free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Show non-compliant library files

Bob Mottram 7 years ago
parent
45e70c80f2
commit
f6f6b29071
2 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 0
    4
      tests/check-libs-owner.sh
  2. 4
    0
      tests/output.sh

+ 0
- 4
tests/check-libs-owner.sh View File 

@@ -7,7 +7,6 @@ if [ -d "/lib" ];then
7 7 
     if [ $COUNT -eq 0 ];then
8 8 
         :
9 9 
     else
10 
-        find -L /lib  \! -user root  -exec ls -l {} \; | grep -v '> /dev/null'
11 10 
         exit 1
12 11 
     fi
13 12 
 fi
 
@@ -18,7 +17,6 @@ if [ -d "/lib64" ];then
18 17 
     if [ $COUNT -eq 0 ];then
19 18 
         :
20 19 
     else
21 
-        find -L /lib64  \! -user root  -exec ls -l {} \;
22 20 
         exit 1
23 21 
     fi
24 22 
 fi
 
@@ -29,7 +27,6 @@ if [ -d "/usr/lib" ];then
29 27 
     if [ $COUNT -eq 0 ];then
30 28 
         :
31 29 
     else
32 
-        find -L /usr/lib  \! -user root  -exec ls -l {} \;
33 30 
         exit 1
34 31 
     fi
35 32 
 fi
 
@@ -40,7 +37,6 @@ if [ -d "/usr/lib64" ];then
40 37 
     if [ $COUNT -eq 0 ];then
41 38 
         :
42 39 
     else
43 
-        find -L /usr/lib64  \! -user root  -exec ls -l {} \;
44 40 
         exit 1
45 41 
     fi
46 42 
 fi

+ 4
- 0
tests/output.sh View File 

@@ -485,6 +485,10 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
485 485 
               if [ $2 -ne 0 ];then
486 486 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion:  Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG
487 487 
               fi
488 
+              find -L /lib  \! -user root  -exec ls -l {} \; | grep -v '> /dev/null'
489 
+              find -L /lib64  \! -user root  -exec ls -l {} \;
490 
+              find -L /usr/lib  \! -user root  -exec ls -l {} \;
491 
+              find -L /usr/lib64  \! -user root  -exec ls -l {} \;
488 492 
               ;;
489 493 
     V-38469)  if [ "$3" = "en" ]; then
490 494 
                   log_msg $2 'All system command files must have mode 755 or less permissive.'