1#!/bin/sh 2 3################################################################################# 4# 5# Lynis 6# ------------------ 7# 8# Copyright 2007-2013, Michael Boelen 9# Copyright 2007-2021, CISOfy 10# 11# Website : https://cisofy.com 12# Blog : http://linux-audit.com 13# GitHub : https://github.com/CISOfy/lynis 14# 15# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 16# welcome to redistribute it under the terms of the GNU General Public License. 17# See LICENSE file for usage of this software. 18# 19################################################################################# 20# 21# File permissions 22# 23################################################################################# 24# 25 InsertSection "${SECTION_FILE_PERMISSIONS}" 26# 27################################################################################# 28# 29 # Test : FILE-7524 30 # Description : Perform file permissions check 31 Register --test-no FILE-7524 --weight L --network NO --category security --description "Perform file permissions check" 32 if [ ${SKIPTEST} -eq 0 ]; then 33 Display --indent 2 --text "- Starting file permissions check" 34 LogText "Test: Checking file permissions" 35 FOUND=0 36 for PROFILE in ${PROFILES}; do 37 LogText "Using profile ${PROFILE} for baseline." 38 FILES=$(${EGREPBINARY} '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1) 39 for F in ${FILES}; do 40 LogText "Test: checking file/directory ${F}" 41 if [ -f "${F}" ]; then 42 PERMS=$(${GREPBINARY} '^permfile=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2) 43 if HasCorrectFilePermissions "${F}" "${PERMS}"; then 44 Display --indent 4 --text "File: ${F}" --result "${STATUS_OK}" --color GREEN 45 else 46 Display --indent 4 --text "File: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW 47 FOUND=1 48 fi 49 elif [ -d "${F}" ]; then 50 PERMS=$(${GREPBINARY} '^permdir=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2) 51 if HasCorrectFilePermissions "${F}" "${PERMS}"; then 52 Display --indent 4 --text "Directory: ${F}" --result "${STATUS_OK}" --color GREEN 53 else 54 Display --indent 4 --text "Directory: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW 55 FOUND=1 56 fi 57 else 58 if IsVerbose; then Display --indent 4 --text "${F}" --result "${STATUS_NOT_FOUND}" --color WHITE; fi 59 LogText "Skipping file/directory ${F} as it does not exist on this system" 60 fi 61 done 62 done 63 if [ ${FOUND} -eq 1 ]; then 64 ReportSuggestion "${TEST_NO}" "Consider restricting file permissions" "See screen output or log file" "text:Use chmod to change file permissions" 65 fi 66 fi 67# 68################################################################################# 69# 70 71WaitForKeyPress 72 73# 74#================================================================================ 75# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com 76