mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 05:27:01 +01:00
IMP(5.1.8): allow more restrictive permissions (#59)
fix #52 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
parent
1a7dd5893a
commit
6ab1cab3ce
@ -20,6 +20,7 @@ DESCRIPTION="Restrict at/cron to authorized users."
|
|||||||
FILES_ABSENT='/etc/cron.deny /etc/at.deny'
|
FILES_ABSENT='/etc/cron.deny /etc/at.deny'
|
||||||
FILES_PRESENT='/etc/cron.allow /etc/at.allow'
|
FILES_PRESENT='/etc/cron.allow /etc/at.allow'
|
||||||
PERMISSIONS='644'
|
PERMISSIONS='644'
|
||||||
|
PERMISSIONSOK='644 640 600 440 400'
|
||||||
USER='root'
|
USER='root'
|
||||||
GROUP='root'
|
GROUP='root'
|
||||||
|
|
||||||
@ -44,7 +45,7 @@ audit() {
|
|||||||
else
|
else
|
||||||
crit "$FILE ownership was not set to $USER:$GROUP"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
@ -78,7 +79,7 @@ apply() {
|
|||||||
warn "fixing $FILE ownership to $USER:$GROUP"
|
warn "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown "$USER":"$GROUP" "$FILE"
|
chown "$USER":"$GROUP" "$FILE"
|
||||||
fi
|
fi
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user