diff --git a/bin/hardening/6.2.3_users_valid_homedir.sh b/bin/hardening/6.2.3_users_homedir_exist.sh similarity index 100% rename from bin/hardening/6.2.3_users_valid_homedir.sh rename to bin/hardening/6.2.3_users_homedir_exist.sh diff --git a/bin/hardening/6.2.9_users_valid_homedir.sh b/bin/hardening/6.2.9_users_homedir_ownership.sh similarity index 75% rename from bin/hardening/6.2.9_users_valid_homedir.sh rename to bin/hardening/6.2.9_users_homedir_ownership.sh index 715f81d..3467d49 100755 --- a/bin/hardening/6.2.9_users_valid_homedir.sh +++ b/bin/hardening/6.2.9_users_homedir_ownership.sh @@ -23,30 +23,13 @@ ERRORS=0 # This function will be called if the script status is on enabled / audit mode audit() { - debug "Checking homedir exists" - RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }') - for LINE in $RESULT; do - debug "Working on $LINE" - USER=$(awk -F: '{print $1}' <<<"$LINE") - USERID=$(awk -F: '{print $2}' <<<"$LINE") - DIR=$(awk -F: '{print $3}' <<<"$LINE") - if [ "$USERID" -ge 1000 ] && [ ! -d "$DIR" ] && [ "$USER" != "nfsnobody" ] && [ "$USER" != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then - crit "The home directory ($DIR) of user $USER does not exist." - ERRORS=$((ERRORS + 1)) - fi - done - - if [ "$ERRORS" = 0 ]; then - ok "All home directories exists" - fi - debug "Checking homedir ownership" RESULT=$(awk -F: '{ print $1 ":" $3 ":" $6 }' /etc/passwd) for LINE in $RESULT; do debug "Working on $LINE" USER=$(awk -F: '{print $1}' <<<"$LINE") USERID=$(awk -F: '{print $2}' <<<"$LINE") DIR=$(awk -F: '{print $3}' <<<"$LINE") - if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then + if [ "$USERID" -ge 1000 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then OWNER=$(stat -L -c "%U" "$DIR") if [ "$OWNER" != "$USER" ]; then EXCEP_FOUND=0 diff --git a/tests/hardening/6.2.3_users_valid_homedir.sh b/tests/hardening/6.2.3_users_homedir_exist.sh similarity index 95% rename from tests/hardening/6.2.3_users_valid_homedir.sh rename to tests/hardening/6.2.3_users_homedir_exist.sh index f406dde..4e41040 100644 --- a/tests/hardening/6.2.3_users_valid_homedir.sh +++ b/tests/hardening/6.2.3_users_homedir_exist.sh @@ -3,7 +3,6 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 - dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all diff --git a/tests/hardening/6.2.9_users_valid_homedir.sh b/tests/hardening/6.2.9_users_homedir_ownership.sh similarity index 67% rename from tests/hardening/6.2.9_users_valid_homedir.sh rename to tests/hardening/6.2.9_users_homedir_ownership.sh index 4082d63..f0e52d3 100644 --- a/tests/hardening/6.2.9_users_valid_homedir.sh +++ b/tests/hardening/6.2.9_users_homedir_ownership.sh @@ -1,14 +1,8 @@ # shellcheck shell=bash # run-shellcheck test_audit() { - describe Running void to generate the conf file that will later be edited - # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true - echo "EXCEPTIONS=\"/:systemd-coredump:root\"" >>/opt/debian-cis/etc/conf.d/"${script}".cfg - describe Running on blank host register_test retvalshouldbe 0 - dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all @@ -22,7 +16,7 @@ test_audit() { run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all describe correcting situation - echo "EXCEPTIONS=\"/:systemd-coredump:root /home/$test_user:$test_user:root\"" >/opt/debian-cis/etc/conf.d/"${script}".cfg + echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >/opt/debian-cis/etc/conf.d/"${script}".cfg describe Checking resolved state register_test retvalshouldbe 0