free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Show non-root files in stig result

Bob Mottram 8 years ago
parent
b8a873f9d2
commit
079c5acc78
2 changed files with 7 additions and 7 deletions
Unified View Show Diff Stats
  1. 0
    6
      tests/check-cmd-owner.sh
  2. 7
    1
      tests/output.sh

+ 0
- 6
tests/check-cmd-owner.sh View File

7 
     if [ $COUNT -eq 0 ];then
 7 
     if [ $COUNT -eq 0 ];then
8 
         :
 8 
         :
9 
     else
 9 
     else
10 
-        find -L /bin  \! -user root  -exec ls -l {} \;
11 
         exit 1
 10 
         exit 1
12 
     fi
 11 
     fi
13 
 fi
 12 
 fi
18 
     if [ $COUNT -eq 0 ];then
 17 
     if [ $COUNT -eq 0 ];then
19 
         :
 18 
         :
20 
     else
 19 
     else
21 
-        find -L /usr/bin  \! -user root  -exec ls -l {} \;
22 
         exit 1
 20 
         exit 1
23 
     fi
 21 
     fi
24 
 fi
 22 
 fi
29 
     if [ $COUNT -eq 0 ];then
 27 
     if [ $COUNT -eq 0 ];then
30 
         :
 28 
         :
31 
     else
 29 
     else
32 
-        find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
33 
         exit 1
 30 
         exit 1
34 
     fi
 31 
     fi
35 
 fi
 32 
 fi
40 
     if [ $COUNT -eq 0 ];then
 37 
     if [ $COUNT -eq 0 ];then
41 
         :
 38 
         :
42 
     else
 39 
     else
43 
-        find -L /sbin  \! -user root  -exec ls -l {} \;
44 
         exit 1
 40 
         exit 1
45 
     fi
 41 
     fi
46 
 fi
 42 
 fi
51 
     if [ $COUNT -eq 0 ];then
 47 
     if [ $COUNT -eq 0 ];then
52 
         :
 48 
         :
53 
     else
 49 
     else
54 
-        find -L /usr/sbin  \! -user root  -exec ls -l {} \;
55 
         exit 1
 50 
         exit 1
56 
     fi
 51 
     fi
57 
 fi
 52 
 fi
62 
     if [ $COUNT -eq 0 ];then
 57 
     if [ $COUNT -eq 0 ];then
63 
         :
 58 
         :
64 
     else
 59 
     else
65 
-        find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
66 
         exit 1
 60 
         exit 1
67 
     fi
 61 
     fi
68 
 fi
 62 
 fi

+ 7
- 1
tests/output.sh View File

495 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000047\n\nVulnerability Discussion: System binaries are executed by privileged users, as well as system services, and restrictive permissions are necessary to ensure execution of these programs cannot be co-opted.\n\nFix text: System executables are stored in the following directories by default:\n\n/bin\n/usr/bin\n/usr/local/bin\n/sbin\n/usr/sbin\n/usr/local/sbin\n\nIf any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:\n\n#chmod go-w [FILE]\n\n######################\n\n' >> $LOG
 495 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000047\n\nVulnerability Discussion: System binaries are executed by privileged users, as well as system services, and restrictive permissions are necessary to ensure execution of these programs cannot be co-opted.\n\nFix text: System executables are stored in the following directories by default:\n\n/bin\n/usr/bin\n/usr/local/bin\n/sbin\n/usr/sbin\n/usr/local/sbin\n\nIf any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:\n\n#chmod go-w [FILE]\n\n######################\n\n' >> $LOG
496 
               fi
 496 
               fi
497 
               ;;
 497 
               ;;
498 
-    V-38472)  if [ "$3" = "en" ]; then
498 
+    V-38472)  find -L /bin  \! -user root  -exec ls -l {} \;
499 
+              find -L /usr/bin  \! -user root  -exec ls -l {} \;
500 
+              find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
501 
+              find -L /sbin  \! -user root  -exec ls -l {} \;
502 
+              find -L /usr/sbin  \! -user root  -exec ls -l {} \;
503 
+              find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
504 
+              if [ "$3" = "en" ]; then
499 
                   log_msg $2 'All system command files must be owned by root.'
 505 
                   log_msg $2 'All system command files must be owned by root.'
500 
               else
 506 
               else
501 
                   log_msg $2 '所有系统命令文件的属主必须为root用户。'
 507 
                   log_msg $2 '所有系统命令文件的属主必须为root用户。'