1#!/bin/sh
2
3#################################################################################
4#
5#   Lynis
6# ------------------
7#
8# Copyright 2007-2013, Michael Boelen
9# Copyright 2007-2021, CISOfy
10#
11# Website  : https://cisofy.com
12# Blog     : http://linux-audit.com
13# GitHub   : https://github.com/CISOfy/lynis
14#
15# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
16# welcome to redistribute it under the terms of the GNU General Public License.
17# See LICENSE file for usage of this software.
18#
19#################################################################################
20#
21#  File permissions
22#
23#################################################################################
24#
25    InsertSection "${SECTION_FILE_PERMISSIONS}"
26#
27#################################################################################
28#
29    # Test        : FILE-7524
30    # Description : Perform file permissions check
31    Register --test-no FILE-7524 --weight L --network NO --category security --description "Perform file permissions check"
32    if [ ${SKIPTEST} -eq 0 ]; then
33        Display --indent 2 --text "- Starting file permissions check"
34        LogText "Test: Checking file permissions"
35        FOUND=0
36        for PROFILE in ${PROFILES}; do
37            LogText "Using profile ${PROFILE} for baseline."
38            FILES=$(${EGREPBINARY} '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1)
39            for F in ${FILES}; do
40                LogText "Test: checking file/directory ${F}"
41                if [ -f "${F}" ]; then
42                    PERMS=$(${GREPBINARY} '^permfile=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2)
43                    if HasCorrectFilePermissions "${F}" "${PERMS}"; then
44                        Display --indent 4 --text "File: ${F}" --result "${STATUS_OK}" --color GREEN
45                    else
46                        Display --indent 4 --text "File: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW
47                        FOUND=1
48                    fi
49                elif [ -d "${F}" ]; then
50                    PERMS=$(${GREPBINARY} '^permdir=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2)
51                    if HasCorrectFilePermissions "${F}" "${PERMS}"; then
52                        Display --indent 4 --text "Directory: ${F}" --result "${STATUS_OK}" --color GREEN
53                    else
54                        Display --indent 4 --text "Directory: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW
55                        FOUND=1
56                    fi
57                else
58                    if IsVerbose; then Display --indent 4 --text "${F}" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
59                    LogText "Skipping file/directory ${F} as it does not exist on this system"
60                fi
61            done
62        done
63        if [ ${FOUND} -eq 1 ]; then
64            ReportSuggestion "${TEST_NO}" "Consider restricting file permissions" "See screen output or log file" "text:Use chmod to change file permissions"
65        fi
66    fi
67#
68#################################################################################
69#
70
71WaitForKeyPress
72
73#
74#================================================================================
75# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com
76