IMP(13.13): improve exception detection

This commit is contained in:
Charles Herlin 2019-02-25 10:33:15 +01:00
parent f7f2f614aa
commit 7b8e359590

View File

@ -31,9 +31,15 @@ audit () {
if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then
OWNER=$(stat -L -c "%U" "$DIR") OWNER=$(stat -L -c "%U" "$DIR")
if [ "$OWNER" != "$USER" ]; then if [ "$OWNER" != "$USER" ]; then
if grep -qw "$DIR:$USER:$OWNER" <<< "$EXCEPTIONS"; then EXCEP_FOUND=0
ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)." for excep in $EXCEPTIONS; do
else if [ "$DIR:$USER:$OWNER" == "$excep" ]; then
ok "The home directory ($DIR) of user $USER is owned by $OWNER but is part of exceptions ($DIR:$USER:$OWNER)."
EXCEP_FOUND=1
break
fi
done
if [ "$EXCEP_FOUND" -eq 0 ]; then
crit "The home directory ($DIR) of user $USER is owned by $OWNER." crit "The home directory ($DIR) of user $USER is owned by $OWNER."
ERRORS=$((ERRORS+1)) ERRORS=$((ERRORS+1))
fi fi