From 73316797e3fbd8ef8fadbe18365f6092e494dcfe Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 30 Nov 2016 14:38:28 +0000 Subject: [PATCH] Change rule to exclude nonexistent directory --- src/freedombone-utils-setup | 24 ++++++++++++++++++++++++ tests/check-uniq-names.sh | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup index 7d505d2e..8ecf39b3 100755 --- a/src/freedombone-utils-setup +++ b/src/freedombone-utils-setup @@ -425,6 +425,7 @@ function set_sticky_bits { } function lockdown_permissions { + # All commands owned by root if [ -d /bin ]; then chown root:root /bin/* fi @@ -448,6 +449,7 @@ function lockdown_permissions { chmod -R +r /usr/share/${PROJECT_NAME} fi + # All libraries owned by root if [ -d /lib ]; then chown -R root:root /lib/* fi @@ -461,10 +463,12 @@ function lockdown_permissions { chown -R root:root /usr/lib64/* fi + # sudo permissions chmod 4755 /usr/bin/sudo chmod 4755 /usr/lib/sudo/sudoers.so chown root:root /etc/sudoers + # permissions on email commands if [ -f /usr/bin/procmail ]; then chmod 6755 /usr/bin/procmail fi @@ -476,6 +480,26 @@ function lockdown_permissions { fi set_sticky_bits + + # Create some directories to correspond with users in passwords file + if [ ! -d /var/spool/lpd ]; then + mkdir /var/spool/lpd + fi + if [ ! -d /var/spool/news ]; then + mkdir /var/spool/news + fi + if [ ! -d /var/spool/uucp ]; then + mkdir /var/spool/uucp + fi + if [ ! -d /var/list ]; then + mkdir /var/list + fi + if [ ! -d /var/lib/gnats ]; then + mkdir /var/lib/gnats + fi + if [ ! -d /var/lib/saned ]; then + mkdir /var/lib/saned + fi } function disable_core_dumps { diff --git a/tests/check-uniq-names.sh b/tests/check-uniq-names.sh index d866d9af..acfe4ebb 100644 --- a/tests/check-uniq-names.sh +++ b/tests/check-uniq-names.sh @@ -1,5 +1,5 @@ #!/bin/bash -if [ $(pwck -rq | wc -l ) -ne 0 ];then +if [ $(pwck -r | sed '/nonexist/d' | sed '/\/home\//d' | sed '/\/run\//d' | sed '/no changes/d' | wc -l ) -ne 0 ];then exit 1 fi