13.10_find_user_rhosts_files.sh

This commit is contained in:
thibault.dewailly 2016-04-16 18:55:44 +02:00
parent 83cd95756d
commit fbba59cc67
4 changed files with 67 additions and 3 deletions

View File

@ -13,4 +13,4 @@
# Execute blindly binaries
# Audit mode
# ls | sort -n
# ls | sort -V

View File

@ -0,0 +1,56 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
#
#
# 13.10 Check for Presence of User .rhosts Files (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
ERRORS=0
# This function will be called if the script status is on enabled / audit mode
audit () {
for DIR in $(cat /etc/passwd | egrep -v '(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false" && $7 !="/nonexistent" ) { print $6 }'); do
debug "Working on $DIR"
for FILE in $DIR/.rhosts; do
if [ ! -h "$FILE" -a -f "$FILE" ]; then
crit "$FILE present"
ERRORS=$((ERRORS+1))
fi
done
done
if [ $ERRORS = 0 ]; then
ok "No .rhosts present in users files"
fi
}
# This function will be called if the script status is on enabled mode
apply () {
info "If the audit returns something, please check with the user why he has this file"
}
# This function will check config parameters required
check_config() {
:
}
# Source Root Dir Parameter
if [ ! -r /etc/default/cis-hardenning ]; then
echo "There is no /etc/default/cis-hardenning FILE, cannot source CIS_ROOT_DIR variable, aborting"
exit 128
else
. /etc/default/cis-hardenning
if [ -z $CIS_ROOT_DIR ]; then
echo "No CIS_ROOT_DIR variable, aborting"
fi
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh

View File

@ -6,14 +6,14 @@
#
#
# 13.8 Check User Dot File Permissions (Scored)
# 13.9 Check Permissions on User .netrc Files (Scored)
#
set -e # One error, it's over
set -u # One variable unset, it's over
ERRORS=0
PERMISSIONS="600"
ERRORS=0
# This function will be called if the script status is on enabled / audit mode
audit () {
@ -26,10 +26,16 @@ audit () {
ok "$FILE has correct permissions"
else
crit "$FILE has not $PERMISSIONS permissions set"
ERRORS=$((ERRORS+1))
fi
fi
done
done
if [ $ERRORS = 0 ]; then
ok "permission $PERMISSIONS set on .netrc users files"
fi
}
# This function will be called if the script status is on enabled mode

View File

@ -0,0 +1,2 @@
# Configuration for script of same name
status=enabled