[HRDN-7222] enhanced compiler permission test

author: Michael Boelen <michael.boelen@cisofy.com> 2018-03-04 19:52:15 +0300
committer: Michael Boelen <michael.boelen@cisofy.com> 2018-03-04 19:52:15 +0300
commit: 73a4e92a7b1689ada2fad6dc368517553c5e6683 (patch)
tree: 3cb0bac06c6869c1b716227e414c2f0bf430a8c8 /include/tests_hardening
parent: 2c9116dc0c8908b600fa9a4c6aea44a9f43db153 (diff)
1 files changed, 14 insertions, 25 deletions
diff --git a/include/tests_hardening b/include/tests_hardening
index 1ab85f94..e4b761fe 100644
--- a/include/tests_hardening
+++ b/include/tests_hardening
@@ -53,42 +53,31 @@
         if [ ${COMPILER_INSTALLED} -eq 0 ]; then
             LogText "Result: no compilers found"
         else
-            # as
-            if [ ! -z "${ASBINARY}" ]; then
-                LogText "Test: Check file permissions for as (Assembler)"
-                if IsWorldExecutable ${ASBINARY}; then
-                    LogText "Binary: found ${ASBINARY} (world executable)"
-                    Report "compiler_world_executable[]=${ASBINARY}"
-                    AddHP 2 3
-                    HARDEN_COMPILERS_NEEDED=1
-                else
-                    AddHP 3 3
+            # TODO - c89 c99 cpp ld
+            TEST_BINARIES="${ASBINARY} ${GCCBINARY}"
+            for ITEM in ${TEST_BINARIES}; do
+                FILE="${ITEM}"
+                LogText "Test: Check file permissions for ${ITEM}"
+                ShowSymlinkPath ${ITEM}
+                if [ ! -z "${SYMLINK}" ]; then
+                    FILE="${SYMLINK}"
                 fi
-            fi
-            # gcc
-            if [ ! -z "${GCCBINARY}" ]; then
-                LogText "Test: Check file permissions for GCC compiler"
-                if IsWorldExecutable ${GCCBINARY}; then
-                    LogText "Binary: found ${GCCBINARY} (world executable)"
-                    Report "compiler_world_executable[]=${GCCBINARY}"
+
+                if IsWorldExecutable ${FILE}; then
+                    LogText "Binary: found ${FILE} (world executable)"
+                    Report "compiler_world_executable[]=${FILE}"
                     AddHP 2 3
                     HARDEN_COMPILERS_NEEDED=1
                 else
                     AddHP 3 3
                 fi
-            fi
+            done
+
             # Report suggestion is one or more compilers can be better hardened
             if [ ${HARDEN_COMPILERS_NEEDED} -eq 1 ]; then
                 LogText "Result: at least one compiler could be better hardened by restricting executable access to root or group only"
                 ReportSuggestion ${TEST_NO} "Harden compilers like restricting access to root user only"
             fi
-
-            # TODO check if compilers have a specific group (like compiler, or NOT root/wheel)
-            # Display --indent 4 --text "- Installed compiler(s)" --result "${STATUS_FOUND}" --color RED
-            # /usr/bin/*cc*
-            # /usr/bin/*++*
-            # /usr/bin/ld
-            # (and 700 or 750 permissions)
         fi
     fi
 #
author	Michael Boelen <michael.boelen@cisofy.com>	2018-03-04 19:52:15 +0300
committer	Michael Boelen <michael.boelen@cisofy.com>	2018-03-04 19:52:15 +0300
commit	73a4e92a7b1689ada2fad6dc368517553c5e6683 (patch)
tree	3cb0bac06c6869c1b716227e414c2f0bf430a8c8 /include/tests_hardening
parent	2c9116dc0c8908b600fa9a4c6aea44a9f43db153 (diff)