From 501ce8c651fbbc777904555bbee747e411e38b5f Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Mon, 16 Nov 2020 14:08:42 +0100
Subject: [PATCH] IMP(5.2.3): 640 permission is now ok for the check

---
 ....2.3_ssh_host_public_keys_perm_ownership.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
index 656df33..7a9f6c2 100755
--- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
+++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
@@ -28,8 +28,13 @@ audit () {
         if [ $FNRET = 0 ]; then
             ok "$FILE permissions were set to $PERMISSIONS"
         else
-            ERRORS=$((ERRORS+1))
-            crit "$FILE permissions were not set to $PERMISSIONS"
+            has_file_correct_permissions $FILE 640
+            if [ $FNRET = 0 ]; then
+                ok "$FILE permissions were set to $PERMISSIONS"
+            else
+                ERRORS=$((ERRORS+1))
+                crit "$FILE permissions were not set to $PERMISSIONS"
+            fi
         fi
 
     done
@@ -64,8 +69,13 @@ apply () {
         if [ $FNRET = 0 ]; then
             ok "$FILE permissions were set to $PERMISSIONS"
         else
-            warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
-            chmod 0$PERMISSIONS $FILE
+            has_file_correct_permissions $FILE 640
+            if [ $FNRET = 0 ]; then
+                ok "$FILE permissions were set to $PERMISSIONS"
+            else
+                warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
+                chmod 0$PERMISSIONS $FILE
+            fi
         fi
     done