From 14fd7dabc8537922543147d280158cab5735ef3e Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Fri, 4 Feb 2022 13:41:31 +0100 Subject: [KRNL-5820] additional path for security/limits.conf Changes the user facing output to display a full path, allowing the user to better grasp which security/limits.conf file is affected. fix issue #1264 --- include/tests_kernel | 103 +++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 49 deletions(-) diff --git a/include/tests_kernel b/include/tests_kernel index c1977985..52d72f8f 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -532,62 +532,67 @@ fi fi # Limits option - LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf" - if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then - LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists" - LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" - # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. - FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) - FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) - FIND3=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) + ROOTDIR_BACKUP=$ROOTDIR + for ALTERNATIVE_DIR in "/usr/" "/"; do + ROOTDIR=$ALTERNATIVE_DIR + LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf" + if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then + LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists" + LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" + # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. + FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) + FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) + FIND3=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) - # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. - if [ "${FIND3}" = "core dumps disabled" ]; then - FIND1="soft core disabled" - FIND2="hard core disabled" - elif [ "${FIND3}" = "core dumps enabled" ]; then - FIND1="soft core enabled" - FIND2="hard core enabled" - fi + # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. + if [ "${FIND3}" = "core dumps disabled" ]; then + FIND1="soft core disabled" + FIND2="hard core disabled" + elif [ "${FIND3}" = "core dumps enabled" ]; then + FIND1="soft core enabled" + FIND2="hard core enabled" + fi - IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" - IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" + IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" + IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" - if [ "${FIND2}" = "hard core disabled" ]; then - LogText "Result: core dumps are hard disabled" - Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" - if [ "${FIND1}" = "soft core disabled" ]; then - Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" + if [ "${FIND2}" = "hard core disabled" ]; then + LogText "Result: core dumps are hard disabled" + Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" + if [ "${FIND1}" = "soft core disabled" ]; then + Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" + else + Display --indent 4 --text "- 'soft' config in ${ROOTDIR}etc/security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" + fi + AddHP 3 3 + elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then + LogText "Result: core dumps (soft and hard) are enabled" + Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" + Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" + ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file" + AddHP 0 3 + elif [ "${FIND1}" = "soft core disabled" ]; then + LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})" + Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" + AddHP 2 3 + elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then + LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})" + Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + AddHP 0 3 else - Display --indent 4 --text "- 'soft' config in security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" + LogText "Result: core dumps are not explicitly disabled" + Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" + Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" + ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/security/limits.conf file" + AddHP 1 3 fi - AddHP 3 3 - elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then - LogText "Result: core dumps (soft and hard) are enabled" - Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" - Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" - ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file" - AddHP 0 3 - elif [ "${FIND1}" = "soft core disabled" ]; then - LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})" - Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" - Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" - AddHP 2 3 - elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then - LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})" - Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" - Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" - AddHP 0 3 else - LogText "Result: core dumps are not explicitly disabled" - Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" - Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" - ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/security/limits.conf file" - AddHP 1 3 + LogText "Result: file ${ROOTDIR}etc/security/limits.conf does not exist, skipping test" fi - else - LogText "Result: file ${ROOTDIR}etc/security/limits.conf does not exist, skipping test" - fi + done + ROOTDIR=$ROOTDIR_BACKUP # Sysctl option LogText "Test: Checking sysctl value of fs.suid_dumpable" -- cgit v1.2.3 From e2781677baef3508d135ff79d16927225effab7c Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 14 Mar 2022 11:48:30 +0100 Subject: [KRNL-5820] small changes to prevent using ROOTDIR and resetting it, also showing additional paths in screen output --- include/tests_kernel | 51 ++++++++++++++++++++++++--------------------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/include/tests_kernel b/include/tests_kernel index 52d72f8f..ffc5b9e0 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -520,29 +520,27 @@ AddHP 1 1 elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; then LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'" - Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_DEFAULT}" --color WHITE + Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_DEFAULT}" --color WHITE AddHP 0 1 elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlimited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configured for 'ulimit -c'" - Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_ENABLED}" --color RED + Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ENABLED}" --color RED AddHP 0 1 else LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config files. Please report on Github!" - Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_ERROR}" --color YELLOW + Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ERROR}" --color YELLOW fi fi # Limits option - ROOTDIR_BACKUP=$ROOTDIR - for ALTERNATIVE_DIR in "/usr/" "/"; do - ROOTDIR=$ALTERNATIVE_DIR - LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf" - if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then - LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists" - LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" + for DIR in "/" "/usr/"; do + LogText "Test: Checking presence ${DIR}etc/security/limits.conf" + if [ -f "${DIR}etc/security/limits.conf" ]; then + LogText "Result: file ${DIR}etc/security/limits.conf exists" + LogText "Test: Checking if core dumps are disabled in ${DIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. - FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) - FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) - FIND3=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) + FIND1=$(${FINDBINARY} "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) + FIND2=$(${FINDBINARY} "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) + FIND3=$(${FINDBINARY} "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. if [ "${FIND3}" = "core dumps disabled" ]; then @@ -558,41 +556,40 @@ if [ "${FIND2}" = "hard core disabled" ]; then LogText "Result: core dumps are hard disabled" - Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" + Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" if [ "${FIND1}" = "soft core disabled" ]; then - Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" + Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" else - Display --indent 4 --text "- 'soft' config in ${ROOTDIR}etc/security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" + Display --indent 4 --text "- 'soft' config in ${DIR}etc/security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" fi AddHP 3 3 elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then LogText "Result: core dumps (soft and hard) are enabled" - Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" - Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" + Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" + Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file" AddHP 0 3 elif [ "${FIND1}" = "soft core disabled" ]; then LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})" - Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" - Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" + Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" AddHP 2 3 elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})" - Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" - Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" + Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" AddHP 0 3 else LogText "Result: core dumps are not explicitly disabled" - Display --indent 4 --text "- 'hard' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" - Display --indent 4 --text "- 'soft' configuration in ${ROOTDIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" - ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/security/limits.conf file" + Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" + Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" + ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${DIR}etc/security/limits.conf file" AddHP 1 3 fi else - LogText "Result: file ${ROOTDIR}etc/security/limits.conf does not exist, skipping test" + LogText "Result: file ${DIR}etc/security/limits.conf does not exist, skipping test for this file" fi done - ROOTDIR=$ROOTDIR_BACKUP # Sysctl option LogText "Test: Checking sysctl value of fs.suid_dumpable" -- cgit v1.2.3 From 5cd4b239b58e53bfb7d0d9b57abaccc638c44bed Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 14 Mar 2022 11:49:41 +0100 Subject: Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ccbd452..83d058b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ - FILE-7524 - Test enhanced to support symlinks - HTTP-6643 - Support ModSecurity version 2 and 3 - KRNL-5788 - Only run relevant tests and improved logging +- KRNL-5820 - Additional path for security/limits.conf - KRNL-5830 - Check for /var/run/needs_restarting (Slackware) - KRNL-5830 - Add a presence check for /boot/vmlinuz - PRNT-2308 - Bugfix that prevented test from storing values correctly -- cgit v1.2.3