diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2017-11-25 18:37:28 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-11-25 18:37:28 +0300 |
commit | 8fde6723e2e3dda5268783af43f2c790a3cf0b0c (patch) | |
tree | c4d1aaa72ca829f57dd21fc2d46c30f5a36727d5 | |
parent | d569e9eb409ec8c3585fa688c6e06d1b49d6fe61 (diff) |
Additional checks for log and report file
-rwxr-xr-x | lynis | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -238,15 +238,21 @@ Make sure to execute ${PROGRAM_NAME} from untarred directory or check your insta if [ -z "${LOGFILE}" ]; then # Try creating a log file in temporary directory if [ ! -f /tmp/lynis.log ]; then + if [ -L /tmp/lynis.log ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi touch /tmp/lynis.log if [ $? -eq 0 ]; then LOGFILE="/tmp/lynis.log"; else LOGFILE="/dev/null"; fi else LOGFILE="/tmp/lynis.log" fi + else + if [ -L "${LOGFILE}" ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi fi if [ -z "${REPORTFILE}" ]; then touch /tmp/lynis-report.dat + if [ -L /tmp/lynis-report.dat ]; then echo "Report file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi if [ $? -eq 0 ]; then REPORTFILE="/tmp/lynis-report.dat"; else REPORTFILE="/dev/null"; fi + else + if [ -L "${REPORTFILE}" ]; then echo "Report file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi fi fi # |