mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-25 23:11:24 +01:00
fix: allow passwd-, group- and shadow- debian default permissions (#149)
This commit is contained in:
parent
33964c0a3d
commit
ad5c71c3ce
@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:root ownership on /etc/passwd-"
|
|||||||
|
|
||||||
FILE='/etc/passwd-'
|
FILE='/etc/passwd-'
|
||||||
PERMISSIONS='600'
|
PERMISSIONS='600'
|
||||||
|
PERMISSIONSOK='644 640 600'
|
||||||
USER='root'
|
USER='root'
|
||||||
GROUP='root'
|
GROUP='root'
|
||||||
|
|
||||||
@ -28,7 +29,7 @@ audit() {
|
|||||||
if [ "$FNRET" != 0 ]; then
|
if [ "$FNRET" != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
|
@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:shadow ownership on /etc/shadow-"
|
|||||||
|
|
||||||
FILE='/etc/shadow-'
|
FILE='/etc/shadow-'
|
||||||
PERMISSIONS='600'
|
PERMISSIONS='600'
|
||||||
|
PERMISSIONSOK='640 600'
|
||||||
USER='root'
|
USER='root'
|
||||||
GROUP='shadow'
|
GROUP='shadow'
|
||||||
|
|
||||||
@ -28,7 +29,7 @@ audit() {
|
|||||||
if [ "$FNRET" != 0 ]; then
|
if [ "$FNRET" != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
|
@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:root ownership on /etc/group-"
|
|||||||
|
|
||||||
FILE='/etc/group-'
|
FILE='/etc/group-'
|
||||||
PERMISSIONS='600'
|
PERMISSIONS='600'
|
||||||
|
PERMISSIONSOK='644 640 600'
|
||||||
USER='root'
|
USER='root'
|
||||||
GROUP='root'
|
GROUP='root'
|
||||||
|
|
||||||
@ -28,7 +29,7 @@ audit() {
|
|||||||
if [ "$FNRET" != 0 ]; then
|
if [ "$FNRET" != 0 ]; then
|
||||||
ok "$FILE does not exist"
|
ok "$FILE does not exist"
|
||||||
else
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
else
|
else
|
||||||
|
@ -10,6 +10,13 @@ test_audit() {
|
|||||||
local test_user="testetcpasswd-user"
|
local test_user="testetcpasswd-user"
|
||||||
local test_file="/etc/passwd-"
|
local test_file="/etc/passwd-"
|
||||||
|
|
||||||
|
describe Debian default right shall be accepted
|
||||||
|
chmod 644 "$test_file"
|
||||||
|
chown root:root "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "has correct permissions"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
describe Tests purposely failing
|
describe Tests purposely failing
|
||||||
chmod 777 "$test_file"
|
chmod 777 "$test_file"
|
||||||
register_test retvalshouldbe 1
|
register_test retvalshouldbe 1
|
||||||
|
@ -10,6 +10,13 @@ test_audit() {
|
|||||||
local test_user="testetcshadow-user"
|
local test_user="testetcshadow-user"
|
||||||
local test_file="/etc/shadow-"
|
local test_file="/etc/shadow-"
|
||||||
|
|
||||||
|
describe Debian default right shall be accepted
|
||||||
|
chmod 640 "$test_file"
|
||||||
|
chown root:shadow "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "has correct permissions"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
describe Tests purposely failing
|
describe Tests purposely failing
|
||||||
chmod 777 "$test_file"
|
chmod 777 "$test_file"
|
||||||
register_test retvalshouldbe 1
|
register_test retvalshouldbe 1
|
||||||
|
@ -10,6 +10,13 @@ test_audit() {
|
|||||||
local test_user="testetcgroup--user"
|
local test_user="testetcgroup--user"
|
||||||
local test_file="/etc/group-"
|
local test_file="/etc/group-"
|
||||||
|
|
||||||
|
describe Debian default right shall be accepted
|
||||||
|
chmod 644 "$test_file"
|
||||||
|
chown root:root "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "has correct permissions"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
describe Tests purposely failing
|
describe Tests purposely failing
|
||||||
chmod 777 "$test_file"
|
chmod 777 "$test_file"
|
||||||
register_test retvalshouldbe 1
|
register_test retvalshouldbe 1
|
||||||
|
Loading…
Reference in New Issue
Block a user