tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-28 16:24:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Textual changes

Browse Source
This commit is contained in:
Michael Boelen 2019-07-14 11:49:14 +02:00
parent 6b21bead53
commit 26fca99c40
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/functions
View File

@ -2742,9 +2742,8 @@
fi fi
# Check file permissions # Check file permissions
if [ ! -f "$1" ]; then if [ ! -f "$1" ]; then
LogText "Fatal error: file $1 does not exist. Quitting." LogText "Fatal error: file $1 does not exist."
echo "Fatal error: file $1 does not exist" ExitFatal "Fatal error: file $1 does not exist"
ExitFatal
else else
PERMS=$(ls -l $1) PERMS=$(ls -l $1)
@ -2771,21 +2770,22 @@
# Owner permissions # Owner permissions
OWNER_PERMS=$(echo ${PERMS} | cut -c2-4) OWNER_PERMS=$(echo ${PERMS} | cut -c2-4)
if [ ! "${OWNER_PERMS}" = "rw-" -a ! "${OWNER_PERMS}" = "r--" ]; then if [ ! "${OWNER_PERMS}" = "rw-" -a ! "${OWNER_PERMS}" = "r--" ]; then
echo "Fatal error: permissions of file $1 are not strict enough. Access to 'owner' should be read-write, or read. Change with: chmod 600 $1" echo "Fatal error: permissions of file $1 are not strict enough. Access to 'owner' should be read-write, or read. Change with: chmod u=rw $1"
ExitFatal ExitFatal
fi fi
# Owner permissions # Group permissions
# TODO - harden this even more by setting default to read-only for group (like 'other')
GROUP_PERMS=$(echo ${PERMS} | cut -c5-7) GROUP_PERMS=$(echo ${PERMS} | cut -c5-7)
if [ ! "${GROUP_PERMS}" = "rw-" -a ! "${GROUP_PERMS}" = "r--" -a ! "${GROUP_PERMS}" = "---" ]; then if [ ! "${GROUP_PERMS}" = "rw-" -a ! "${GROUP_PERMS}" = "r--" -a ! "${GROUP_PERMS}" = "---" ]; then
echo "Fatal error: permissions of file $1 are not strict enough. Access to 'group' should be read-write, read, or none. Change with: chmod 600 $1" echo "Fatal error: permissions of file $1 are not strict enough. Access to 'group' should be read-write, read, or none. Change with: chmod g=r $1"
ExitFatal ExitFatal
fi fi
# Other permissions # Other permissions
OTHER_PERMS=$(echo ${PERMS} | cut -c8-10) OTHER_PERMS=$(echo ${PERMS} | cut -c8-10)
if [ ! "${OTHER_PERMS}" = "---" -a ! "${OTHER_PERMS}" = "r--" ]; then if [ ! "${OTHER_PERMS}" = "---" -a ! "${OTHER_PERMS}" = "r--" ]; then
echo "Fatal error: permissions of file $1 are not strict enough. Access to 'other' should be denied or read-only. Change with: chmod 600 $1" echo "Fatal error: permissions of file $1 are not strict enough. Access to 'other' should be denied or read-only. Change with: chmod o=r $1"
ExitFatal ExitFatal
fi fi
# Set PERMS_OK to 1 if no fatal errors occurred # Set PERMS_OK to 1 if no fatal errors occurred