IMP(13.13): improve exception detection

This commit is contained in:
Charles Herlin 2019-02-25 10:33:15 +01:00
parent 0d3c8ec654
commit 43c1dcf85b

View File

@ -31,9 +31,15 @@ audit () {
if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then
OWNER=$(stat -L -c "%U" "$DIR") OWNER=$(stat -L -c "%U" "$DIR")
if [ "$OWNER" != "$USER" ]; then if [ "$OWNER" != "$USER" ]; then
if grep -qw "$DIR:$USER:$OWNER" <<< "$EXCEPTIONS"; then EXCEP_FOUND=0
for excep in $EXCEPTIONS; do
if [ "$DIR:$USER:$OWNER" == "$excep" ]; then
ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)." ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)."
else EXCEP_FOUND=1
break
fi
done
if [ "$EXCEP_FOUND" -eq 0 ]; then
crit "The home directory ($DIR) of user $USER is owned by $OWNER." crit "The home directory ($DIR) of user $USER is owned by $OWNER."
ERRORS=$((ERRORS+1)) ERRORS=$((ERRORS+1))
fi fi