tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancements to retrieve file permissions and related logging

This commit is contained in:
mboelen 2015-12-01 12:38:40 +01:00
parent c79a1ea3a4
commit 54e7f62d9a
1 changed files with 4 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
include/functions
View File

@ -362,28 +362,6 @@
if [ -L ${sFILE} ]; then if [ -L ${sFILE} ]; then
ShowSymlinkPath ${sFILE} ShowSymlinkPath ${sFILE}
if [ ! "${SYMLINK}" = "" ]; then sFILE="${SYMLINK}"; fi if [ ! "${SYMLINK}" = "" ]; then sFILE="${SYMLINK}"; fi
#if [ ! "${READLINKBINARY}" = "" ]; then
# tFILE=`${READLINKBINARY} ${sFILE}`
# # Check if we can find the file now
# if [ -f ${tFILE} ]; then
# sFILE="${tFILE}"
# logtext "Result: symlink found, pointing to file ${sFILE}"
# elif [ -d ${tFILE} ]; then
# sFILE="${tFILE}"
# logtext "Result: symlink found, pointing to directory ${sFILE}"
# else
# # Check the full path of the symlink, strip the filename, copy the path and linked filename together
# tDIR=`echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}'`
# tFILE="${tDIR}/${tFILE}"
# if [ -f ${tFILE} ]; then
# sFILE="${tFILE}"
# logtext "Result: symlink found, seems to be file ${sFILE}"
# elif [ -d ${tFILE} ]; then
# sFILE="${tFILE}"
# logtext "Result: symlink found, seems to be directory ${sFILE}"
# fi
# fi
#fi
fi fi
# Only check the file if it isn't a symlink (after previous check) # Only check the file if it isn't a symlink (after previous check)
if [ -L ${sFILE} ]; then if [ -L ${sFILE} ]; then
@ -399,7 +377,7 @@
fi fi
# Also check if we are the actual owner of the file # Also check if we are the actual owner of the file
FILEOWNER=`ls -n ${sFILE} | awk -F" " '{ print $3 }'` FILEOWNER=`ls -ln ${sFILE} | awk -F" " '{ print $3 }'`
if [ "${FILEOWNER}" = "${MYID}" ]; then if [ "${FILEOWNER}" = "${MYID}" ]; then
logtext "Result: file is owned by our current user ID (${MYID}), checking if it is readable" logtext "Result: file is owned by our current user ID (${MYID}), checking if it is readable"
if [ -d ${sFILE} ]; then if [ -d ${sFILE} ]; then
@ -407,6 +385,8 @@
elif [ -f ${sFILE} ]; then elif [ -f ${sFILE} ]; then
OTHERPERMS=`ls -d -l ${sFILE} | cut -c 2` OTHERPERMS=`ls -d -l ${sFILE} | cut -c 2`
fi fi
else
logtext "Result: file is not owned by current user ID (${MYID}), but UID ${FILEOWNER}"
fi fi
# Check if we have the read bit # Check if we have the read bit
@ -414,7 +394,7 @@
CANREAD=1 CANREAD=1
logtext "Result: file ${sFILE} is readable (or directory accessible)." logtext "Result: file ${sFILE} is readable (or directory accessible)."
else else
logtext "Result: file ${sFILE} is NOT readable (or directory accessible), symlink, or does not exist." logtext "Result: file ${sFILE} is NOT readable (or directory accessible), symlink, or does not exist. (OTHERPERMS: ${OTHERPERMS})"
fi fi
} }