Update changelog

FIX(main): fix small bug in main
The bug (introduced in 2.1-2) leaded to an error in the test that evaluates forcedstatus
2025-07-16 22:02:17 +02:00 · 2020-11-30 15:16:36 +01:00 · 2020-11-30 15:10:39 +01:00 · 2020-11-30 14:27:20 +01:00
3 changed files with 22 additions and 5 deletions
--- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
+++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
@ -29,6 +29,10 @@ audit () {
            ok "$FILE permissions were set to $PERMISSIONS"
        else
            has_file_correct_permissions $FILE 640
+            if [ $FNRET = 0 ]; then
+                ok "$FILE permissions were set to $PERMISSIONS"
+            else
+                has_file_correct_permissions $FILE 600
                if [ $FNRET = 0 ]; then
                    ok "$FILE permissions were set to $PERMISSIONS"
                else
@ -36,6 +40,7 @@ audit () {
                    crit "$FILE permissions were not set to $PERMISSIONS"
                fi
            fi
+        fi

    done

@ -70,6 +75,10 @@ apply () {
            ok "$FILE permissions were set to $PERMISSIONS"
        else
            has_file_correct_permissions $FILE 640
+            if [ $FNRET = 0 ]; then
+                ok "$FILE permissions were set to $PERMISSIONS"
+            else
+                has_file_correct_permissions $FILE 600
                if [ $FNRET = 0 ]; then
                    ok "$FILE permissions were set to $PERMISSIONS"
                else
@ -77,6 +86,7 @@ apply () {
                    chmod 0$PERMISSIONS $FILE
                fi
            fi
+        fi
    done

    for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub');
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,10 @@
+cis-hardening (2.1-3) unstable; urgency=medium
+
+  * Fix permissions on 5.2.3 (authorize 600)
+  * Fix minor bug with --create-config-files-only
+
+ -- Thibault Ayanides <tayanide@ovhcloud.com>  Mon, 30 Nov 2020 15:14:17 +0100
+
 cis-hardening (2.1-2) unstable; urgency=medium

  * Add --create-config-files-only mode that only create config files without running audit
--- a/lib/main.sh
+++ b/lib/main.sh
@ -69,7 +69,7 @@ if ! [ -r $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg ] ; then

 fi

-if [ $forcedstatus = "createconfig" ]; then
+if [ "$forcedstatus" = "createconfig" ] ; then
    debug "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg has been created"
    exit 0
 fi
Author	SHA1	Message	Date
Thibault Ayanides	9c3aa51982	Update changelog	2020-11-30 15:16:36 +01:00
Thibault Ayanides	b994ca11a7	FIX(main): fix small bug in main The bug (introduced in 2.1-2) leaded to an error in the test that evaluates forcedstatus	2020-11-30 15:10:39 +01:00
Thibault Ayanides	f4e0aafacc	IMP(5.2.3): fix possible permissions for 5.2.3	2020-11-30 14:27:20 +01:00