Re: [PATCH] fix for find command parameters in RHEL6/input/fixes/bash/file_permissions_library_dirs.sh

Wed, 04 Dec 2013 23:24:25 -0800 

On 12/4/13, 8:35 AM, Jan Lieskovsky wrote:

Hello Jeb,

   sorry for the delay.

----- Original Message -----

From: "Jeb D CTR Trayer" <[email protected]>
To: [email protected]
Sent: Tuesday, December 3, 2013 1:18:16 PM
Subject: RE: [PATCH] fix for find command parameters in 
RHEL6/input/fixes/bash/file_permissions_library_dirs.sh

Good morning all!  I sent this out last week, I know it was a holiday week
and everyone is probably still catching up on emails but wanted to make sure
this didn't fall through the cracks if someone gets a chance to look at it.

Thanks!

Jeb Trayer, CTR
Ace Info Solutions, Inc.
USCG Operations System Center
[email protected]


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
Trayer, Jeb D CTR
Sent: Tuesday, November 26, 2013 10:49 AM
To: [email protected]
Subject: [PATCH] fix for find command parameters in
RHEL6/input/fixes/bash/file_permissions_library_dirs.sh

A colleague found during testing, that the find command for checking/fixing
group or world writeable files in library directories had the -perm flag set
as -022 (all bits set) instead of /022 (any bits set).  I updated
RHEL6/input/fixes/bash/file_permissions_library_dirs.sh and generated this
patch to update the fix content.

I can't push this patch so if its approved, so if someone that could, doesn't
mind it's appreciated.

Yes, good catch (we want to remediate permissions on all files in library 
directories
that have either group-writable or world-writable permissions set. Not just only
on those files that meet both of the requirements).

So your proposal is correct. ACK for pushing from me.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Pushed @ https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=b63de3a7dea98d59a4a16a51517bfaba6fa3703c
Thanks for the nudge on this Jeb. You were right, many of us were taking the holiday away from laptops :) 






Thanks!

Jeb Trayer, CTR
Ace Info Solutions, Inc.
USCG Operations System Center
[email protected]


Signed-off-by: Jeb Trayer <[email protected]>
---
  .../fixes/bash/file_permissions_library_dirs.sh    |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
index 263612f..7de0740 100644
--- a/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
+++ b/RHEL6/input/fixes/bash/file_permissions_library_dirs.sh
@@ -1,4 +1,4 @@
  DIRS="/lib /lib64 /usr/lib /usr/lib64"
  for dirPath in $DIRS; do
-   find $dirPath -perm -022 -type f -exec chmod go-w '{}' \;
+   find $dirPath -perm /022 -type f -exec chmod go-w '{}' \;
  done
--
1.7.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to