From 43c1dcf85bbaafbf0c9ca0f0f93f1fb428f48109 Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Mon, 25 Feb 2019 10:33:15 +0100 Subject: [PATCH] IMP(13.13): improve exception detection --- bin/hardening/13.13_check_user_homedir_ownership.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bin/hardening/13.13_check_user_homedir_ownership.sh b/bin/hardening/13.13_check_user_homedir_ownership.sh index b2252ca..f3be6b1 100755 --- a/bin/hardening/13.13_check_user_homedir_ownership.sh +++ b/bin/hardening/13.13_check_user_homedir_ownership.sh @@ -31,9 +31,15 @@ audit () { if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then OWNER=$(stat -L -c "%U" "$DIR") if [ "$OWNER" != "$USER" ]; then - if grep -qw "$DIR:$USER:$OWNER" <<< "$EXCEPTIONS"; then - ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)." - else + EXCEP_FOUND=0 + for excep in $EXCEPTIONS; do + if [ "$DIR:$USER:$OWNER" == "$excep" ]; then + ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)." + EXCEP_FOUND=1 + break + fi + done + if [ "$EXCEP_FOUND" -eq 0 ]; then crit "The home directory ($DIR) of user $USER is owned by $OWNER." ERRORS=$((ERRORS+1)) fi