mirror of https://github.com/CISOfy/lynis.git
Less restrictive permissions for include files and plugins, to allow pentest mode.
This commit is contained in:
parent
b9a9aea340
commit
ff6757f6e6
6
lynis
6
lynis
|
@ -630,7 +630,7 @@
|
||||||
PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'`
|
PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'`
|
||||||
PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'`
|
PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'`
|
||||||
FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10`
|
FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10`
|
||||||
if [ "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
|
if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
|
||||||
logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
|
logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
|
||||||
report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|"
|
report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|"
|
||||||
N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`
|
N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`
|
||||||
|
@ -704,7 +704,7 @@
|
||||||
# Test if file exists, then if permissions are correct
|
# Test if file exists, then if permissions are correct
|
||||||
if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then
|
if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then
|
||||||
FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10`
|
FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10`
|
||||||
if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
|
if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
|
||||||
. ${INCLUDEDIR}/tests_${INCLUDE_TEST}
|
. ${INCLUDEDIR}/tests_${INCLUDE_TEST}
|
||||||
else
|
else
|
||||||
logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)"
|
logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)"
|
||||||
|
@ -729,7 +729,7 @@
|
||||||
logtext "Result: tests_custom file found in include directory"
|
logtext "Result: tests_custom file found in include directory"
|
||||||
logtext "Test: checking file permissions of tests_custom file"
|
logtext "Test: checking file permissions of tests_custom file"
|
||||||
FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10`
|
FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10`
|
||||||
if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
|
if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
|
||||||
Display --indent 2 --text "- Start custom tests... "
|
Display --indent 2 --text "- Start custom tests... "
|
||||||
logtext "Result: file permissions fine, running custom tests"
|
logtext "Result: file permissions fine, running custom tests"
|
||||||
SafePerms ${INCLUDEDIR}/tests_custom
|
SafePerms ${INCLUDEDIR}/tests_custom
|
||||||
|
|
Loading…
Reference in New Issue