Show non-root files in stig result

2017-08-07 10:48:38 +01:00 · 2017-08-07 10:48:38 +01:00 · 079c5acc78
parent b8a873f9d2
commit 079c5acc78
2 changed files with 7 additions and 7 deletions
--- a/tests/check-cmd-owner.sh
+++ b/tests/check-cmd-owner.sh
@ -7,7 +7,6 @@ if [ -d "/bin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /bin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
@ -18,7 +17,6 @@ if [ -d "/usr/bin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /usr/bin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
@ -29,7 +27,6 @@ if [ -d "/usr/local/bin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
@ -40,7 +37,6 @@ if [ -d "/sbin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /sbin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
@ -51,7 +47,6 @@ if [ -d "/usr/sbin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /usr/sbin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
@ -62,7 +57,6 @@ if [ -d "/usr/local/sbin" ];then
    if [ $COUNT -eq 0 ];then
        :
    else
-        find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
        exit 1
    fi
 fi
--- a/tests/output.sh
+++ b/tests/output.sh
@ -495,7 +495,13 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
                  printf '\n######################\n\nSTIG-ID:RHEL-06-000047\n\nVulnerability Discussion: System binaries are executed by privileged users, as well as system services, and restrictive permissions are necessary to ensure execution of these programs cannot be co-opted.\n\nFix text: System executables are stored in the following directories by default:\n\n/bin\n/usr/bin\n/usr/local/bin\n/sbin\n/usr/sbin\n/usr/local/sbin\n\nIf any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:\n\n#chmod go-w [FILE]\n\n######################\n\n' >> $LOG
              fi
              ;;
-    V-38472)  if [ "$3" = "en" ]; then
+    V-38472)  find -L /bin  \! -user root  -exec ls -l {} \;
+              find -L /usr/bin  \! -user root  -exec ls -l {} \;
+              find -L /usr/local/bin  \! -user root  -exec ls -l {} \;
+              find -L /sbin  \! -user root  -exec ls -l {} \;
+              find -L /usr/sbin  \! -user root  -exec ls -l {} \;
+              find -L /usr/local/sbin  \! -user root  -exec ls -l {} \;
+              if [ "$3" = "en" ]; then
                  log_msg $2 'All system command files must be owned by root.'
              else
                  log_msg $2 '所有系统命令文件的属主必须为root用户。'