Change default status to audit for file with custom create_config

2025-07-02 23:39:49 +02:00 · 2019-02-14 14:33:21 +01:00
parent d6172ad89e
commit 5f2803693e
15 changed files with 15 additions and 15 deletions
--- a/bin/hardening/12.11_find_sgid_files.sh
+++ b/bin/hardening/12.11_find_sgid_files.sh
@ -46,7 +46,7 @@ apply () {
 # This function will create the config file for this check with default values
 create_config() {
    cat <<EOF
-status=disabled
+status=audit
 # Put here valid binaries with sgid enabled separated by spaces
 EXCEPTIONS="/sbin/unix_chkpwd /usr/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
 EOF