elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(12.8,12.9): be able to exclude some paths

Browse Source
This commit is contained in:
Benjamin MONTHOUEL 2020-03-30 19:11:07 +02:00
parent e62648d6a4
commit 413277d7eb
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bin/hardening/12.8_find_unowned_files.sh
View File

@ -15,12 +15,17 @@ HARDENING_LEVEL=2
DESCRIPTION="Find un-owned files and directories." DESCRIPTION="Find un-owned files and directories."
USER='root' USER='root'
EXCLUDED=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
info "Checking if there are unowned files" info "Checking if there are unowned files"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'} ) FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'} )
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null) if [ ! -z $EXCLUDED ]; then
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nouser -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nouser -print 2>/dev/null)
fi
if [ ! -z "$RESULT" ]; then if [ ! -z "$RESULT" ]; then
crit "Some unowned files are present" crit "Some unowned files are present"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ') FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')

7
bin/hardening/12.9_find_ungrouped_files.sh
View File

@ -15,12 +15,17 @@ HARDENING_LEVEL=2
DESCRIPTION="Find un-grouped files and directories." DESCRIPTION="Find un-grouped files and directories."
GROUP='root' GROUP='root'
EXCLUDED=''
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
info "Checking if there are ungrouped files" info "Checking if there are ungrouped files"
FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'} ) FS_NAMES=$(df --local -P | awk {'if (NR!=1) print $6'} )
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null) if [ ! -z $EXCLUDED ]; then
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nogroup -regextype 'egrep' ! -regex "$EXCLUDED" -print 2>/dev/null)
else
RESULT=$( $SUDO_CMD find $FS_NAMES -xdev -nogroup -print 2>/dev/null)
fi
if [ ! -z "$RESULT" ]; then if [ ! -z "$RESULT" ]; then
crit "Some ungrouped files are present" crit "Some ungrouped files are present"
FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ') FORMATTED_RESULT=$(sed "s/ /\n/g" <<< $RESULT | sort | uniq | tr '\n' ' ')

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
cis-hardening (1.3-3) unstable; urgency=medium
* changelog: update changelog
* IMP(12.8,12.9): be able to exclude some paths
-- Benjamin MONTHOUËL <benjamin.monthouel@ovhcloud.com> Mon, 30 Mar 2020 19:12:03 +0200
cis-hardening (1.3-2) unstable; urgency=medium cis-hardening (1.3-2) unstable; urgency=medium
* IMP(test/13.12): ignore the phony '/nonexistent' home folder * IMP(test/13.12): ignore the phony '/nonexistent' home folder