Attachment 3954 Details for Bug 2808 – home_dirs bash script - major changes in this test

[patch] home_dirs bash script - major changes in this test

home_dirs.sh (text/plain), 2.86 KB, created by George Mitchell on 2013-05-13 06:44:10 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: George Mitchell

Created: 2013-05-13 06:44:10 CEST

Size: 2.86 KB

patch

obsolete

>#!/usr/bin/env bash
>#
># Copyright (C) 2008 Red Hat, Inc.
># Written by Daniel Kopecek <dkopecek@redhat.com>
>#
># Modified by George Mitchell <george@chinilu.com> 05-12-13
># Removed history tracking part of test, will leave that stuff to more appropriate apps
># Removed test for GID 0 user acct as it duplicated another test_exit
># Made test for readable and/or accessable home directories optional
>#
>
>if (( ${DEBUG} == 1 ))
>then 
>. "${TESTS_DIRS}/bash_defs_debug.sh" 
>else
>. "${TESTS_DIRS}/bash_defs.sh"
>fi
>
>const ID_NOHOMEDIR=1
>const ID_DIFFOWNER=2
>const ID_DIRWORLDWR=3
>const ID_DIRGROUPWR=4
>const ID_MOREROOTUIDS=5
>const ID_ATTRDIRCHANGE=6
>const ID_UNKNOWNDIR=7
>const ID_DIFFOWNERGID=8
>const ID_UNKNOWNDIR=9
>const ID_DIRWORLDEX=10
>const ID_DIRWORLDRD=11
>
>var home_dirs=""
>
>
>########################################################
>
>
># Parse passwd file line by line
>
>while read line
>do
>    eval "$(sed -n "s|^$[^\`\$:;]\+$:[^\`$:;]\+:$[0-9]\+$:$[0-9]\+$:[^\`$:;]*:$[^\`$:;]\+$:$[^\`$:;]*$$|user=\"\1\" uid=\2 gid=\3 home=\"\4\" shell=\"\5\"|p" <<<"${line}")"
>
>
># Check Ordinary Users Home Directory Permissions
>    
>    if canLogIn ${user}
>    then
>
>	report 'INFO' "Checking home directory of user \"${user}\""
>		
>	if [[ -d "${home}" ]]
>	then
>
>	    eval `stat -c 'perm="%a" owner_uid="%u" owner_gid="%g"' "${home}"`
>
>	    if (( owner_uid != uid ))
>	    then
>		report 'ERROR' $ID_DIFFOWNER "Home directory of user \"${user}\" has wrong uid: ${owner_uid}. Expected uid is ${uid}."
>	    fi
>
>	    if (( owner_gid != gid ))
>	    then
>		report 'WARNING' $ID_DIFFOWNERGID "Home directory of user \"${user}\" has wrong gid: ${owner_gid}. Expected gid is ${gid}."
>	    fi
>
>	    if (( 8#$perm & 8#00002 ))
>	    then
>		report 'ERROR' $ID_DIRWORLDWR "Home directory of user \"${user}\" is world-writable."
>	    fi
>
>	    if (( 8#$perm & 8#00020 ))
>	    then
>		report 'WARNING' $ID_DIRGROUPWR "Home directory of user \"${user}\" is group-writable."
>	    fi
>
>	    if [[ "${WORLD_ACCESS_TEST}" -eq 1 ]]
>	    then
>		if (( 8#$perm & 8#00001 )); then
>		    report 'WARNING' $ID_DIRWORLDEX "Home directory of user \"${user}\" is world-accessible."
>		fi
>	    fi
>
>	    if [[ "${WORLD_READ_TEST}" -eq 1 ]]
>	    then
>		if (( 8#$perm & 8#00004 )); then
>		    report 'ERROR' $ID_DIRWORLDRD "Home directory of user \"${user}\" is world-readable."
>		fi
>	    fi
>
>	else
>
>	    report 'ERROR' $ID_NOHOMEDIR "Home directory of user \"${user}\" does not exist!"
>
>	fi
>
>   fi
>
># Generate list of valid home directories
>
>   if canLogIn ${user}
>   then
>	
>	home_dirs=`echo "${home_dirs}:${home}:"`
>	export home_dirs
>
>   fi
>
>done < $passwd
>
># Check for hidden home directories
>
>
>
>ls -a /home | while read home_dir
>do
>   [[ `echo "${home_dirs}" | egrep ":/home/${home_dir}:"`  ]] || [[ `echo "${HOME_DIRS_IGNORE}" | egrep ":/home/${home_dir}:"` ]] || report 'WARNING' $ID_UNKNOWNDIR "Directory \"${home_dir}\" doesn't belong to anybody."
>done
>
>test_exit ${E_OK}

#!/usr/bin/env bash
#
# Copyright (C) 2008 Red Hat, Inc.
# Written by Daniel Kopecek <dkopecek@redhat.com>
#
# Modified by George Mitchell <george@chinilu.com> 05-12-13
# Removed history tracking part of test, will leave that stuff to more appropriate apps
# Removed test for GID 0 user acct as it duplicated another test_exit
# Made test for readable and/or accessable home directories optional
#

if (( ${DEBUG} == 1 ))
then 
. "${TESTS_DIRS}/bash_defs_debug.sh" 
else
. "${TESTS_DIRS}/bash_defs.sh"
fi

const ID_NOHOMEDIR=1
const ID_DIFFOWNER=2
const ID_DIRWORLDWR=3
const ID_DIRGROUPWR=4
const ID_MOREROOTUIDS=5
const ID_ATTRDIRCHANGE=6
const ID_UNKNOWNDIR=7
const ID_DIFFOWNERGID=8
const ID_UNKNOWNDIR=9
const ID_DIRWORLDEX=10
const ID_DIRWORLDRD=11

var home_dirs=""


########################################################


# Parse passwd file line by line

while read line
do
    eval "$(sed -n "s|^\([^\`\$:;]\+\):[^\`$:;]\+:\([0-9]\+\):\([0-9]\+\):[^\`$:;]*:\([^\`$:;]\+\):\([^\`$:;]*\)$|user=\"\1\" uid=\2 gid=\3 home=\"\4\" shell=\"\5\"|p" <<<"${line}")"


# Check Ordinary Users Home Directory Permissions
    
    if canLogIn ${user}
    then

	report 'INFO' "Checking home directory of user \"${user}\""
		
	if [[ -d "${home}" ]]
	then

	    eval `stat -c 'perm="%a" owner_uid="%u" owner_gid="%g"' "${home}"`

	    if (( owner_uid != uid ))
	    then
		report 'ERROR' $ID_DIFFOWNER "Home directory of user \"${user}\" has wrong uid: ${owner_uid}. Expected uid is ${uid}."
	    fi

	    if (( owner_gid != gid ))
	    then
		report 'WARNING' $ID_DIFFOWNERGID "Home directory of user \"${user}\" has wrong gid: ${owner_gid}. Expected gid is ${gid}."
	    fi

	    if (( 8#$perm & 8#00002 ))
	    then
		report 'ERROR' $ID_DIRWORLDWR "Home directory of user \"${user}\" is world-writable."
	    fi

	    if (( 8#$perm & 8#00020 ))
	    then
		report 'WARNING' $ID_DIRGROUPWR "Home directory of user \"${user}\" is group-writable."
	    fi

	    if [[ "${WORLD_ACCESS_TEST}" -eq 1 ]]
	    then
		if (( 8#$perm & 8#00001 )); then
		    report 'WARNING' $ID_DIRWORLDEX "Home directory of user \"${user}\" is world-accessible."
		fi
	    fi

	    if [[ "${WORLD_READ_TEST}" -eq 1 ]]
	    then
		if (( 8#$perm & 8#00004 )); then
		    report 'ERROR' $ID_DIRWORLDRD "Home directory of user \"${user}\" is world-readable."
		fi
	    fi

	else

	    report 'ERROR' $ID_NOHOMEDIR "Home directory of user \"${user}\" does not exist!"

	fi

   fi

# Generate list of valid home directories

   if canLogIn ${user}
   then
	
	home_dirs=`echo "${home_dirs}:${home}:"`
	export home_dirs

   fi

done < $passwd

# Check for hidden home directories



ls -a /home | while read home_dir
do
   [[ `echo "${home_dirs}" | egrep ":/home/${home_dir}:"`  ]] || [[ `echo "${HOME_DIRS_IGNORE}" | egrep ":/home/${home_dir}:"` ]] || report 'WARNING' $ID_UNKNOWNDIR "Directory \"${home_dir}\" doesn't belong to anybody."
done

test_exit ${E_OK}

Actions: View | Diff

Attachments on bug 2808: 3920 | 3926 | 3927 | 3936 | 3937 | 3938 | 3939 | 3940 | 3941 | 3942 | 3943 | 3944 | 3946 | 3947 | 3948 | 3952 | 3953 | 3954 | 3963 | 3964