Extended permissions check for functions and consts file

lynis

@@ -91,22 +91,27 @@
     PERMS2=`ls -l ${INCLUDEDIR}/functions | cut -c 2-10`
     OWNER=`ls -l ${INCLUDEDIR}/consts | awk -F" " '{ print $3 }'`
     OWNER2=`ls -l ${INCLUDEDIR}/functions | awk -F" " '{ print $3 }'`
+    OWNERID=`ls -n ${INCLUDEDIR}/consts | awk -F" " '{ print $3 }'`
+    OWNER2ID=`ls -n ${INCLUDEDIR}/functions | awk -F" " '{ print $3 }'`
+
     ISSUE=0
     # Check permissions of include/consts file
     if [ ! "${PERMS}" = "r--------" -a ! "${PERMS}" = "rw-------" ]; then
-        ISSUE=1
+        ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/consts to 600."
-        echo "[!] Change file permissions of ${INCLUDEDIR}/consts to 600"
     fi
     # Check permissions of include/functions file
     if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then
-        ISSUE=1
+        ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600."
-        echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600"
     fi
     # Check if owner of both files is root user
-    if [ ! "${OWNER}" = "root" -o ! "${OWNER2}" = "root" ]; then
+    if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" ]; then
-        ISSUE=1
+        ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/consts to 'root' or similar (found: ${OWNER} with UID ${OWNERID})."
-        echo "[!] Change ownership of ${INCLUDEDIR}/consts and ${INCLUDEDIR}/functions to 'root'"
     fi
+    # Check if owner of both files is root user
+    if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" ]; then
+        ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/functions to 'root' or similar (found: ${OWNER2} with UID ${OWNER2ID})."
+    fi
+
     if [ ${ISSUE} -eq 0 ]; then
         . ${INCLUDEDIR}/consts
         . ${INCLUDEDIR}/functions