND}; do
if [ ! "${I}" = "077" -a ! "${I}" = "027" ]; then
@ -861,7 +863,7 @@
logtext "Test: Checking umask entries in /etc/passwd (pam_umask)"
if [ -f /etc/passwd ]; then
logtext "Result: file /etc/passwd exists"
logtext "Test: Checking umask value in /etc/profile"
logtext "Test: Checking umask value in /etc/passwd"
FIND=`grep "umask=" /etc/passwd`
if [ "${FIND}" = "" ]; then
ReportManual "AUTH-9328:03"
@ -873,7 +875,7 @@
# /etc/login.defs
logtext "Test: Checking /etc/login.defs"
if [ -f /etc/login.defs ]; then
logtext "Result: file /etc/profile exists"
logtext "Result: file /etc/login.defs exists"
logtext "Test: Checking umask value in /etc/login.defs"
FIND=`grep "^UMASK" /etc/login.defs | awk '{ print $2 }'`
if [ "${FIND}" = "" ]; then