elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow grub.cfg permission to be 600 (#121)

Browse Source 
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
Sebastien BLAISOT 2021-11-30 18:47:19 +01:00 committed by GitHub
parent 7266ec7cb4
commit 1a874b2b35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/hardening/1.5.1_bootloader_ownership.sh
View File

@ -23,6 +23,7 @@ FILE='/boot/grub/grub.cfg'
USER='root' USER='root'
GROUP='root' GROUP='root'
PERMISSIONS='400' PERMISSIONS='400'
PERMISSIONSOK='400 600'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
@ -33,7 +34,7 @@ audit() {
crit "$FILE ownership was not set to $USER:$GROUP" crit "$FILE ownership was not set to $USER:$GROUP"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
@ -51,7 +52,7 @@ apply() {
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else