1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
|
{{#
Macro to help finding files in the system, uses the unix program 'find' to look for files
and directories. Returns pass if it finds no files matching the find criteria. If it finds
files then it returns fail.
:param find_parameters: Parameters that will be passed to the find command
:param fail_message: Message printed to the output when the test fails
:param exclude_directories: List of directories to be excluded from the search using regex format, e.g.: 'sysroot|boot', this will exclude both /sysroot and /boot directories.
:param skip_rpm_owned_files: Check if files are owned by an rpm package and ignores it. Useful in cases when check SUID and SGID.
:param find_type: Find type, either file or directory. options: '-type f' or '-type d'
#}}
{{% macro find_command(find_parameters, fail_message, exclude_directories="", skip_rpm_owned_files=False, find_type="-type f") %}}
#!/bin/bash
# Get filesystems mounted with 'nodev' option
filter_nodev=$(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,)
# Find all mounted partitions, excluding those with 'nodev'
readarray -t partitions < <(findmnt -n -l -k -it "${filter_nodev}" | awk '{ print $1 }')
# Ensure /tmp is also checked when tmpfs is used.
if grep -Pq "^tmpfs\\h+/tmp" /proc/mounts; then
partitions+=("/tmp")
fi
unauthorized_files=()
# Loop through each partition and find files based on provided type and permissions
for partition in "${partitions[@]}"; do
while IFS= read -r file; do
{{%- if skip_rpm_owned_files %}}
# Skip files that belong to an RPM package
if ! rpm -qf --quiet "$file"; then
{{%- endif %}}
unauthorized_files+=("$file")
{{%- if skip_rpm_owned_files %}}
fi
{{%- endif %}}
done < <(find "${partition}" -xdev {{{ find_type }}} {{{ find_parameters }}} {{{ '| grep -Ev "^/('~exclude_directories~')/"' if exclude_directories }}})
done
if (( ${#unauthorized_files[@]} > 0 )); then
echo "{{{ fail_message }}}:"
printf '%s\n' "${unauthorized_files[@]}"
exit "${XCCDF_RESULT_FAIL}"
fi
exit "${XCCDF_RESULT_PASS}"
{{% endmacro %}}
{{#
Macro to help finding files in the system, uses the unix program 'find'.
Returns pass if it finds no files matching the find criteria. If it finds
files then it returns fail.
:param find_parameters: Parameters that will be passed to the find command
:param fail_message: Message printed to the output when the test fails
:param exclude_directories: List of directories to be excluded from the search using regex format, e.g.: 'sysroot|boot', this will exclude both /sysroot and /boot directories.
:param skip_rpm_owned_files: Check if files are owned by an rpm package and ignores it. Useful in cases when check SUID and SGID.
#}}
{{% macro find_files(find_parameters, fail_message, exclude_directories="", skip_rpm_owned_files=False) %}}
{{{ find_command(find_parameters, fail_message, exclude_directories, skip_rpm_owned_files, find_type="-type f") }}}
{{% endmacro %}}
{{#
Macro to help finding directories in the system, uses the unix program 'find'.
Returns pass if it finds no directories matching the find criteria. If it finds
directories then it returns fail.
:param find_parameters: Parameters that will be passed to the find command
:param fail_message: Message printed to the output when the test fails
:param exclude_directories: List of directories to be excluded from the search using regex format, e.g.: 'sysroot|boot', this will exclude both /sysroot and /boot directories.
:param skip_rpm_owned_files: Check if files are owned by an rpm package and ignores it. Useful in cases when check SUID and SGID.
#}}
{{% macro find_directories(find_parameters, fail_message, exclude_directories="", skip_rpm_owned_files=False) %}}
{{{ find_command(find_parameters, fail_message, exclude_directories, skip_rpm_owned_files, find_type="-type d") }}}
{{% endmacro %}}
|