forked from mirrors/linux-bench
Merge branch 'master' into patch-3
This commit is contained in:
Liz Rice
GitHub
commit
346355d273
4 changed files with 10 additions and 7 deletions
2
app.go
2
app.go
|
|
@ -51,7 +51,7 @@ func outputResults(controls *check.Controls, summary check.Summary) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Println(string(out))
|
||||
util.PrintOutput(string(out), outputFile)
|
||||
} else {
|
||||
util.PrettyPrint(controls, summary, noRemediations, includeTestOutput)
|
||||
}
|
||||
|
|
|
|||
1
cfg/1.1.0/1.1.25.sh
Normal file
1
cfg/1.1.0/1.1.25.sh
Normal file
|
|
@ -0,0 +1 @@
|
|||
df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null
|
||||
|
|
@ -564,7 +564,7 @@ groups:
|
|||
|
||||
- id: 1.1.25
|
||||
description: "Ensure sticky bit is set on all world-writable directories"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \\( -perm -0002 -a ! -perm -1000 \\) 2>/dev/null"
|
||||
audit: "./1.1.25.sh"
|
||||
tests:
|
||||
test_items:
|
||||
- flag: ""
|
||||
|
|
@ -7824,7 +7824,7 @@ groups:
|
|||
|
||||
- id: 6.1.10.a
|
||||
description: "Ensure no world writable files exist"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 | head -n 100"
|
||||
tests:
|
||||
test_items:
|
||||
- flag: ""
|
||||
|
|
@ -7846,7 +7846,7 @@ groups:
|
|||
|
||||
- id: 6.1.11.a
|
||||
description: "Ensure no unowned files or directories exist"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser | head -n 100"
|
||||
tests:
|
||||
test_items:
|
||||
- flag: ""
|
||||
|
|
@ -7868,7 +7868,7 @@ groups:
|
|||
|
||||
- id: 6.1.12.a
|
||||
description: "Ensure no ungrouped files or directories exist"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup | head -n 100"
|
||||
tests:
|
||||
test_items:
|
||||
- flag: ""
|
||||
|
|
@ -7890,7 +7890,7 @@ groups:
|
|||
|
||||
- id: 6.1.13.a
|
||||
description: "Audit SUID executables"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 | head -n 100"
|
||||
type: manual
|
||||
tests:
|
||||
test_items:
|
||||
|
|
@ -7913,7 +7913,7 @@ groups:
|
|||
|
||||
- id: 6.1.14.a
|
||||
description: "Audit SGID executables"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000"
|
||||
audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 | head -n 100"
|
||||
type: manual
|
||||
tests:
|
||||
test_items:
|
||||
|
|
|
|||
2
root.go
2
root.go
|
|
@ -35,6 +35,7 @@ var (
|
|||
checkList string
|
||||
jsonFmt bool
|
||||
includeTestOutput bool
|
||||
outputFile string
|
||||
)
|
||||
|
||||
// RootCmd represents the base command when called without any subcommands
|
||||
|
|
@ -74,6 +75,7 @@ func init() {
|
|||
RootCmd.Flags().StringVarP(&cfgDir, "config-dir", "D", "cfg", "directory to get benchmark definitions")
|
||||
RootCmd.PersistentFlags().BoolVar(&jsonFmt, "json", false, "Prints the results as JSON")
|
||||
RootCmd.PersistentFlags().BoolVar(&includeTestOutput, "include-test-output", false, "Prints the test's output")
|
||||
RootCmd.PersistentFlags().StringVar(&outputFile, "outputfile", "", "Writes the JSON results to output file")
|
||||
RootCmd.PersistentFlags().StringVarP(
|
||||
&checkList,
|
||||
"check",
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue