diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2019-08-17 17:49:11 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-08-17 17:49:11 +0300 |
commit | 3407a1dbe6c1498386f6bfa5ff8f1706e8fbdf9e (patch) | |
tree | f7e850b15d151527959a795a8493231473f7ed9b /include/tests_file_permissions | |
parent | 0a3f42afbc3b4c325e99696e91b30bcd54001930 (diff) |
[FILE-7524] optimized test with new function and changed warning to suggestion
Diffstat (limited to 'include/tests_file_permissions')
-rw-r--r-- | include/tests_file_permissions | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/include/tests_file_permissions b/include/tests_file_permissions index 108b830e..35e28753 100644 --- a/include/tests_file_permissions +++ b/include/tests_file_permissions @@ -32,27 +32,37 @@ if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Starting file permissions check" LogText "Test: Checking file permissions" + FOUND=0 for PROFILE in ${PROFILES}; do LogText "Using profile ${PROFILE} for baseline." - FIND=$(${EGREPBINARY} '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1) - for I in ${FIND}; do - LogText "Checking ${I}" - CheckFilePermissions "${I}" - LogText " Expected permissions: ${PROFILEVALUE}" - LogText " Actual permissions: ${FILEVALUE}" - LogText " Result: $PERMS" - if [ "${PERMS}" = "FILE_NOT_FOUND" ]; then - if IsVerbose; then Display --indent 4 --text "${I}" --result "${STATUS_NOT_FOUND}" --color WHITE; fi - elif [ "${PERMS}" = "OK" ]; then - Display --indent 4 --text "${I}" --result "${STATUS_OK}" --color GREEN - elif [ "${PERMS}" = "BAD" ]; then - Display --indent 4 --text "${I}" --result "${STATUS_WARNING}" --color RED - ReportWarning ${TEST_NO} "Incorrect permissions for file ${I}" + FILES=$(${EGREPBINARY} '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1) + for F in ${FILES}; do + LogText "Test: checking file/directory ${F}" + if [ -f "${F}" ]; then + PERMS=$(${GREPBINARY} '^permfile=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2) + if HasCorrectFilePermissions "${F}" "${PERMS}"; then + Display --indent 4 --text "File: ${F}" --result "${STATUS_OK}" --color GREEN + else + Display --indent 4 --text "File: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW + FOUND=1 + fi + elif [ -d "${F}" ]; then + PERMS=$(${GREPBINARY} '^permdir=' ${PROFILE} | ${GREPBINARY} "=${F}:" | ${CUTBINARY} -d: -f2) + if HasCorrectFilePermissions "${F}" "${PERMS}"; then + Display --indent 4 --text "Directory: ${F}" --result "${STATUS_OK}" --color GREEN + else + Display --indent 4 --text "Directory: ${F}" --result "${STATUS_SUGGESTION}" --color YELLOW + FOUND=1 + fi else - LogText "UNKNOWN status for file" + if IsVerbose; then Display --indent 4 --text "${F}" --result "${STATUS_NOT_FOUND}" --color WHITE; fi + LogText "Skipping file/directory ${F} as it does not exist on this system" fi done done + if [ ${FOUND} -eq 1 ]; then + ReportSuggestion "${TEST_NO}" "Consider restricting file permissions" "See screen output or log file" "text:Use chmod to change file permissions" + fi fi # ################################################################################# |