elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: 99.1.3_acc_sudoers_no_all: fix a race condition (#186)

Browse Source 
On systems where /etc/sudoers.d might be updated often by some automated means, this
check might raise a critical when a previously present file (during the ls) is no longer
present (during its attempted read), so before raising a critical, re-check that it
does exists first.
This commit is contained in:
Stéphane Lesimple 2023-07-03 17:05:45 +02:00 committed by GitHub
parent bd27cd0dae
commit 873ef8827d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/hardening/99.1.3_acc_sudoers_no_all.sh
View File

@ -60,7 +60,13 @@ audit() {
fi fi
for file in $FILES; do for file in $FILES; do
if $SUDO_CMD [ ! -r "$file" ]; then if $SUDO_CMD [ ! -r "$file" ]; then
debug "$file is not readable, but it might just have disappeared since we've listed the folder contents, re-check that it exists"
if $SUDO_CMD [ -e "$file" ]; then
crit "$file is not readable" crit "$file is not readable"
else
debug "$file has disappeared, ignore it"
continue
fi
else else
if ! $SUDO_CMD grep -E "$REGEX" "$file" &>/dev/null; then if ! $SUDO_CMD grep -E "$REGEX" "$file" &>/dev/null; then
if [ $skiplog = 0 ]; then if [ $skiplog = 0 ]; then