LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 07-03-2020, 01:07 AM   #1
z_haseeb
Member
 
Registered: Jun 2008
Posts: 118

Rep: Reputation: 1
Unable to run a script of CIS (6.2.8)


I have few script of CIS which are unable to work. One script is a reference.

ls -l 6.2.8
-rwxrwxrwx 1 root root 818 Jul 2 23:48 6.2.8

Quote:
cat 6.2.8
#!/bin/bash

cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user
dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
dirperm=`ls -ld $dir | cut -f1 -d" "`
if [ `echo $dirperm | cut -c6` != "-" ]; then
echo "Group Write permission set on the home directory ($dir) of user
$user"
fi
if [ `echo $dirperm | cut -c8` != "-" ]; then
echo "Other Read permission set on the home directory ($dir) of user
$user"
fi
if [ `echo $dirperm | cut -c9` != "-" ]; then
echo "Other Write permission set on the home directory ($dir) of user
$user"
fi
if [ `echo $dirperm | cut -c10` != "-" ]; then
echo "Other Execute permission set on the home directory ($dir) of user
$user"
fi
fi
done
I have also tried a script from ( https://www.stigviewer.com/stig/sola...inding/V-48133 ) but that script too could not word. Below is script

Quote:
# for dir in `logins -ox |\
awk -F: '($8 == "PS") { print $6 }'`; do
find ${dir} -type d -prune \( -perm -g+w -o -perm -o+r -o -perm -o+w -o -perm -o+x \) -ls
done
 
Old 07-03-2020, 01:17 AM   #2
z_haseeb
Member
 
Registered: Jun 2008
Posts: 118

Original Poster
Rep: Reputation: 1
My problem is resolved after modifying the below line like this (kept all content in one line.)

cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
 
1 members found this post helpful.
Old 07-03-2020, 02:24 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,895
Blog Entries: 3

Rep: Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441Reputation: 2441
The use of grep is redundant in that context. You can fold that into the AWK script:

Code:
cat /etc/passwd \
| awk -F : '/^(root|halt|sync|shutdown)/ \
        && $7 != "/sbin/nologin" \
        && $7 != "/bin/false" \
            { print $1 " " $6 }' \
| while read user dir; do
. . .
Then it is quite problematic to try to parse the output from ls and stat would be a better choice. Then the $(...) syntax might be preferable to backtics. Lastly, you might save a little work using parameter expansion for the checks:

Code:
if [ ! -d "$dir" ]; then
        echo "The home directory ($dir) of user $user does not exist."
else
        dirperm=$(stat --format '%A')
        if [ ${dirperm:5:1} != "-" ]; then
                echo "Group Write permission set on the home directory ($dir) of user $user"
        fi
        if [ ${dirperm:7:1} != "-" ]; then
                echo "Other Read permission set on the home directory ($dir) of user $user"
        fi
        if [ ${dirperm:8:1} != "-" ]; then
                echo "Other Write permission set on the home directory ($dir) of user $user"
        fi
        if [ ${dirperm:9:1} != "-" ]; then
                echo "Other Execute permission set on the home directory ($dir) of user $user"
        fi
fi
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CIS Database Security Auditing SQL Script metallica1973 Linux - Security 1 12-08-2019 05:19 AM
Automated script for CIS CentOS Linux 7 Benchmark please nirvaanr Linux - Security 3 11-04-2019 06:59 AM
Solaris 10 x86 CIS security scan ghouliajoolia Solaris / OpenSolaris 5 02-11-2005 10:02 AM
Edimax Cardbus CIS problem debjan Linux - Networking 0 08-17-2003 06:54 AM
Edimax Carcbus CIS problem debjan Linux - Laptop and Netbook 0 08-17-2003 06:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration