Show any world writable files

This commit is contained in:
Bob Mottram 2017-04-14 10:39:02 +01:00
parent 14617a85d9
commit c7d31702b4
1 changed files with 2 additions and 1 deletions

View File

@ -1591,7 +1591,8 @@ site:\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
printf '\n######################\n\nSTIG-ID:RHEL-06-000281\n\nVulnerability Discussion: The hash on important files like audit system executables should match the information given by the packages. Audit executables with erroneous hashes could be a sign of nefarious activity on the system.\n\nFix text: In Debian there is directly way to get the package\047s hash and change it.\n\nThere\047s one way to use :\n\n#aptitude download auditd\n\nTo dowanload the package\047s file and use dpkg -c <package.deb> to extract it and use sha512sum to get the origin hash and compare with the current hash and change it manually\n\n' >> $LOG printf '\n######################\n\nSTIG-ID:RHEL-06-000281\n\nVulnerability Discussion: The hash on important files like audit system executables should match the information given by the packages. Audit executables with erroneous hashes could be a sign of nefarious activity on the system.\n\nFix text: In Debian there is directly way to get the package\047s hash and change it.\n\nThere\047s one way to use :\n\n#aptitude download auditd\n\nTo dowanload the package\047s file and use dpkg -c <package.deb> to extract it and use sha512sum to get the origin hash and compare with the current hash and change it manually\n\n' >> $LOG
fi fi
;; ;;
V-38643) if [ "$3" = "en" ]; then V-38643) find / -xdev -type f -perm -002
if [ "$3" = "en" ]; then
log_msg $2 'There must be no world-writable files on the system.' log_msg $2 'There must be no world-writable files on the system.'
else else
log_msg $2 '系统上必须没有允许任意用户都可以进行修改的文件。' log_msg $2 '系统上必须没有允许任意用户都可以进行修改的文件。'