IMP(5.2.3): 640 permission is now ok for the check

This commit is contained in:
Thibault Ayanides 2020-11-16 14:08:42 +01:00
parent 829ee8631f
commit 501ce8c651

View File

@ -25,12 +25,17 @@ audit () {
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub');
do do
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
has_file_correct_permissions $FILE 640
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
ERRORS=$((ERRORS+1)) ERRORS=$((ERRORS+1))
crit "$FILE permissions were not set to $PERMISSIONS" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
fi
done done
@ -61,12 +66,17 @@ apply () {
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub');
do do
has_file_correct_permissions $FILE $PERMISSIONS has_file_correct_permissions $FILE $PERMISSIONS
if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
has_file_correct_permissions $FILE 640
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
warn "fixing $DIR SSH public keys permissions to $USER:$GROUP" warn "fixing $DIR SSH public keys permissions to $USER:$GROUP"
chmod 0$PERMISSIONS $FILE chmod 0$PERMISSIONS $FILE
fi fi
fi
done done
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub');