free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Show non-compliant library files

Bob Mottram 7 years ago
parent
45e70c80f2
commit
f6f6b29071
2 changed files with 4 additions and 4 deletions
Unified View Show Diff Stats
  1. 0
    4
      tests/check-libs-owner.sh
  2. 4
    0
      tests/output.sh

+ 0
- 4
tests/check-libs-owner.sh View File

7 
     if [ $COUNT -eq 0 ];then
 7 
     if [ $COUNT -eq 0 ];then
8 
         :
 8 
         :
9 
     else
 9 
     else
10 
-        find -L /lib  \! -user root  -exec ls -l {} \; | grep -v '> /dev/null'
11 
         exit 1
 10 
         exit 1
12 
     fi
 11 
     fi
13 
 fi
 12 
 fi
18 
     if [ $COUNT -eq 0 ];then
 17 
     if [ $COUNT -eq 0 ];then
19 
         :
 18 
         :
20 
     else
 19 
     else
21 
-        find -L /lib64  \! -user root  -exec ls -l {} \;
22 
         exit 1
 20 
         exit 1
23 
     fi
 21 
     fi
24 
 fi
 22 
 fi
29 
     if [ $COUNT -eq 0 ];then
 27 
     if [ $COUNT -eq 0 ];then
30 
         :
 28 
         :
31 
     else
 29 
     else
32 
-        find -L /usr/lib  \! -user root  -exec ls -l {} \;
33 
         exit 1
 30 
         exit 1
34 
     fi
 31 
     fi
35 
 fi
 32 
 fi
40 
     if [ $COUNT -eq 0 ];then
 37 
     if [ $COUNT -eq 0 ];then
41 
         :
 38 
         :
42 
     else
 39 
     else
43 
-        find -L /usr/lib64  \! -user root  -exec ls -l {} \;
44 
         exit 1
 40 
         exit 1
45 
     fi
 41 
     fi
46 
 fi
 42 
 fi

+ 4
- 0
tests/output.sh View File

485 
               if [ $2 -ne 0 ];then
 485 
               if [ $2 -ne 0 ];then
486 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion:  Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG
 486 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion:  Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG
487 
               fi
 487 
               fi
488 
+              find -L /lib  \! -user root  -exec ls -l {} \; | grep -v '> /dev/null'
489 
+              find -L /lib64  \! -user root  -exec ls -l {} \;
490 
+              find -L /usr/lib  \! -user root  -exec ls -l {} \;
491 
+              find -L /usr/lib64  \! -user root  -exec ls -l {} \;
488 
               ;;
 492 
               ;;
489 
     V-38469)  if [ "$3" = "en" ]; then
 493 
     V-38469)  if [ "$3" = "en" ]; then
490 
                   log_msg $2 'All system command files must have mode 755 or less permissive.'
 494 
                   log_msg $2 'All system command files must have mode 755 or less permissive.'