Less restrictive permissions for include files and plugins, to allow pentest mode.

This commit is contained in:
mboelen 2014-09-11 16:21:01 +02:00
parent b9a9aea340
commit ff6757f6e6
1 changed files with 3 additions and 3 deletions

6
lynis
View File

@ -630,7 +630,7 @@
PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'` PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'`
PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'`
FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10`
if [ "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|" report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|"
N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1` N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`
@ -704,7 +704,7 @@
# Test if file exists, then if permissions are correct # Test if file exists, then if permissions are correct
if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then
FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10` FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10`
if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
. ${INCLUDEDIR}/tests_${INCLUDE_TEST} . ${INCLUDEDIR}/tests_${INCLUDE_TEST}
else else
logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)" logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)"
@ -729,7 +729,7 @@
logtext "Result: tests_custom file found in include directory" logtext "Result: tests_custom file found in include directory"
logtext "Test: checking file permissions of tests_custom file" logtext "Test: checking file permissions of tests_custom file"
FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10` FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10`
if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then if [ "${FIND}" = "rw-r--r--" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
Display --indent 2 --text "- Start custom tests... " Display --indent 2 --text "- Start custom tests... "
logtext "Result: file permissions fine, running custom tests" logtext "Result: file permissions fine, running custom tests"
SafePerms ${INCLUDEDIR}/tests_custom SafePerms ${INCLUDEDIR}/tests_custom