aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2005-08-12 08:07:52 +0000
committerFrederic Lepied <flepied@mandriva.com>2005-08-12 08:07:52 +0000
commitb536f754a0fd070e3ed501840456e3ae6492c6bf (patch)
tree059a900e34bf7ce7c3a697863085b5057ae0c565 /cron-sh
parent399e4cc32a7de40cc7a71aed35085b95e2b7b373 (diff)
downloadmsec-b536f754a0fd070e3ed501840456e3ae6492c6bf.tar
msec-b536f754a0fd070e3ed501840456e3ae6492c6bf.tar.gz
msec-b536f754a0fd070e3ed501840456e3ae6492c6bf.tar.bz2
msec-b536f754a0fd070e3ed501840456e3ae6492c6bf.tar.xz
msec-b536f754a0fd070e3ed501840456e3ae6492c6bf.zip
fix user or homedir with spaces in (bug #16237).
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/security_check.sh37
1 files changed, 19 insertions, 18 deletions
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 2960e23..dbcc0b2 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -62,8 +62,8 @@ if [[ ${CHECK_PERMS} == yes ]]; then
# Files that should not be owned by someone else or readable.
list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \
.pgp/secring.pgp .ssh/identity .ssh/id_dsa .ssh/id_rsa .ssh/random_seed"
-getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' |
-while read username uid homedir; do
+getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' |
+while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
for f in ${list} ; do
file="${homedir}/${f}"
@@ -94,17 +94,18 @@ list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \
.forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \
.nexrc .screenrc .ssh .ssh/config .ssh/authorized_keys .ssh/environment \
.ssh/known_hosts .ssh/rc .twmrc .xsession .xinitrc .Xdefaults"
-getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' | \
-while read username uid homedir; do
+getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \
+while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
- for f in ${list} ; do
- file=${homedir}/${f}
- if [[ -f ${file} ]] ; then
- printf "${uid} ${username} ${file} `ls -LldcGn ${file}`\n"
- fi
+ for f in ${list} ; do
+ file="${homedir}/${f}"
+ if [[ -f "${file}" ]] ; then
+ res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'`
+ printf "${uid}:${username}:${file}:${res}\n"
+ fi
done
fi
-done | awk '$1 != $6 && $6 != "0" \
+done | awk -F: '$1 != $6 && $6 != "0" \
{ print "\t\t- " $3 " : file is owned by uid " $6 "." }
$4 ~ /^.....w/ \
{ print "\t\t- " $3 " : file is group writable." }
@@ -117,17 +118,17 @@ if [[ -s ${TMP} ]]; then
fi
### Check home directories. Directories should not be owned by someone else or writable.
-getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' | \
-while read username uid homedir; do
+getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \
+while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
- if [[ -d ${homedir} ]] ; then
- realuid=`ls -LldGn ${homedir}| awk '{ print $3 }'`
- realuser=`ls -LldG ${homedir}| awk '{ print $3 }'`
- permissions=`ls -LldG ${homedir}| awk '{ print $1 }'`
- printf "${permissions} ${username} (${uid}) ${realuser} (${realuid})\n"
+ if [[ -d "${homedir}" ]] ; then
+ realuid=`ls -LldGn "${homedir}"| awk '{ print $3 }'`
+ realuser=`ls -LldG "${homedir}"| awk '{ print $3 }'`
+ permissions=`ls -LldG "${homedir}"| awk '{ print $1 }'`
+ printf "${permissions}:${username}:(${uid}):${realuser}:(${realuid})\n"
fi
fi
-done | awk '$3 != $5 && $5 != "(0)" \
+done | awk -F: '$3 != $5 && $5 != "(0)" \
{ print "user=" $2 $3 " : home directory is owned by " $4 $5 "." }
$1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" \
{ print "user=" $2 $3" : home directory is group writable." }