From 079c5acc7829dbc22f4faebd33bb084c927cee10 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 7 Aug 2017 10:48:38 +0100 Subject: [PATCH] Show non-root files in stig result --- tests/check-cmd-owner.sh | 6 ------ tests/output.sh | 8 +++++++- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/check-cmd-owner.sh b/tests/check-cmd-owner.sh index 0f86c681..d862c591 100644 --- a/tests/check-cmd-owner.sh +++ b/tests/check-cmd-owner.sh @@ -7,7 +7,6 @@ if [ -d "/bin" ];then if [ $COUNT -eq 0 ];then : else - find -L /bin \! -user root -exec ls -l {} \; exit 1 fi fi @@ -18,7 +17,6 @@ if [ -d "/usr/bin" ];then if [ $COUNT -eq 0 ];then : else - find -L /usr/bin \! -user root -exec ls -l {} \; exit 1 fi fi @@ -29,7 +27,6 @@ if [ -d "/usr/local/bin" ];then if [ $COUNT -eq 0 ];then : else - find -L /usr/local/bin \! -user root -exec ls -l {} \; exit 1 fi fi @@ -40,7 +37,6 @@ if [ -d "/sbin" ];then if [ $COUNT -eq 0 ];then : else - find -L /sbin \! -user root -exec ls -l {} \; exit 1 fi fi @@ -51,7 +47,6 @@ if [ -d "/usr/sbin" ];then if [ $COUNT -eq 0 ];then : else - find -L /usr/sbin \! -user root -exec ls -l {} \; exit 1 fi fi @@ -62,7 +57,6 @@ if [ -d "/usr/local/sbin" ];then if [ $COUNT -eq 0 ];then : else - find -L /usr/local/sbin \! -user root -exec ls -l {} \; exit 1 fi fi diff --git a/tests/output.sh b/tests/output.sh index 78debf9b..2174039b 100644 --- a/tests/output.sh +++ b/tests/output.sh @@ -495,7 +495,13 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/ printf '\n######################\n\nSTIG-ID:RHEL-06-000047\n\nVulnerability Discussion: System binaries are executed by privileged users, as well as system services, and restrictive permissions are necessary to ensure execution of these programs cannot be co-opted.\n\nFix text: System executables are stored in the following directories by default:\n\n/bin\n/usr/bin\n/usr/local/bin\n/sbin\n/usr/sbin\n/usr/local/sbin\n\nIf any file in these directories is found to be group-writable or world-writable, correct its permission with the following command:\n\n#chmod go-w [FILE]\n\n######################\n\n' >> $LOG fi ;; - V-38472) if [ "$3" = "en" ]; then + V-38472) find -L /bin \! -user root -exec ls -l {} \; + find -L /usr/bin \! -user root -exec ls -l {} \; + find -L /usr/local/bin \! -user root -exec ls -l {} \; + find -L /sbin \! -user root -exec ls -l {} \; + find -L /usr/sbin \! -user root -exec ls -l {} \; + find -L /usr/local/sbin \! -user root -exec ls -l {} \; + if [ "$3" = "en" ]; then log_msg $2 'All system command files must be owned by root.' else log_msg $2 '所有系统命令文件的属主必须为root用户。'