diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-03-31 17:55:49 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2020-03-31 19:09:57 +0300 |
commit | 179f7d3442d4821972e77fe3355e3bb479981f4a (patch) | |
tree | 4fd1186caa43ddc1c87b2406d723a5c7049304b2 | |
parent | 288bca9334e4b311a9d096af87c7ee0989e8359d (diff) |
Enhance binaries report
Report also number of set-uid and set-gid binaries found.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
-rw-r--r-- | include/binaries | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/include/binaries b/include/binaries index 5884fc0c..5f23f13a 100644 --- a/include/binaries +++ b/include/binaries @@ -74,6 +74,10 @@ fi done + NSUID_BINARIES=0 + NSGID_BINARIES=0 + SUID_BINARIES= + SGID_BINARIES= # Now perform binary detection for SCANDIR in ${BIN_PATHS}; do SCANDIR=$(echo "${SCANDIR}" | sed 's/!!space!!/ /g') @@ -115,6 +119,14 @@ COUNT=$((COUNT + 1)) BINARY="${SCANDIR}/${FILENAME}" DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} " + if [ -u ${BINARY} ]; then + NSUID_BINARIES=$((NSUID_BINARIES + 1)) + SUID_BINARIES="${SUID_BINARIES}${BINARY} " + fi + if [ -g ${BINARY} ]; then + NSGID_BINARIES=$((NSGID_BINARIES + 1)) + SGID_BINARIES="${SGID_BINARIES}${BINARY} " + fi # Optimized, much quicker (limited file access needed) case ${FILENAME} in aa-status) AASTATUSBINARY=${BINARY}; LogText " Found known binary: aa-status (apparmor component) - ${BINARY}" ;; @@ -311,8 +323,10 @@ BINARY_SCAN_FINISHED=1 BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/, /,/g') LogText "Discovered directories: ${BINARY_PATHS_FOUND}" - LogText "Result: found ${COUNT} binaries" - Report "binaries_count=${COUNT}" + LogText "Result: found ${COUNT} binaries including ${NSUID_BINARIES} set-uid and ${NSGID_BINARIES} set-gid" + LogText "Result: set-uid binaries: ${SUID_BINARIES}" + LogText "Result: set-gid binaries: ${SGID_BINARIES}" + Report "binaries_count=${COUNT} suid_count=${SUID_BINARIES} sgid_count=${SGID_BINARIES}" Report "binary_paths=${BINARY_PATHS_FOUND}" # Test if the basic system tools are defined. These will be used during the audit. |