elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 05:27:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(5.2.3): fix possible permissions for 5.2.3

Browse Source
This commit is contained in:
Thibault Ayanides 2020-11-30 14:27:20 +01:00
parent d40a85085d
commit f4e0aafacc
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
View File

@ -29,6 +29,10 @@ audit () {
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
has_file_correct_permissions $FILE 640 has_file_correct_permissions $FILE 640
if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
has_file_correct_permissions $FILE 600
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
@ -36,6 +40,7 @@ audit () {
crit "$FILE permissions were not set to $PERMISSIONS" crit "$FILE permissions were not set to $PERMISSIONS"
fi fi
fi fi
fi
done done
@ -70,6 +75,10 @@ apply () {
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
has_file_correct_permissions $FILE 640 has_file_correct_permissions $FILE 640
if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS"
else
has_file_correct_permissions $FILE 600
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$FILE permissions were set to $PERMISSIONS" ok "$FILE permissions were set to $PERMISSIONS"
else else
@ -77,6 +86,7 @@ apply () {
chmod 0$PERMISSIONS $FILE chmod 0$PERMISSIONS $FILE
fi fi
fi fi
fi
done done
for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub');