>From e08a5d756c1506e57221264c2de3dc30f7fd1a61 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 11 Sep 2013 19:35:14 -0400 Subject: [PATCH 07/22] Added Remediation: set_sysctl_fs_suid_dumpable Built from template
--- .../fixes/bash/set_sysctl_fs_suid_dumpable.sh | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) create mode 100644 RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh diff --git a/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh b/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh new file mode 100644 index 0000000..640fff2 --- /dev/null +++ b/RHEL6/input/fixes/bash/set_sysctl_fs_suid_dumpable.sh @@ -0,0 +1,16 @@ +# +# Set runtime for fs.suid_dumpable +# +sysctl -q -n -w fs.suid_dumpable=0 + +# +# If fs.suid_dumpable present in /etc/sysctl.conf, change value to "0" +# else, add "fs.suid_dumpable = 0" to /etc/sysctl.conf +# +if grep --silent ^fs.suid_dumpable /etc/sysctl.conf ; then + sed -i 's/^fs.suid_dumpable.*/fs.suid_dumpable = 0/g' /etc/sysctl.conf +else + echo "" >> /etc/sysctl.conf + echo "# Set fs.suid_dumpable to 0 per security requirements" >> /etc/sysctl.conf + echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf +fi -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
