From 993edc9738b0d0f2303941b26820ce02a77804e5 Mon Sep 17 00:00:00 2001
From: Katarina Durechova <durechova@ynet.sk>
Date: Wed, 24 Jan 2018 17:08:21 +0100
Subject: [PATCH] [FILE-6363] Check for sticky bit on /var/tmp (#473)
---
include/tests_filesystems | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/include/tests_filesystems b/include/tests_filesystems
index 823c008a..b8e30522 100644
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@@ -400,6 +400,29 @@
fi
#
#################################################################################
+#
+ # Test : FILE-6363
+ # Description : Check for sticky bit on /var/tmp
+ if [ -d ${ROOTDIR}var/tmp -a ! -L ${ROOTDIR}var/tmp ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No /var/tmp or /var/tmp is symlinked"; fi
+ Register --test-no FILE-6363 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking /var/tmp sticky bit"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ # Depending on OS, number of field with 'tmp' differs
+ FIND=$(${LSBINARY} -ld ${ROOTDIR}var/tmp | ${AWKBINARY} '$1 ~ /[tT]/ { print 1 }')
+ if [ "${FIND}" = "1" ]; then
+ Display --indent 2 --text "- Checking ${ROOTDIR}var/tmp sticky bit" --result "${STATUS_OK}" --color GREEN
+ LogText "Result: sticky bit found on ${ROOTDIR}var/tmp directory"
+ AddHP 3 3
+ else
+ Display --indent 2 --text "- Checking ${ROOTDIR}var/tmp sticky bit" --result "${STATUS_WARNING}" --color RED
+ ReportSuggestion ${TEST_NO} "Set the sticky bit on ${ROOTDIR}var/tmp, to prevent users deleting (by other owned) files in the /var/tmp directory." "/var/tmp" "text:Set sticky bit"
+ AddHP 0 3
+ fi
+ unset FIND
+ else
+ LogText "Result: Sticky bit test (on /var/tmp) skipped. Possible reason: missing directory, or symlinked directory, or test skipped."
+ fi
+#
+#################################################################################
#
# Test : FILE-6366
# Description : Check for noatime option