mirrors/linux-bench
1
0
Fork 1
mirror of https://github.com/aquasecurity/linux-bench.git synced 2025-02-22 14:15:32 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for scripts in definitions

Browse source 
Now we can run scripts in audit field, so all of the old files are no longer needed.
This commit is contained in:
yoavrotems 2020-11-22 14:01:20 +02:00
parent e79d7411c5
commit 27e347f3bb
26 changed files with 209 additions and 398 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
cfg/1.1.0/6.2.10.sh
View file

@ -1,19 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.[A-Za-z0-9]*; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=`ls -ld $file | cut -f1 -d" "`
if [ `echo $fileperm | cut -c6` != "-" ]; then
echo "Group Write permission set on file $file"
fi
if [ `echo $fileperm | cut -c9` != "-" ]; then
echo "Other Write permission set on file $file"
fi
fi
done
fi
done

11
cfg/1.1.0/6.2.11.sh
View file

@ -1,11 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
echo ".forward file $dir/.forward exists"
fi
fi
done

11
cfg/1.1.0/6.2.12.sh
View file

@ -1,11 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then
echo ".netrc file $dir/.netrc exists"
fi
fi
done

31
cfg/1.1.0/6.2.13.sh
View file

@ -1,31 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.netrc; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=`ls -ld $file | cut -f1 -d" "`
if [ `echo $fileperm | cut -c5` != "-" ]; then
echo "Group Read set on $file"
fi
if [ `echo $fileperm | cut -c6` != "-" ]; then
echo "Group Write set on $file"
fi
if [ `echo $fileperm | cut -c7` != "-" ]; then
echo "Group Execute set on $file"
fi
if [ `echo $fileperm | cut -c8` != "-" ]; then
echo "Other Read set on $file"
fi
if [ `echo $fileperm | cut -c9` != "-" ]; then
echo "Other Write set on $file"
fi
if [ `echo $fileperm | cut -c10` != "-" ]; then
echo "Other Execute set on $file"
fi
fi
done
fi
done

13
cfg/1.1.0/6.2.14.sh
View file

@ -1,13 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.rhosts; do
if [ ! -h "$file" -a -f "$file" ]; then
echo ".rhosts file in $dir"
fi
done
fi
done

8
cfg/1.1.0/6.2.15.sh
View file

@ -1,8 +0,0 @@
#!/bin/bash
for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do
grep -q -P "^.*?:[^:]*:$i:" /etc/group
if [ $? -ne 0 ]; then
echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
fi
done

9
cfg/1.1.0/6.2.16.sh
View file

@ -1,9 +0,0 @@
#!/bin/bash
cat /etc/passwd | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
[ -z "${x}" ] && break set - $x
if [ $1 -gt 1 ]; then
users=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs`
echo "Duplicate UID ($2): ${users}"
fi
done

10
cfg/1.1.0/6.2.17.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cat /etc/group | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
[ -z "${x}" ] && break
set - $x
if [ $1 -gt 1 ]; then
groups=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs`
echo "Duplicate GID ($2): ${groups}"
fi
done

10
cfg/1.1.0/6.2.18.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cat /etc/passwd | cut -f1 -d":" | sort -n | uniq -c | while read x ; do
[ -z "${x}" ] && break
set - $x
if [ $1 -gt 1 ]; then
uids=`awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs`
echo "Duplicate User Name ($2): ${uids}"
fi
done

10
cfg/1.1.0/6.2.19.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cat /etc/group | cut -f1 -d":" | sort -n | uniq -c | while read x ; do
[ -z "${x}" ] && break
set - $x
if [ $1 -gt 1 ]; then
gids=`gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs`
echo "Duplicate Group Name ($2): ${gids}"
fi
done

34
cfg/1.1.0/6.2.6.sh
View file

@ -1,34 +0,0 @@
#!/bin/bash
if [ "`echo $PATH | grep ::`" != "" ]; then
echo "Empty Directory in PATH (::)"
fi
if [ "`echo $PATH | grep :$`" != "" ]; then
echo "Trailing : in PATH"
fi
p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'`
set -- $p
while [ "$1" != "" ]; do
if [ "$1" = "." ]; then
echo "PATH contains ."
shift
continue
fi
if [ -d $1 ]; then
dirperm=`ls -ldH $1 | cut -f1 -d" "`
if [ `echo $dirperm | cut -c6` != "-" ]; then
echo "Group Write permission set on directory $1"
fi
if [ `echo $dirperm | cut -c9` != "-" ]; then
echo "Other Write permission set on directory $1"
fi
dirown=`ls -ldH $1 | awk '{print $3}'`
if [ "$dirown" != "root" ] ; then
echo $1 is not owned by root
fi
else
echo $1 is not a directory
fi
shift
done

7
cfg/1.1.0/6.2.7.sh
View file

@ -1,7 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
fi
done

24
cfg/1.1.0/6.2.8.sh
View file

@ -1,24 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 !=
"/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user
dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
dirperm=`ls -ld $dir | cut -f1 -d" "`
if [ `echo $dirperm | cut -c6` != "-" ]; then
echo "Group Write permission set on the home directory ($dir) of user $user"
fi
if [ `echo $dirperm | cut -c8` != "-" ]; then
echo "Other Read permission set on the home directory ($dir) of user $user"
fi
if [ `echo $dirperm | cut -c9` != "-" ]; then
echo "Other Write permission set on the home directory ($dir) of user $user"
fi
if [ `echo $dirperm | cut -c10` != "-" ]; then
echo "Other Execute permission set on the home directory ($dir) of user $user"
fi
fi
done

12
cfg/1.1.0/6.2.9.sh
View file

@ -1,12 +0,0 @@
#!/bin/bash
cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
owner=$(stat -L -c "%U" "$dir")
if [ "$owner" != "$user" ]; then
echo "The home directory ($dir) of user $user is owned by $owner."
fi
fi
done

223
cfg/1.1.0/definitions.yaml
View file

@ -8419,7 +8419,40 @@ groups:
- id: 6.2.6
description: "Ensure root PATH Integrity"
audit: "./6.2.6.sh"
audit: |
#!/bin/bash
if [ "$(echo "$PATH" | grep ::)" != "" ]; then
echo "Empty Directory in PATH (::)"
fi
if [ "$(echo "$PATH" | grep :$)" != "" ]; then
echo "Trailing : in PATH"
fi
p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g')
set -- $p
while [ "$1" != "" ]; do
if [ "$1" = "." ]; then
shift
continue
fi
if [ -d "$1" ]; then
dirperm=$(ls -ldH "$1" | cut -f1 -d" ")
if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
echo "Group Write permission set on directory $1"
fi
if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
echo "Other Write permission set on directory $1"
fi
dirown=$(ls -ldH "$1" | awk '{print $3}')
if [ "$dirown" != "root" ] ; then
echo "$1 is not owned by root"
fi
else
echo "$1 is not a directory"
fi
shift
done
tests:
test_items:
- flag: ""
@ -8434,7 +8467,14 @@ groups:
- id: 6.2.7
description: "Ensure all users' home directories exist"
audit: "./6.2.7.sh"
audit: |
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' |
while read -r user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
fi
done
tests:
test_items:
- flag: ""
@ -8448,7 +8488,28 @@ groups:
- id: 6.2.8
description: "Ensure users' home directories permissions are 750 or more restrictive"
audit: "./6.2.8.sh"
audit: |
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' |
while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
dirperm=$(ls -ld $dir | cut -f1 -d" ")
if [ $(echo $dirperm | cut -c6) != "-" ]; then
echo "Group Write permission set on the home directory ($dir) of user $user"
fi
if [ $(echo $dirperm | cut -c8) != "-" ]; then
echo "Other Read permission set on the home directory ($dir) of user $user"
fi
if [ $(echo $dirperm | cut -c9) != "-" ]; then
echo "Other Write permission set on the home directory ($dir) of user $user"
fi
if [ $(echo $dirperm | cut -c10) != "-" ]; then
echo "Other Execute permission set on the home directory ($dir) of user $user"
fi
fi
done
tests:
test_items:
- flag: ""
@ -8462,7 +8523,18 @@ groups:
- id: 6.2.9
description: "Ensure users own their home directories"
audit: "./6.2.9.sh"
audit: |
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
owner=$(stat -L -c "%U" "$dir")
if [ "$owner" != "$user" ]; then
echo "The home directory ($dir) of user $user is owned by $owner."
fi
fi
done
tests:
test_items:
- flag: ""
@ -8477,7 +8549,25 @@ groups:
- id: 6.2.10
description: "Ensure users' dot files are not group or world writable"
audit: "./6.2.10.sh"
audit: |
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.[A-Za-z0-9]*; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=$(ls -ld $file | cut -f1 -d" ")
if [ $(echo $fileperm | cut -c6) != "-" ]; then
echo "Group Write permission set on file $file"
fi
if [ $(echo $fileperm | cut -c9) != "-" ]; then
echo "Other Write permission set on file $file"
fi
fi
done
fi
done
tests:
test_items:
- flag: ""
@ -8491,7 +8581,17 @@ groups:
- id: 6.2.11
description: "Ensure no users have .forward files"
audit: "./6.2.11.sh"
audit: |
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
echo ".forward file $dir/.forward exists"
fi
fi
done
tests:
test_items:
- flag: ""
@ -8506,7 +8606,17 @@ groups:
- id: 6.2.12
description: "Ensure no users have .netrc files"
audit: "./6.2.12.sh"
audit: |
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then
echo ".netrc file $dir/.netrc exists"
fi
fi
done
tests:
test_items:
- flag: ""
@ -8520,7 +8630,37 @@ groups:
- id: 6.2.13
description: "Ensure users' .netrc Files are not group or world accessible"
audit: "./6.2.13.sh"
audit: |
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.netrc; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=$(ls -ld $file | cut -f1 -d" ")
if [ $(echo $fileperm | cut -c5) != "-" ]; then
echo "Group Read set on $file"
fi
if [ $(echo $fileperm | cut -c6) != "-" ]; then
echo "Group Write set on $file"
fi
if [ $(echo $fileperm | cut -c7) != "-" ]; then
echo "Group Execute set on $file"
fi
if [ $(echo $fileperm | cut -c8) != "-" ]; then
echo "Other Read set on $file"
fi
if [ $(echo $fileperm | cut -c9) != "-" ]; then
echo "Other Write set on $file"
fi
if [ $(echo $fileperm | cut -c10) != "-" ]; then
echo "Other Execute set on $file"
fi
fi
done
fi
done
tests:
test_items:
- flag: ""
@ -8534,7 +8674,19 @@ groups:
- id: 6.2.14
description: "Ensure no users have .rhosts files"
audit: "./6.2.14.sh"
audit: |
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.rhosts; do
if [ ! -h "$file" -a -f "$file" ]; then
echo ".rhosts file in $dir"
fi
done
fi
done
tests:
test_items:
- flag: ""
@ -8548,7 +8700,14 @@ groups:
- id: 6.2.15
description: "Ensure all groups in /etc/passwd exist in /etc/group"
audit: "./6.2.15.sh"
audit: |
#!/bin/bash
for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do
grep -q -P "^.*?:[^:]*:$i:" /etc/group
if [ $? -ne 0 ]; then
echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
fi
done
tests:
test_items:
- flag: ""
@ -8562,7 +8721,16 @@ groups:
- id: 6.2.16
description: "Ensure no duplicate UIDs exist"
audit: "./6.2.16.sh"
audit: |
#!/bin/bash
cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs)
echo "Duplicate UID ($2): $users"
fi
done
tests:
test_items:
- flag: ""
@ -8576,7 +8744,16 @@ groups:
- id: 6.2.17
description: "Ensure no duplicate GIDs exist"
audit: "./6.2.17.sh"
audit: |
#!/bin/bash
cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs)
echo "Duplicate GID ($2): $groups"
fi
done
tests:
test_items:
- flag: ""
@ -8590,7 +8767,16 @@ groups:
- id: 6.2.18
description: "Ensure no duplicate user names exist"
audit: "./6.2.18.sh"
audit: |
#!/bin/bash
cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs)
echo "Duplicate User Name ($2): $uids"
fi
done
tests:
test_items:
- flag: ""
@ -8605,7 +8791,16 @@ groups:
- id: 6.2.19
description: "Ensure no duplicate group names exist"
audit: "./6.2.19.sh"
audit: |
#!/bin/bash
cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs)
echo "Duplicate Group Name ($2): $gids"
fi
done
tests:
test_items:
- flag: ""

21
cfg/2.0.0/6.2.10.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which
nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user
dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.[A-Za-z0-9]*; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=$(ls -ld $file | cut -f1 -d" ")
if [ $(echo $fileperm | cut -c6) != "-" ]; then
echo "Group Write permission set on file $file"
fi
if [ $(echo $fileperm | cut -c9) != "-" ]; then
echo "Other Write permission set on file $file"
fi
fi
done
fi
done

13
cfg/2.0.0/6.2.11.sh
View file

@ -1,13 +0,0 @@
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 !=
"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
echo ".forward file $dir/.forward exists"
fi
fi
done

13
cfg/2.0.0/6.2.12.sh
View file

@ -1,13 +0,0 @@
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 !=
"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then
echo ".netrc file $dir/.netrc exists"
fi
fi
done

33
cfg/2.0.0/6.2.13.sh
View file

@ -1,33 +0,0 @@
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 !=
"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.netrc; do
if [ ! -h "$file" -a -f "$file" ]; then
fileperm=$(ls -ld $file | cut -f1 -d" ")
if [ $(echo $fileperm | cut -c5) != "-" ]; then
echo "Group Read set on $file"
fi
if [ $(echo $fileperm | cut -c6) != "-" ]; then
echo "Group Write set on $file"
fi
if [ $(echo $fileperm | cut -c7) != "-" ]; then
echo "Group Execute set on $file"
fi
if [ $(echo $fileperm | cut -c8) != "-" ]; then
echo "Other Read set on $file"
fi
if [ $(echo $fileperm | cut -c9) != "-" ]; then
echo "Other Write set on $file"
fi
if [ $(echo $fileperm | cut -c10) != "-" ]; then
echo "Other Execute set on $file"
fi
fi
done
fi
done

15
cfg/2.0.0/6.2.14.sh
View file

@ -1,15 +0,0 @@
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 !=
"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
for file in $dir/.rhosts; do
if [ ! -h "$file" -a -f "$file" ]; then
echo ".rhosts file in $dir"
fi
done
fi
done

8
cfg/2.0.0/6.2.15.sh
View file

@ -1,8 +0,0 @@
#!/bin/bash
for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do
grep -q -P "^.*?:[^:]*:$i:" /etc/group
if [ $? -ne 0 ]; then
echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
fi
done

10
cfg/2.0.0/6.2.16.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs)
echo "Duplicate UID ($2): $users"
fi
done

10
cfg/2.0.0/6.2.17.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs)
echo "Duplicate GID ($2): $groups"
fi
done

10
cfg/2.0.0/6.2.18.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs)
echo "Duplicate User Name ($2): $uids"
fi
done

10
cfg/2.0.0/6.2.19.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs)
echo "Duplicate Group Name ($2): $gids"
fi
done

32
cfg/2.0.0/6.2.6.sh
View file

@ -1,32 +0,0 @@
#!/bin/bash
if [ "$(echo "$PATH" | grep ::)" != "" ]; then
echo "Empty Directory in PATH (::)"
fi
if [ "$(echo "$PATH" | grep :$)" != "" ]; then
echo "Trailing : in PATH"
fi
p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g')
set -- $p
while [ "$1" != "" ]; do
if [ "$1" = "." ]; then
shift
continue
fi
if [ -d "$1" ]; then
dirperm=$(ls -ldH "$1" | cut -f1 -d" ")
if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then
echo "Group Write permission set on directory $1"
fi
if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then
echo "Other Write permission set on directory $1"
fi dirown=$(ls -ldH "$1" | awk '{print $3}')
if [ "$dirown" != "root" ] ; then
echo "$1 is not owned by root"
fi
else
echo "$1 is not a directory"
fi
shift
done