Searching tips for bash script hardening
Does anyone know of a docu, guidline or book which explains how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far.
If someone here is willing to review a bash script for me (about 600 lines) and help me to make it as secure as possible please send me a PM. Thanks Norbert |
The tips are same: don't trust user input and double-check everything: that's the way to build a secure program.
Pastebin your script, more people will review it then. But probably, this topic more suits for "Programming" forum. |
A few more ideas. Control the environmental variables. Keep/define only environmental variables you need & clear the rest. Use full paths for commands. Explicitly indicate "builtin" before builtin commands. Handle all errors that might occur. Trap signals. For programs for services, you could root jail the service.
Look at using rbash for your script. |
Thanks for your hints. I will try to implement them. Here is the script as it is now. (The idea behind it is a Nagios plugin which does some simple security checks.)
|
Using "printf" instead of "echo" also seems to be a good idea.
Hmm, no one likes to help/review? I would pay for it. Norbert |
Quote:
Talking about the script itself, why not break out the config to /etc/nagios/? Editing conf files should definitely not be done in /usr/lib/nagios/libexec/ but where the FSSTND/LSB/FHS suggests it: /etc/ (or /usr/local/etc/). And why those checks specifically? Aren't they covered by other apps already (GNU/Tiger, Lsat, Samhain)? I'd expect file attribute changes like boot_lilogrub_imflag and file_perms to be checked by a file system integrity checker because using a made for the job tool would more versatile. Besides checks like kernel_coredumps_no, kernel_syncookieprotection_on, kernel_loaded_modules mean changes made by root so that really calls for an application with a wider scope IMHO. If Sudo was not previously installed, in what way would the user be notified of check failure? You're defining the IFS inside each function but it gets only changed in one place AFAIK, is that necessary? You're defining the IFS, which itself is good, but if you do, shouldn't you also check out setting POSIX? (Also see GNU SW and POSIXLY_CORRECT (and POSIX_ME_HARDER)). In 'function kernel_syncookieprotection_on()', if "${PAR_kernel_syncookieprotection_on}" does not exist, what value would cat return and what effect would that have on the script? In 'function file_perms()', what happens to filenames with commas in them if you 'filename=`builtin printf "%s" "$i" | cut -d"," -f1`'? Where you "# remove leading commas", couldn't you use VAL="${VAL/,/}" instead? So many questions, so little time... |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 05:54 AM. |