elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-02 23:39:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add sudo management in main and utils

Browse Source 
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
This commit is contained in:
Charles Herlin
2017-11-09 15:45:42 +01:00
parent b5a952e0f0
commit b41df080cf
30 changed files with 187 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/12.11_find_sgid_files.sh
View File

@ -16,7 +16,7 @@ HARDENING_LEVEL=2
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if there are sgid files"
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 -print)
RESULT=$(df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' $SUDO_CMD find '{}' -xdev -type f -perm -2000 -print)
for BINARY in $RESULT; do
if grep -q $BINARY <<< "$EXCEPTIONS"; then
debug "$BINARY is confirmed as an exception"