Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/functions
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2019-08-17 17:48:46 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2019-08-17 17:48:46 +0300
commit0a3f42afbc3b4c325e99696e91b30bcd54001930 (patch)
tree5d5ac113f421b6480ca7bd36ab6824a0da496d66 /include/functions
parent8b9d853174be38d5f5ef7f4f7911d9bf319a2a7a (diff)
New function HasCorrectFilePermissions
Diffstat (limited to 'include/functions')
-rw-r--r--include/functions68
1 files changed, 68 insertions, 0 deletions
diff --git a/include/functions b/include/functions
index 4e4c9a00..d03a7d1f 100644
--- a/include/functions
+++ b/include/functions
@@ -193,6 +193,7 @@
CHECKFILE="$1"
if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then
PERMS="FILE_NOT_FOUND"
+ FILEVALUE=""
else
# If 'file' is an directory, use -d
if [ -d ${CHECKFILE} ]; then
@@ -208,6 +209,73 @@
################################################################################
+ # Name : HasCorrectFilePermissions()
+ # Description : Check file permissions
+ #
+ # Parameters : $1 = Full path to file or directory
+ # $2 = Permissions
+ # Returns : exit code (0 = correct, 1 = not correct)
+ ################################################################################
+
+ HasCorrectFilePermissions() {
+ if [ $# -ne 2 ]; then Fatal "Incorrect usage of HasCorrectFilePermissions"; fi
+ CHECKFILE="$1"
+ CHECKPERMISSION_FULL="$2"
+ if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then
+ return 2
+ else
+ for CHECK_PERMISSION in ${CHECKPERMISSION_FULL}; do
+ DATA=$(echo ${CHECK_PERMISSION} | ${EGREPBINARY} "[rwx]")
+ if [ $? -eq 0 ]; then
+ # add first dummy character
+ CHECK_PERMISSION=$(echo "-${CHECK_PERMISSION}" | ${AWKBINARY} '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o",k)}')
+ fi
+ LogText "Test: checking if file ${CHECKFILE} is ${CHECK_PERMISSION}"
+ if [ -n "${STATBINARY}" ]; then
+ DATA=$(${STATBINARY} --format=%a ${CHECKFILE})
+ LogText "Output: ${DATA}"
+ elif [ -n "${FINDBINARY}" ]; then
+ case ${OS} in
+ "AIX")
+ ReportException "HasCorrectFilePermissions:01" "OS not supported yet"
+ ;;
+ *)
+ # Does not work for AIX
+ DATA=$(${FINDBINARY} ${CHECKFILE} -printf "%m")
+ ;;
+ esac
+ else
+ # If 'file' is an directory, use -d
+ if [ -d ${CHECKFILE} ]; then
+ DATA=$(ls -d -l ${CHECKFILE} | cut -c 2-10)
+ else
+ DATA=$(ls -l ${CHECKFILE} | cut -c 2-10)
+ fi
+ # Convert permissions to octal
+ LogText "Converting ${DATA} to octal"
+ DATA=$(echo ${DATA} | ${AWKBINARY} '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o",k)}')
+ LogText "Output: ${DATA}"
+ fi
+
+ if [ -n "${DATA}" ]; then
+ if [ "${DATA}" = "${CHECK_PERMISSION}" ]; then
+ LogText "Outcome: correct permissions"
+ return 0
+ fi
+ else
+ ReportException "HasCorrectFilePermissions:02" "No data value found, which is unexpected"
+ fi
+ done
+
+ LogText "Did not find the permissions of file ${CHECKFILE} matching any of the ${CHECKPERMISSION_FULL} values"
+ # No match, return exit code 1
+ return 1
+ fi
+ }
+
+
+
+ ################################################################################
# Name : CheckItem()
# Description : Check if a specific item exists in the report
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 16:55:45 +0300