free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2018-01-07 12:14:25 +00:00
parent 41e2dbdccc 1cea492656
commit b77f10f737
5 changed files with 34 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/freedombone-addcert
View File

@ -239,6 +239,7 @@ function add_cert_letsencrypt {
chgrp -R ssl-cert /etc/letsencrypt chgrp -R ssl-cert /etc/letsencrypt
chmod -R 600 /etc/letsencrypt chmod -R 600 /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt
systemctl start nginx systemctl start nginx
exit 63216 exit 63216
fi fi
@ -288,6 +289,7 @@ function add_cert_letsencrypt {
chgrp -R ssl-cert /etc/letsencrypt chgrp -R ssl-cert /etc/letsencrypt
chmod -R 600 /etc/letsencrypt chmod -R 600 /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt
nginx_ensite ${LETSENCRYPT_HOSTNAME} nginx_ensite ${LETSENCRYPT_HOSTNAME}
systemctl start nginx systemctl start nginx

1
src/freedombone-app-xmpp
View File

@ -689,6 +689,7 @@ function xmpp_onion_addresses {
echo ' ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename echo ' ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
echo ' ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename echo ' ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
echo ' ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename echo ' ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
echo ' ["jabber.cat"] = "sybzodlxacch7st7.onion";' >> $filename
echo ' ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename echo ' ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
echo '};' >> $filename echo '};' >> $filename
} }

1
src/freedombone-utils-setup
View File

@ -645,6 +645,7 @@ function lockdown_permissions {
if [ -d /etc/letsencrypt ]; then if [ -d /etc/letsencrypt ]; then
chmod -R 600 /etc/letsencrypt chmod -R 600 /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt chmod -R g=rX /etc/letsencrypt
chown -R root:ssl-cert /etc/letsencrypt
fi fi
chown -f root:root /etc/motd /etc/issue* chown -f root:root /etc/motd /etc/issue*
chmod -f 0444 /etc/motd /etc/issue* chmod -f 0444 /etc/motd /etc/issue*

48
tests/check-libs-owner.sh
View File

@ -2,41 +2,41 @@
if [ -d "/lib" ];then if [ -d "/lib" ];then
COUNT=$(find -L /lib \! -user root -exec ls -l {} \; | grep -v '> /dev/null' | wc -l) COUNT=$(find -L /lib \! -user root -exec ls -l {} \; | grep -v '> /dev/null' | wc -l)
if [ $COUNT -eq 0 ];then if [ $COUNT -eq 0 ];then
: :
else else
exit 1 exit 1
fi fi
fi fi
if [ -d "/lib64" ];then if [ -d "/lib64" ];then
COUNT=$(find -L /lib64 \! -user root -exec ls -l {} \; |wc -l) COUNT=$(find -L /lib64 \! -user root -exec ls -l {} \; |wc -l)
if [ $COUNT -eq 0 ];then if [ $COUNT -eq 0 ];then
: :
else else
exit 1 exit 1
fi fi
fi fi
if [ -d "/usr/lib" ];then if [ -d "/usr/lib" ];then
COUNT=$(find -L /usr/lib \! -user root -exec ls -l {} \; |wc -l) COUNT=$(find -L /usr/lib \! -user root -exec ls -l {} \; |wc -l)
if [ $COUNT -eq 0 ];then if [ $COUNT -eq 0 ];then
: :
else else
exit 1 exit 1
fi fi
fi fi
if [ -d "/usr/lib64" ];then if [ -d "/usr/lib64" ];then
COUNT=$(find -L /usr/lib64 \! -user root -exec ls -l {} \; |wc -l) COUNT=$(find -L /usr/lib64 \! -user root -exec ls -l {} \; |wc -l)
if [ $COUNT -eq 0 ];then if [ $COUNT -eq 0 ];then
: :
else else
exit 1 exit 1
fi fi
fi fi

6
tests/output.sh
View File

@ -485,6 +485,12 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
if [ $2 -ne 0 ];then if [ $2 -ne 0 ];then
printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion: Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion: Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG
fi fi
find -L /lib \! -user root -exec ls -l {} \; | grep -v '> /dev/null'
find -L /lib64 \! -user root -exec ls -l {} \;
find -L /usr/lib \! -user root -exec ls -l {} \;
if [ -d /usr/lib64 ]; then
find -L /usr/lib64 \! -user root -exec ls -l {} \;
fi
;; ;;
V-38469) if [ "$3" = "en" ]; then V-38469) if [ "$3" = "en" ]; then
log_msg $2 'All system command files must have mode 755 or less permissive.' log_msg $2 'All system command files must have mode 755 or less permissive.'