elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow passwd-, group- and shadow- debian default permissions (#149)

Browse Source
This commit is contained in:
GoldenKiwi 2022-03-18 16:41:49 +01:00 committed by GitHub
parent 33964c0a3d
commit ad5c71c3ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:root ownership on /etc/passwd-"
FILE='/etc/passwd-' FILE='/etc/passwd-'
PERMISSIONS='600' PERMISSIONS='600'
PERMISSIONSOK='644 640 600'
USER='root' USER='root'
GROUP='root' GROUP='root'
@ -28,7 +29,7 @@ audit() {
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist" ok "$FILE does not exist"
else else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else

3
bin/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:shadow ownership on /etc/shadow-"
FILE='/etc/shadow-' FILE='/etc/shadow-'
PERMISSIONS='600' PERMISSIONS='600'
PERMISSIONSOK='640 600'
USER='root' USER='root'
GROUP='shadow' GROUP='shadow'
@ -28,7 +29,7 @@ audit() {
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist" ok "$FILE does not exist"
else else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else

3
bin/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -19,6 +19,7 @@ DESCRIPTION="Check 600 permissions and root:root ownership on /etc/group-"
FILE='/etc/group-' FILE='/etc/group-'
PERMISSIONS='600' PERMISSIONS='600'
PERMISSIONSOK='644 640 600'
USER='root' USER='root'
GROUP='root' GROUP='root'
@ -28,7 +29,7 @@ audit() {
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist" ok "$FILE does not exist"
else else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else

7
tests/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -10,6 +10,13 @@ test_audit() {
local test_user="testetcpasswd-user" local test_user="testetcpasswd-user"
local test_file="/etc/passwd-" local test_file="/etc/passwd-"
describe Debian default right shall be accepted
chmod 644 "$test_file"
chown root:root "$test_file"
register_test retvalshouldbe 0
register_test contain "has correct permissions"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Tests purposely failing describe Tests purposely failing
chmod 777 "$test_file" chmod 777 "$test_file"
register_test retvalshouldbe 1 register_test retvalshouldbe 1

7
tests/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -10,6 +10,13 @@ test_audit() {
local test_user="testetcshadow-user" local test_user="testetcshadow-user"
local test_file="/etc/shadow-" local test_file="/etc/shadow-"
describe Debian default right shall be accepted
chmod 640 "$test_file"
chown root:shadow "$test_file"
register_test retvalshouldbe 0
register_test contain "has correct permissions"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Tests purposely failing describe Tests purposely failing
chmod 777 "$test_file" chmod 777 "$test_file"
register_test retvalshouldbe 1 register_test retvalshouldbe 1

7
tests/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -10,6 +10,13 @@ test_audit() {
local test_user="testetcgroup--user" local test_user="testetcgroup--user"
local test_file="/etc/group-" local test_file="/etc/group-"
describe Debian default right shall be accepted
chmod 644 "$test_file"
chown root:root "$test_file"
register_test retvalshouldbe 0
register_test contain "has correct permissions"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Tests purposely failing describe Tests purposely failing
chmod 777 "$test_file" chmod 777 "$test_file"
register_test retvalshouldbe 1 register_test retvalshouldbe 1