mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 05:27:01 +01:00
Add functions utils
I added two functions in utils that checks perms and ownership for file resulting for a certain find. It takes parameters to filter the results if needed.
This commit is contained in:
parent
d6e5803252
commit
a37c5bdc4e
@ -16,10 +16,12 @@ DESCRIPTION="Check permissions on logs (other has no permissions on any files an
|
|||||||
|
|
||||||
DIR='/var/log'
|
DIR='/var/log'
|
||||||
PERMISSIONS='640'
|
PERMISSIONS='640'
|
||||||
|
OPTIONS=(-type f)
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit () {
|
audit () {
|
||||||
have_files_in_dir_correct_permissions $DIR $PERMISSIONS
|
have_files_in_dir_correct_permissions $DIR $PERMISSIONS OPTIONS
|
||||||
|
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "Logs in $DIR have correct permissions"
|
ok "Logs in $DIR have correct permissions"
|
||||||
else
|
else
|
||||||
@ -29,9 +31,9 @@ audit () {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
have_files_in_dir_correct_permissions $DIR $PERMISSIONS
|
have_files_in_dir_correct_permissions $DIR $PERMISSIONS OPTIONS
|
||||||
if [ $FNRET = 0 ]; then
|
if [ $FNRET = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "Logs in $DIR have correct permissions"
|
||||||
else
|
else
|
||||||
info "fixing $DIR logs permissions to $PERMISSIONS"
|
info "fixing $DIR logs permissions to $PERMISSIONS"
|
||||||
find $DIR -type f -exec chmod 0$PERMISSIONS {} \;
|
find $DIR -type f -exec chmod 0$PERMISSIONS {} \;
|
||||||
|
28
lib/utils.sh
28
lib/utils.sh
@ -84,6 +84,29 @@ has_file_correct_ownership() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
have_files_in_dir_correct_ownership(){
|
||||||
|
local DIR=$1
|
||||||
|
local USER=$2
|
||||||
|
local GROUP=$3
|
||||||
|
local name=$4[@]
|
||||||
|
local OPTIONS=("${!name}")
|
||||||
|
|
||||||
|
local USERID=$(id -u $USER)
|
||||||
|
local GROUPID=$(getent group $GROUP | cut -d: -f3)
|
||||||
|
|
||||||
|
FNRET=0
|
||||||
|
OIFS="$IFS"
|
||||||
|
IFS=$'\n' # prevents word splitting
|
||||||
|
for owner in $("$SUDO_CMD find $DIR" "${OPTIONS[@]}" "-exec stat -c '%u %g' {} \;");
|
||||||
|
do
|
||||||
|
if [ "$owner" != "$USERID $GROUPID" ]; then
|
||||||
|
FNRET=1
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
IFS="$OIFS"
|
||||||
|
}
|
||||||
|
|
||||||
has_file_correct_permissions() {
|
has_file_correct_permissions() {
|
||||||
local FILE=$1
|
local FILE=$1
|
||||||
local PERMISSIONS=$2
|
local PERMISSIONS=$2
|
||||||
@ -98,10 +121,13 @@ has_file_correct_permissions() {
|
|||||||
have_files_in_dir_correct_permissions(){
|
have_files_in_dir_correct_permissions(){
|
||||||
local DIR=$1
|
local DIR=$1
|
||||||
local PERMISSIONS=$2
|
local PERMISSIONS=$2
|
||||||
|
local name=$3[@]
|
||||||
|
local OPTIONS=("${!name}")
|
||||||
|
|
||||||
FNRET=0
|
FNRET=0
|
||||||
for perm in $($SUDO_CMD find "$DIR" -type f -exec stat -L -c "%a" {} \;);
|
for perm in $("$SUDO_CMD find $DIR" "${OPTIONS[@]}" "-exec stat -L -c '%a' {} \;");
|
||||||
do
|
do
|
||||||
|
echo "$perm ttt $PERMISSIONS"
|
||||||
if [ "$perm" != "$PERMISSIONS" ]; then
|
if [ "$perm" != "$PERMISSIONS" ]; then
|
||||||
FNRET=1
|
FNRET=1
|
||||||
break
|
break
|
||||||
|
Loading…
Reference in New Issue
Block a user