tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use relative paths

This commit is contained in:
Michael Boelen 2019-07-14 13:27:08 +02:00
parent 9ebddf0e0c
commit 4b68c22f30
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/tests_homedirs
View File

@ -37,8 +37,8 @@
Register --test-no HOME-9302 --weight L --network NO --category security --description "Create list with home directories" Register --test-no HOME-9302 --weight L --network NO --category security --description "Create list with home directories"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Read sixth field of /etc/passwd # Read sixth field of /etc/passwd
LogText "Test: query /etc/passwd to obtain home directories" LogText "Test: query ${ROOTDIR}etc/passwd to obtain home directories"
FIND=$(${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' /etc/passwd | ${SORTBINARY} -u) FIND=$(${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' ${ROOTDIR}etc/passwd | ${SORTBINARY} -u)
for I in ${FIND}; do for I in ${FIND}; do
if [ -d ${I} ]; then if [ -d ${I} ]; then
LogText "Result: found home directory: ${I} (directory exists)" LogText "Result: found home directory: ${I} (directory exists)"
@ -57,7 +57,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check if users' home directories permissions are 750 or more restrictive # Check if users' home directories permissions are 750 or more restrictive
FOUND=0 FOUND=0
for LINE in "$(${CAT_BINARY} /etc/passwd | ${EGREPBINARY} -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }')"; do for LINE in "$(${CAT_BINARY} ${ROOTDIR}etc/passwd | ${EGREPBINARY} -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }')"; do
USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1) USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1)
DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6) DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6)
if [ -d ${DIR} ]; then if [ -d ${DIR} ]; then
@ -69,7 +69,7 @@
fi fi
fi fi
done done
# Result
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
Display --indent 2 --text "- Checking users' home directories permissions" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking users' home directories permissions" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "Permissions of some users' home directories are not strict enough. Should be 750 or more restrictive." ReportWarning ${TEST_NO} "Permissions of some users' home directories are not strict enough. Should be 750 or more restrictive."
@ -87,7 +87,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check if users own their home directories # Check if users own their home directories
FOUND=0 FOUND=0
for LINE in "$(${CAT_BINARY} /etc/passwd | ${EGREPBINARY} -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }')"; do for LINE in "$(${CAT_BINARY} ${ROOTDIR}etc/passwd | ${EGREPBINARY} -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }')"; do
USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1) USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1)
DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6) DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6)
if [ -d ${DIR} ]; then if [ -d ${DIR} ]; then
@ -98,7 +98,7 @@
fi fi
fi fi
done done
# Result
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
Display --indent 2 --text "- Checking users' home directories ownership" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking users' home directories ownership" --result "${STATUS_WARNING}" --color RED
ReportWarning ${TEST_NO} "Owner of some users' home directories are not correctly set" ReportWarning ${TEST_NO} "Owner of some users' home directories are not correctly set"