tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Using return codes for file permission checks

Browse Source
This commit is contained in:
mboelen 2015-03-25 17:30:13 +01:00
parent c94269c1d1
commit 30bc903c5a
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/tests_boot_services
View File

@ -5,7 +5,7 @@
# Lynis # Lynis
# ------------------ # ------------------
# #
# Copyright 2007-2015, CISOfy & Michael Boelen, The Netherlands # Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
# Web site: https://cisofy.com # Web site: https://cisofy.com
# #
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@ -548,7 +548,7 @@
for J in ${FIND}; do for J in ${FIND}; do
logtext "Test: checking permissions of file ${J}" logtext "Test: checking permissions of file ${J}"
IsWorldWritable ${J} IsWorldWritable ${J}
if [ "${FileIsWorldWritable}" = "TRUE" ]; then if [ $? -eq 1 ]; then
logtext "Result: warning, file ${J} is world writable" logtext "Result: warning, file ${J} is world writable"
FOUND=1 FOUND=1
else else
@ -570,7 +570,7 @@
FIND=`find /etc/rc${NO}.d -type f -print` FIND=`find /etc/rc${NO}.d -type f -print`
for I in ${FIND}; do for I in ${FIND}; do
IsWorldWritable ${I} IsWorldWritable ${I}
if [ "${FileIsWorldWritable}" = "TRUE" ]; then if [ $? -eq 1 ]; then
logtext "Result: warning, file ${I} is world writable" logtext "Result: warning, file ${I} is world writable"
FOUND=1 FOUND=1
else else
@ -586,7 +586,7 @@
if [ -f ${I} ]; then if [ -f ${I} ]; then
logtext "Test: Checking ${I} file for writable bit" logtext "Test: Checking ${I} file for writable bit"
IsWorldWritable ${I} IsWorldWritable ${I}
if [ "${FileIsWorldWritable}" = "TRUE" ]; then if [ $? -eq 1 ]; then
ReportWarning ${TEST_NO} "H" "Found writable startup script ${I}" ReportWarning ${TEST_NO} "H" "Found writable startup script ${I}"
FOUND=1 FOUND=1
logtext "Result: warning, file ${I} is world writable" logtext "Result: warning, file ${I} is world writable"
@ -599,8 +599,7 @@
# Check results # Check results
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
Display --indent 2 --text "- Check startup files (permissions)" --result "WARNING" --color RED Display --indent 2 --text "- Check startup files (permissions)" --result "WARNING" --color RED
ReportWarning ${TEST_NO} "H" "One or more startup files can be overwritten by all users" ReportWarning ${TEST_NO} "H" "Found world writable startup scripts"
ReportSuggestion ${TEST_NO} "Check startup scripts for world write access and change permissions if needed"
logtext "Result: found one or more scripts which are possibly writable by other users" logtext "Result: found one or more scripts which are possibly writable by other users"
AddHP 0 3 AddHP 0 3
else else
@ -730,4 +729,4 @@ wait_for_keypress
# #
#================================================================================ #================================================================================
# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands # Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com