elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 11:34:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

IMP(shellcheck): replace ls parsing by stat

Browse Source
This commit is contained in:
Thibault Ayanides
2020-12-14 16:14:37 +01:00
parent cdaee7786a
commit f4ba90352b
6 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/6.2.10_check_user_dot_file_perm.sh
View File

@ -25,7 +25,7 @@ audit() {
debug "Working on $DIR"
for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
FILEPERM=$(stat -c "%A" "$FILE")
if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
crit "Group Write permission set on FILE $FILE"
ERRORS=$((ERRORS + 1))
@ -48,7 +48,7 @@ apply() {
for DIR in $(get_db passwd | grep -Ev '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
for FILE in "$DIR"/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" ] && [ -f "$FILE" ]; then
FILEPERM=$(ls -ld "$FILE" | cut -f1 -d" ")
FILEPERM=$(stat -c "%A" "$FILE")
if [ "$(echo "$FILEPERM" | cut -c6)" != "-" ]; then
warn "Group Write permission set on FILE $FILE"
chmod g-w "$FILE"