emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

a

Browse Source
This commit is contained in:
Emily
2026-05-11 09:15:08 +02:00
parent 9bec2b9e42
commit 404ee3fec4
641 changed files with 416825 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ATAPAuditor/Helpers/ShellScripts/RHEL9/CIS100_RHEL9_6212.sh
+16
View File
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
{
output=""
perm_mask='0027'
maxperm="$( printf '%o' $(( 0777 & ~$perm_mask)) )" valid_shells="^($( sed -rn '/^\//{s,/,\\\\/,g;p}' /etc/shells | paste -s -d '|' - ))$"
awk -v pat="$valid_shells" -F: '$(NF) ~ pat { print $1 " " $(NF-1) }' /etc/passwd | (while read -r user home; do
mode=$( stat -L -c '%#a' "$home" )
[ $(( $mode & $perm_mask )) -gt 0 ] && output="$output\n- User $user home directory: \"$home\" is too permissive: \"$mode\" (should be: \"$maxperm\" or more restrictive)"
done
if [ -n "$output" ]; then
echo -e "\n- Failed:$output"
else
echo -e "\n- Passed:\n- All user home directories are mode: \"$maxperm\" or more restrictive"
fi
)
}