free
/
freedombone
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

Show non-root files in stig result

Bob Mottram vor 7 Jahren
Ursprung
b8a873f9d2
Commit
079c5acc78
2 geänderte Dateien mit 7 neuen und 7 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 0
    6
      tests/check-cmd-owner.sh
  2. 7
    1
      tests/output.sh

+ 0
- 6
tests/check-cmd-owner.sh Datei anzeigen 

@@ -7,7 +7,6 @@ if [ -d "/bin" ];then
7 7 
     if [ $COUNT -eq 0 ];then
8 8 
         :
9 9 
     else
10 
-        find -L /bin  \! -user root  -exec ls -l {} \;
11 10 
         exit 1
12 11 
     fi
13 12 
 fi
 
@@ -18,7 +17,6 @@ if [ -d "/usr/bin" ];then
18 17 
     if [ $COUNT -eq 0 ];then
19 18 
         :
20 19 
     else
21 
-        find -L /usr/bin  \! -user root  -exec ls -l {} \;
22 20 
         exit 1
23 21 
     fi
24 22 
 fi
 
@@ -29,7 +27,6 @@ if [ -d "/usr/local/bin" ];then
29 27 
     if [ $COUNT -eq 0 ];then
30 28 
         :
31 29 
     else
32 
-        find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
33 30 
         exit 1
34 31 
     fi
35 32 
 fi
 
@@ -40,7 +37,6 @@ if [ -d "/sbin" ];then
40 37 
     if [ $COUNT -eq 0 ];then
41 38 
         :
42 39 
     else
43 
-        find -L /sbin  \! -user root  -exec ls -l {} \;
44 40 
         exit 1
45 41 
     fi
46 42 
 fi
 
@@ -51,7 +47,6 @@ if [ -d "/usr/sbin" ];then
51 47 
     if [ $COUNT -eq 0 ];then
52 48 
         :
53 49 
     else
54 
-        find -L /usr/sbin  \! -user root  -exec ls -l {} \;
55 50 
         exit 1
56 51 
     fi
57 52 
 fi
 
@@ -62,7 +57,6 @@ if [ -d "/usr/local/sbin" ];then
62 57 
     if [ $COUNT -eq 0 ];then
63 58 
         :
64 59 
     else
65 
-        find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
66 60 
         exit 1
67 61 
     fi
68 62 
 fi

+ 7
- 1
tests/output.sh Datei anzeigen 

@@ -495,7 +495,13 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
495 495 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000047\n\nVulnerability Discussion: System binaries are executed by privileged users, as well as system services, and restrictive permissions are necessary to ensure execution of these programs cannot be co-opted.\n\nFix text: System executables are stored in the following directories by default:\n\n/bin\n/usr/bin\n/usr/local/bin\n/sbin\n/usr/sbin\n/usr/local/sbin\n\nIf any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:\n\n#chmod go-w [FILE]\n\n######################\n\n' >> $LOG
496 496 
               fi
497 497 
               ;;
498 
-    V-38472)  if [ "$3" = "en" ]; then
498 
+    V-38472)  find -L /bin  \! -user root  -exec ls -l {} \;
499 
+              find -L /usr/bin  \! -user root  -exec ls -l {} \;
500 
+              find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
501 
+              find -L /sbin  \! -user root  -exec ls -l {} \;
502 
+              find -L /usr/sbin  \! -user root  -exec ls -l {} \;
503 
+              find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
504 
+              if [ "$3" = "en" ]; then
499 505 
                   log_msg $2 'All system command files must be owned by root.'
500 506 
               else
501 507 
                   log_msg $2 '所有系统命令文件的属主必须为root用户。'