Ownership permissions on lockdown of letsencrypt

src/freedombone-addcert

@@ -239,6 +239,7 @@ function add_cert_letsencrypt {
         chgrp -R ssl-cert /etc/letsencrypt
         chmod -R 600 /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
+        chown -R root:ssl-cert /etc/letsencrypt
         systemctl start nginx
         exit 63216
     fi
@@ -288,6 +289,7 @@ function add_cert_letsencrypt {
     chgrp -R ssl-cert /etc/letsencrypt
     chmod -R 600 /etc/letsencrypt
     chmod -R g=rX /etc/letsencrypt
+    chown -R root:ssl-cert /etc/letsencrypt
 
     nginx_ensite ${LETSENCRYPT_HOSTNAME}
     systemctl start nginx

src/freedombone-utils-setup

@@ -645,6 +645,7 @@ function lockdown_permissions {
     if [ -d /etc/letsencrypt ]; then
         chmod -R 600 /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
+        chown -R root:ssl-cert /etc/letsencrypt
     fi
     chown -f root:root /etc/motd /etc/issue*
     chmod -f 0444 /etc/motd /etc/issue*

tests/output.sh

@@ -488,7 +488,9 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
               find -L /lib  \! -user root  -exec ls -l {} \; | grep -v '> /dev/null'
               find -L /lib64  \! -user root  -exec ls -l {} \;
               find -L /usr/lib  \! -user root  -exec ls -l {} \;
-              find -L /usr/lib64  \! -user root  -exec ls -l {} \;
+              if [ -d /usr/lib64 ]; then
+                  find -L /usr/lib64  \! -user root  -exec ls -l {} \;
+              fi
               ;;
     V-38469)  if [ "$3" = "en" ]; then
                   log_msg $2 'All system command files must have mode 755 or less permissive.'