Extended permissions check for functions and consts file

1 files changed, 12 insertions, 7 deletions

diff --git a/lynis b/lynis
index 0384080d..2a797ff3 100755
--- a/lynis
+++ b/lynis
@@ -91,22 +91,27 @@
     PERMS2=`ls -l ${INCLUDEDIR}/functions | cut -c 2-10`
     OWNER=`ls -l ${INCLUDEDIR}/consts | awk -F" " '{ print $3 }'`
     OWNER2=`ls -l ${INCLUDEDIR}/functions | awk -F" " '{ print $3 }'`
+    OWNERID=`ls -n ${INCLUDEDIR}/consts | awk -F" " '{ print $3 }'`
+    OWNER2ID=`ls -n ${INCLUDEDIR}/functions | awk -F" " '{ print $3 }'`
+
     ISSUE=0
     # Check permissions of include/consts file
     if [ ! "${PERMS}" = "r--------" -a ! "${PERMS}" = "rw-------" ]; then
-        ISSUE=1
-        echo "[!] Change file permissions of ${INCLUDEDIR}/consts to 600"
+        ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/consts to 600."
     fi
     # Check permissions of include/functions file
     if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then
-        ISSUE=1
-        echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600"
+        ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600."
+    fi
+    # Check if owner of both files is root user
+    if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" ]; then
+        ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/consts to 'root' or similar (found: ${OWNER} with UID ${OWNERID})."
     fi
     # Check if owner of both files is root user
-    if [ ! "${OWNER}" = "root" -o ! "${OWNER2}" = "root" ]; then
-        ISSUE=1
-        echo "[!] Change ownership of ${INCLUDEDIR}/consts and ${INCLUDEDIR}/functions to 'root'"
+    if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" ]; then
+        ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/functions to 'root' or similar (found: ${OWNER2} with UID ${OWNER2ID})."
     fi
+
     if [ ${ISSUE} -eq 0 ]; then
         . ${INCLUDEDIR}/consts
         . ${INCLUDEDIR}/functions