A colleague found during testing, that the find command for checking/fixing group or world writeable files in library directories had the -perm flag set as -022 (all bits set) instead of /022 (any bits set). I updated RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this patch to update the fix content.
I can't push this patch so if its approved, so if someone that could, doesn't mind it's appreciated.
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
Signed-off-by: Jeb Trayer jeb.d.trayer@uscg.mil --- .../fixes/bash/file_permissions_library_dirs.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh index 263612f..7de0740 100644 --- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh +++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh @@ -1,4 +1,4 @@ DIRS="/lib /lib64 /usr/lib /usr/lib64" for dirPath in $DIRS; do - find $dirPath -perm -022 -type f -exec chmod go-w '{}' ; + find $dirPath -perm /022 -type f -exec chmod go-w '{}' ; done
Good morning all! I sent this out last week, I know it was a holiday week and everyone is probably still catching up on emails but wanted to make sure this didn't fall through the cracks if someone gets a chance to look at it.
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Trayer, Jeb D CTR Sent: Tuesday, November 26, 2013 10:49 AM To: scap-security-guide@lists.fedorahosted.org Subject: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
A colleague found during testing, that the find command for checking/fixing group or world writeable files in library directories had the -perm flag set as -022 (all bits set) instead of /022 (any bits set). I updated RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this patch to update the fix content.
I can't push this patch so if its approved, so if someone that could, doesn't mind it's appreciated.
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
Signed-off-by: Jeb Trayer jeb.d.trayer@uscg.mil --- .../fixes/bash/file_permissions_library_dirs.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh index 263612f..7de0740 100644 --- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh +++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh @@ -1,4 +1,4 @@ DIRS="/lib /lib64 /usr/lib /usr/lib64" for dirPath in $DIRS; do - find $dirPath -perm -022 -type f -exec chmod go-w '{}' ; + find $dirPath -perm /022 -type f -exec chmod go-w '{}' ; done
Hello Jeb,
sorry for the delay.
----- Original Message -----
From: "Jeb D CTR Trayer" Jeb.D.Trayer@uscg.mil To: scap-security-guide@lists.fedorahosted.org Sent: Tuesday, December 3, 2013 1:18:16 PM Subject: RE: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
Good morning all! I sent this out last week, I know it was a holiday week and everyone is probably still catching up on emails but wanted to make sure this didn't fall through the cracks if someone gets a chance to look at it.
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Trayer, Jeb D CTR Sent: Tuesday, November 26, 2013 10:49 AM To: scap-security-guide@lists.fedorahosted.org Subject: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
A colleague found during testing, that the find command for checking/fixing group or world writeable files in library directories had the -perm flag set as -022 (all bits set) instead of /022 (any bits set). I updated RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this patch to update the fix content.
I can't push this patch so if its approved, so if someone that could, doesn't mind it's appreciated.
Yes, good catch (we want to remediate permissions on all files in library directories that have either group-writable or world-writable permissions set. Not just only on those files that meet both of the requirements).
So your proposal is correct. ACK for pushing from me.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
Signed-off-by: Jeb Trayer jeb.d.trayer@uscg.mil
.../fixes/bash/file_permissions_library_dirs.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh index 263612f..7de0740 100644 --- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh +++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh @@ -1,4 +1,4 @@ DIRS="/lib /lib64 /usr/lib /usr/lib64" for dirPath in $DIRS; do
- find $dirPath -perm -022 -type f -exec chmod go-w '{}' ;
- find $dirPath -perm /022 -type f -exec chmod go-w '{}' ;
done
1.7.1
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 12/4/13, 8:35 AM, Jan Lieskovsky wrote:
Hello Jeb,
sorry for the delay.
----- Original Message -----
From: "Jeb D CTR Trayer" Jeb.D.Trayer@uscg.mil To: scap-security-guide@lists.fedorahosted.org Sent: Tuesday, December 3, 2013 1:18:16 PM Subject: RE: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
Good morning all! I sent this out last week, I know it was a holiday week and everyone is probably still catching up on emails but wanted to make sure this didn't fall through the cracks if someone gets a chance to look at it.
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Trayer, Jeb D CTR Sent: Tuesday, November 26, 2013 10:49 AM To: scap-security-guide@lists.fedorahosted.org Subject: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
A colleague found during testing, that the find command for checking/fixing group or world writeable files in library directories had the -perm flag set as -022 (all bits set) instead of /022 (any bits set). I updated RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this patch to update the fix content.
I can't push this patch so if its approved, so if someone that could, doesn't mind it's appreciated.
Yes, good catch (we want to remediate permissions on all files in library directories that have either group-writable or world-writable permissions set. Not just only on those files that meet both of the requirements).
So your proposal is correct. ACK for pushing from me.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Pushed @ https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=b63de3a...
Thanks for the nudge on this Jeb. You were right, many of us were taking the holiday away from laptops :)
Thanks!
Jeb Trayer, CTR Ace Info Solutions, Inc. USCG Operations System Center Jeb.D.Trayer@uscg.mil
Signed-off-by: Jeb Trayer jeb.d.trayer@uscg.mil
.../fixes/bash/file_permissions_library_dirs.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh index 263612f..7de0740 100644 --- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh +++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh @@ -1,4 +1,4 @@ DIRS="/lib /lib64 /usr/lib /usr/lib64" for dirPath in $DIRS; do
- find $dirPath -perm -022 -type f -exec chmod go-w '{}' ;
- find $dirPath -perm /022 -type f -exec chmod go-w '{}' ; done
-- 1.7.1
scap-security-guide@lists.fedorahosted.org