-
Notifications
You must be signed in to change notification settings - Fork 159
/
Copy pathfile-directory-permissions
executable file
·52 lines (45 loc) · 1.5 KB
/
file-directory-permissions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
## kola:
## exclusive: false
## description: Verify that there are no files and directories
## with 'g+w' or 'o+w' permission in /etc, except the known lists.
set -xeuo pipefail
# shellcheck disable=SC1091
. "$KOLA_EXT_DATA/commonlib.sh"
# List of known files and directories with group write permission
list_known=()
# List of known files and directories with group write permission (RHCOS only)
list_known_rhcos=(
'/usr/share/licenses/publicsuffix-list-dafsa/COPYING'
)
is_fcos="false"
if [[ "$(source /etc/os-release && echo "${ID}")" == "fedora" ]]; then
is_fcos="true"
fi
unknown=""
while IFS= read -r -d '' e; do
found="false"
for k in "${list_known[@]}"; do
if [[ "${k}" == "${e}" ]]; then
found="true"
break
fi
done
if [[ "${is_fcos}" == "false" ]]; then
for k in "${list_known_rhcos[@]}"; do
if [[ "${k}" == "${e}" ]]; then
found="true"
break
fi
done
fi
if [[ "${found}" == "false" ]]; then
unknown+=" ${e}"
fi
done< <(find /usr /etc -type f -perm /022 -print0 -o -type d -perm /022 -print0)
if [[ -n "${unknown}" ]]; then
find /usr /etc -type f -perm /022 -print0 -o -type d -perm /022 -print0 | xargs -0 ls -al
find /usr /etc -type f -perm /022 -print0 -o -type d -perm /022 -print0 | xargs -0 rpm -qf
fatal "found files or directories with 'g+w' or 'o+w' permission"
fi
ok "no files with 'g+w' or 'o+w' permission found in /etc"