mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-29 17:01:09 +01:00
FIX: add /usr/bin/* path for suid/guid allowed binaries
Debian is still migrating /bin to /usr/bin so I added both path to the allowed ones * mount * umount * ping * ping6 * unix_chkpwd
This commit is contained in:
parent
106412149d
commit
03b6f1857a
@ -43,7 +43,7 @@ create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put Here your valid suid binaries so that they do not appear during the audit
|
||||
EXCEPTIONS="/bin/mount /bin/ping /bin/ping6 /bin/su /bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
|
||||
EXCEPTIONS="/bin/mount /usr/bin/mount /bin/ping /usr/bin/ping /bin/ping6 /usr/bin/ping6 /bin/su /bin/umount /usr/bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
|
||||
EOF
|
||||
}
|
||||
|
||||
|
@ -43,7 +43,7 @@ create_config() {
|
||||
cat <<EOF
|
||||
status=disabled
|
||||
# Put here valid binaries with sgid enabled separated by spaces
|
||||
EXCEPTIONS="/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
|
||||
EXCEPTIONS="/sbin/unix_chkpwd /usr/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
|
||||
EOF
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user