FIX(8.3.2): add $SUDO_CMD to find

This commit is contained in:
Charles Herlin 2019-02-28 17:52:47 +01:00
parent db4dc4d598
commit 81dc308677

View File

@ -17,11 +17,13 @@ HARDENING_LEVEL=4
# shellcheck disable=2034 # shellcheck disable=2034
DESCRIPTION="Implemet periodic execution of file integrity." DESCRIPTION="Implemet periodic execution of file integrity."
FILES="/etc/crontab $(find /etc/cron.d/ -type f)" FILES="/etc/crontab"
DIRECTORY="/etc/cron.d"
PATTERN='tripwire --check' PATTERN='tripwire --check'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
FILES="$FILES $($SUDO_CMD find $DIRECTORY -type f)"
FOUND=0 FOUND=0
for FILE in $FILES; do for FILE in $FILES; do
does_pattern_exist_in_file "$FILE" "$PATTERN" does_pattern_exist_in_file "$FILE" "$PATTERN"
@ -38,8 +40,15 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
does_pattern_exist_in_file "$FILES" "$PATTERN" FILES="$FILES $($SUDO_CMD find $DIRECTORY -type f)"
if [ "$FNRET" != 0 ]; then FOUND=0
for FILE in $FILES; do
does_pattern_exist_in_file "$FILE" "$PATTERN"
if [ "$FNRET" = 0 ]; then
FOUND=1
fi
done
if [ "$FOUND" != 1 ]; then
warn "$PATTERN is not present in $FILES, setting tripwire cron" warn "$PATTERN is not present in $FILES, setting tripwire cron"
echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire
else else