tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add owner and group permissions check

Browse Source
This commit is contained in:
Michael Boelen 2016-05-02 15:45:27 +02:00
parent 4bc0225efd
commit 6ea27b912c
1 changed files with 65 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
include/functions
View File

@ -1815,9 +1815,11 @@
################################################################################ ################################################################################
# Name : SafePerms() # Name : SafePerms()
# Return : 0 (file OK) or break
################################################################################ ################################################################################
SafePerms() { SafePerms() {
if [ ${WARN_ON_FILE_ISSUES} -eq 1 ]; then
PERMS_OK=0 PERMS_OK=0
LogText "Checking permissions of $1" LogText "Checking permissions of $1"
if [ $# -eq 1 ]; then if [ $# -eq 1 ]; then
@ -1852,6 +1854,21 @@
else else
LogText "Note: Group permissions of file $1 to be expected similar as the UID executing the process" LogText "Note: Group permissions of file $1 to be expected similar as the UID executing the process"
fi fi
# Owner permissions
OWNER_PERMS=`echo ${PERMS} | cut -c2-4`
if [ ! "${OWNER_PERMS}" = "rw-" -a ! "${OWNER_PERMS}" = "r--" ]; then
echo "Fatal error: permissions of file $1 are not strict enough. Access to 'owner' should be read-write, or read. Change with: chmod 600 $1"
ExitFatal
fi
# Owner permissions
GROUP_PERMS=`echo ${PERMS} | cut -c5-7`
if [ ! "${GROUP_PERMS}" = "rw-" -a ! "${GROUP_PERMS}" = "r--" -a ! "${GROUP_PERMS}" = "---" ]; then
echo "Fatal error: permissions of file $1 are not strict enough. Access to 'group' should be read-write, read, or none. Change with: chmod 600 $1"
ExitFatal
fi
# Other permissions # Other permissions
OTHER_PERMS=`echo ${PERMS} | cut -c8-10` OTHER_PERMS=`echo ${PERMS} | cut -c8-10`
if [ ! "${OTHER_PERMS}" = "---" -a ! "${OTHER_PERMS}" = "r--" ]; then if [ ! "${OTHER_PERMS}" = "---" -a ! "${OTHER_PERMS}" = "r--" ]; then
@ -1861,10 +1878,15 @@
# Set PERMS_OK to 1 if no fatal errors occurred # Set PERMS_OK to 1 if no fatal errors occurred
PERMS_OK=1 PERMS_OK=1
LogText "File permissions are OK" LogText "File permissions are OK"
return 0
fi fi
else else
ReportException "SafePerms()" "Invalid number of arguments for function" ReportException "SafePerms()" "Invalid number of arguments for function"
fi fi
else
PERMS_OK=1
return 0
fi
} }