Merge branch 'stretch' of https://github.com/bashrc/freedombone
This commit is contained in:
commit
b77f10f737
|
@ -239,6 +239,7 @@ function add_cert_letsencrypt {
|
|||
chgrp -R ssl-cert /etc/letsencrypt
|
||||
chmod -R 600 /etc/letsencrypt
|
||||
chmod -R g=rX /etc/letsencrypt
|
||||
chown -R root:ssl-cert /etc/letsencrypt
|
||||
systemctl start nginx
|
||||
exit 63216
|
||||
fi
|
||||
|
@ -288,6 +289,7 @@ function add_cert_letsencrypt {
|
|||
chgrp -R ssl-cert /etc/letsencrypt
|
||||
chmod -R 600 /etc/letsencrypt
|
||||
chmod -R g=rX /etc/letsencrypt
|
||||
chown -R root:ssl-cert /etc/letsencrypt
|
||||
|
||||
nginx_ensite ${LETSENCRYPT_HOSTNAME}
|
||||
systemctl start nginx
|
||||
|
|
|
@ -689,6 +689,7 @@ function xmpp_onion_addresses {
|
|||
echo ' ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
|
||||
echo ' ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
|
||||
echo ' ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
|
||||
echo ' ["jabber.cat"] = "sybzodlxacch7st7.onion";' >> $filename
|
||||
echo ' ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
|
||||
echo '};' >> $filename
|
||||
}
|
||||
|
|
|
@ -645,6 +645,7 @@ function lockdown_permissions {
|
|||
if [ -d /etc/letsencrypt ]; then
|
||||
chmod -R 600 /etc/letsencrypt
|
||||
chmod -R g=rX /etc/letsencrypt
|
||||
chown -R root:ssl-cert /etc/letsencrypt
|
||||
fi
|
||||
chown -f root:root /etc/motd /etc/issue*
|
||||
chmod -f 0444 /etc/motd /etc/issue*
|
||||
|
|
|
@ -485,6 +485,12 @@ time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/
|
|||
if [ $2 -ne 0 ];then
|
||||
printf '\n######################\n\nSTIG-ID:RHEL-06-000046\n\nVulnerability Discussion: Files from shared library directories are loaded into the address space of processes (including privileged ones) or of the kernel itself at runtime. Proper ownership is necessary to protect the integrity of the system.\n\nFix text: System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default:\n\n/lib\n/lib64\n/usr/lib\n/usr/lib64\n\nIf any file in these directories is found to be owned by a user other than root, correct its ownership with the following command:\n\n#chown root [FILE]\n\n######################\n\n' >> $LOG
|
||||
fi
|
||||
find -L /lib \! -user root -exec ls -l {} \; | grep -v '> /dev/null'
|
||||
find -L /lib64 \! -user root -exec ls -l {} \;
|
||||
find -L /usr/lib \! -user root -exec ls -l {} \;
|
||||
if [ -d /usr/lib64 ]; then
|
||||
find -L /usr/lib64 \! -user root -exec ls -l {} \;
|
||||
fi
|
||||
;;
|
||||
V-38469) if [ "$3" = "en" ]; then
|
||||
log_msg $2 'All system command files must have mode 755 or less permissive.'
|
||||
|
|
Loading…
Reference in New Issue