fix(6.2.9): Start from UID 1000 for home ownership check (#164)

Rename 6.2.3 and 6.2.9 checks to be more accurate
Remove home existence check from 6.2.9 as it's handled by 6.2.3
Update tests accordingly
Fixes #163

Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>

Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
This commit is contained in:
Tarik Megzari
2022-09-30 10:28:48 +02:00
committed by GitHub
parent e478a89bad
commit 82a217032d
4 changed files with 2 additions and 26 deletions

View File

@ -23,30 +23,13 @@ ERRORS=0
# This function will be called if the script status is on enabled / audit mode
audit() {
debug "Checking homedir exists"
RESULT=$(get_db passwd | awk -F: '{ print $1 ":" $3 ":" $6 }')
for LINE in $RESULT; do
debug "Working on $LINE"
USER=$(awk -F: '{print $1}' <<<"$LINE")
USERID=$(awk -F: '{print $2}' <<<"$LINE")
DIR=$(awk -F: '{print $3}' <<<"$LINE")
if [ "$USERID" -ge 1000 ] && [ ! -d "$DIR" ] && [ "$USER" != "nfsnobody" ] && [ "$USER" != "nobody" ] && [ "$DIR" != "/nonexistent" ]; then
crit "The home directory ($DIR) of user $USER does not exist."
ERRORS=$((ERRORS + 1))
fi
done
if [ "$ERRORS" = 0 ]; then
ok "All home directories exists"
fi
debug "Checking homedir ownership"
RESULT=$(awk -F: '{ print $1 ":" $3 ":" $6 }' /etc/passwd)
for LINE in $RESULT; do
debug "Working on $LINE"
USER=$(awk -F: '{print $1}' <<<"$LINE")
USERID=$(awk -F: '{print $2}' <<<"$LINE")
DIR=$(awk -F: '{print $3}' <<<"$LINE")
if [ "$USERID" -ge 500 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then
if [ "$USERID" -ge 1000 ] && [ -d "$DIR" ] && [ "$USER" != "nfsnobody" ]; then
OWNER=$(stat -L -c "%U" "$DIR")
if [ "$OWNER" != "$USER" ]; then
EXCEP_FOUND=0