Add functions utils

I added two functions in utils that checks perms and ownership for file
resulting for a certain find. It takes parameters to filter the results
if needed.
This commit is contained in:
Thibault Ayanides 2020-10-05 17:01:13 +02:00
parent d6e5803252
commit a37c5bdc4e
2 changed files with 33 additions and 5 deletions

View File

@ -16,10 +16,12 @@ DESCRIPTION="Check permissions on logs (other has no permissions on any files an
DIR='/var/log' DIR='/var/log'
PERMISSIONS='640' PERMISSIONS='640'
OPTIONS=(-type f)
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
have_files_in_dir_correct_permissions $DIR $PERMISSIONS have_files_in_dir_correct_permissions $DIR $PERMISSIONS OPTIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "Logs in $DIR have correct permissions" ok "Logs in $DIR have correct permissions"
else else
@ -29,9 +31,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
have_files_in_dir_correct_permissions $DIR $PERMISSIONS have_files_in_dir_correct_permissions $DIR $PERMISSIONS OPTIONS
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE has correct permissions" ok "Logs in $DIR have correct permissions"
else else
info "fixing $DIR logs permissions to $PERMISSIONS" info "fixing $DIR logs permissions to $PERMISSIONS"
find $DIR -type f -exec chmod 0$PERMISSIONS {} \; find $DIR -type f -exec chmod 0$PERMISSIONS {} \;

View File

@ -84,6 +84,29 @@ has_file_correct_ownership() {
fi fi
} }
have_files_in_dir_correct_ownership(){
local DIR=$1
local USER=$2
local GROUP=$3
local name=$4[@]
local OPTIONS=("${!name}")
local USERID=$(id -u $USER)
local GROUPID=$(getent group $GROUP | cut -d: -f3)
FNRET=0
OIFS="$IFS"
IFS=$'\n' # prevents word splitting
for owner in $("$SUDO_CMD find $DIR" "${OPTIONS[@]}" "-exec stat -c '%u %g' {} \;");
do
if [ "$owner" != "$USERID $GROUPID" ]; then
FNRET=1
break
fi
done
IFS="$OIFS"
}
has_file_correct_permissions() { has_file_correct_permissions() {
local FILE=$1 local FILE=$1
local PERMISSIONS=$2 local PERMISSIONS=$2
@ -98,10 +121,13 @@ has_file_correct_permissions() {
have_files_in_dir_correct_permissions(){ have_files_in_dir_correct_permissions(){
local DIR=$1 local DIR=$1
local PERMISSIONS=$2 local PERMISSIONS=$2
local name=$3[@]
local OPTIONS=("${!name}")
FNRET=0 FNRET=0
for perm in $($SUDO_CMD find "$DIR" -type f -exec stat -L -c "%a" {} \;); for perm in $("$SUDO_CMD find $DIR" "${OPTIONS[@]}" "-exec stat -L -c '%a' {} \;");
do do
echo "$perm ttt $PERMISSIONS"
if [ "$perm" != "$PERMISSIONS" ]; then if [ "$perm" != "$PERMISSIONS" ]; then
FNRET=1 FNRET=1
break break