diff options
| author | Lukas Pirl <github@lukas-pirl.de> | 2016-07-11 17:48:25 +0300 |
|---|---|---|
| committer | Michael Boelen <michael@cisofy.com> | 2016-07-11 17:48:25 +0300 |
| commit | 9a5647f66ce699c9a9d93e7c1b2ccec6d87703a4 (patch) | |
| tree | efa484ef233a4ded305c3c43540b4d41391aee4d | |
| parent | 62e6af17de3c994387b31a879e77ae23dae72583 (diff) | |
added test FILE-6337: check if /proc mounted with hidepid=(1|2) (#225)
to hide users' sensitive files in /proc from other users
(see `man proc` for details)
| -rw-r--r-- | include/tests_filesystems | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index 849c34e9..5c943a61 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -291,6 +291,32 @@ # ################################################################################# # + # Test : FILE-6337 + # Description : Check proc mount options (Linux >=3.3 only) + # Examples : proc /proc proc defaults,hidepid=2 0 0 + # Goal : Users should not be able to see processes of other users + + if [ -f /proc/version ] && [ "$(cat /proc/version | cut -d" " -f3)" \> "3.2" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FILE-6337 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Checking proc mount options" + if [ ${SKIPTEST} -eq 0 ]; then + # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least + LogText "Test: check proc mount with incorrect mount options" + FIND=`mount | grep proc | egrep -o "hidepid=[0-9]"` + if [ "${FIND}" = "hidepid=2" ]; then + Display --indent 2 --text "- Testing proc mount" --result "${STATUS_OK}" --color GREEN + LogText "Result: proc mount mounted with hidepid=2" + else + if [ "${FIND}" = "" ]; then + HIDEPID1_SUGGESTION=" (or at least hidepid=1)" + fi + Display --indent 2 --text "- Testing proc mount" --result "${STATUS_SUGGESTION}" --color YELLOW + LogText "Result: proc file system not mounted with option hidepid=2$HIDEPID1_SUGGESTION" + ReportSuggestion ${TEST_NO} "Consider mounting /proc via /etc/fstab with mount option hidepid=2$HIDEPID1_SUGGESTION" + fi + fi +# +################################################################################# +# # Test : FILE-6354 # Description : Search files within /tmp which are older than 3 months if [ -d /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi |