mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-01-24 18:15:32 +07:00
fix permission-hardener config parsing issue
This commit is contained in:
Patrick Schleizer
parent
65e3c14643
commit
017ae18ad7
@ -18,6 +18,7 @@ set -o pipefail
|
|||||||
|
|
||||||
exit_code=0
|
exit_code=0
|
||||||
|
|
||||||
|
mkdir -p /var/lib/permission-hardening/private
|
||||||
mkdir -p /var/lib/permission-hardening/existing_mode
|
mkdir -p /var/lib/permission-hardening/existing_mode
|
||||||
mkdir -p /var/lib/permission-hardening/new_mode
|
mkdir -p /var/lib/permission-hardening/new_mode
|
||||||
dpkg_admindir_parameter_existing_mode="--admindir /var/lib/permission-hardening/existing_mode"
|
dpkg_admindir_parameter_existing_mode="--admindir /var/lib/permission-hardening/existing_mode"
|
||||||
@ -273,12 +274,11 @@ set_file_perms() {
|
|||||||
exit "$exit_code"
|
exit "$exit_code"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "line: '$line'"
|
## Debugging.
|
||||||
echo "fso: '$fso'"
|
#echo "line: '$line'"
|
||||||
echo "mode_from_config: '$mode_from_config'"
|
#echo "fso: '$fso'"
|
||||||
echo "owner_from_config: '$owner_from_config'"
|
#echo "mode_from_config: '$mode_from_config'"
|
||||||
|
#echo "owner_from_config: '$owner_from_config'"
|
||||||
|
|
||||||
|
|
||||||
local fso_without_trailing_slash
|
local fso_without_trailing_slash
|
||||||
fso_without_trailing_slash="${fso%/}"
|
fso_without_trailing_slash="${fso%/}"
|
||||||
@ -469,16 +469,20 @@ echo "owner_from_config: '$owner_from_config'"
|
|||||||
}
|
}
|
||||||
|
|
||||||
parse_config_folder() {
|
parse_config_folder() {
|
||||||
|
local passwd_file_contents_temp
|
||||||
# Query contents of password and group databases only once and buffer them
|
# Query contents of password and group databases only once and buffer them
|
||||||
#
|
#
|
||||||
# If we don't buffer we sometimes get incorrect results when checking for entries using
|
# If we don't buffer we sometimes get incorrect results when checking for entries using
|
||||||
# 'if getent passwd | grep -q '^root:'; ...' since 'grep' exits after the first match in
|
# 'if getent passwd | grep -q '^root:'; ...' since 'grep' exits after the first match in
|
||||||
# this case causing 'getent' to receive SIGPIPE, which then fails the pipeline since
|
# this case causing 'getent' to receive SIGPIPE, which then fails the pipeline since
|
||||||
# 'set -o pipefail' is set for this script.
|
# 'set -o pipefail' is set for this script.
|
||||||
passwd_file_contents=$(getent passwd)
|
passwd_file_contents_temp=$(getent passwd)
|
||||||
passwd_file_contents=$(echo "$passwd_file_contents")
|
echo "$passwd_file_contents_temp" | tee /var/lib/permission-hardening/private/passwd >/dev/null
|
||||||
group_file_contents=$(getent group)
|
group_file_contents_temp=$(getent group)
|
||||||
group_file_contents=$(echo "$group_file_contents")
|
echo "$group_file_contents_temp" | tee /var/lib/permission-hardening/private/group >/dev/null
|
||||||
|
|
||||||
|
passwd_file_contents=$(cat /var/lib/permission-hardening/private/passwd)
|
||||||
|
group_file_contents=$(cat /var/lib/permission-hardening/private/group)
|
||||||
|
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
for config_file in /etc/permission-hardening.d/*.conf /usr/local/etc/permission-hardening.d/*.conf; do
|
for config_file in /etc/permission-hardening.d/*.conf /usr/local/etc/permission-hardening.d/*.conf; do
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user