Sunday, 1 July 2018

Redhat Linux 6.9 Santiago Configuration audit

Enusre Root $PATH integrity is conifgured properly

CIS provided script must be edited according to this:

#! /bin/bash

if [ ""`echo $PATH | /bin/grep :: `"" != """" ]; then
    echo "Empty Directory in PATH (::)"
fi

if [ ""`echo $PATH | /bin/grep :$`""    != """" ]; then echo ""Trailing : in  PATH""
fi

p=`echo $PATH | /bin/sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'`
set -- $p
while [ ""$1"" != """" ]; do
    if [ ""$1"" = ""."" ]; then
        echo ""PATH contains ."" shift
        continue
    fi
    if [ -d $1 ]; then
        dirperm=`/bin/ls -ldH $1 | /bin/cut -f1 -d"" ""`
        if [ `echo $dirperm | /bin/cut -c6 ` != ""-"" ]; then
            echo ""Group Write permission set on directory $1""
        fi
        if [ `echo $dirperm | /bin/cut -c9 ` != ""-"" ]; then
            echo ""Other Write permission set on directory $1""
        fi
        dirown=`ls -ldH $1 | awk '{print $3}'`
        if [ ""$dirown"" != ""root"" ] ; then
            echo $1 is not owned by root
        fi
    else
        echo $1 is not a directory
    fi
    shift
done


and then the output will be like:

[root@test temp]# ./root_integrity.sh
/home/temp/bin is not a directory
[root@test temp]#

This means /home/temp/bin has not been added to $PATH in root 


To do that you need to type in your terminal:

export PATH=$PATH:$HOME/bin
Where "$HOME/bin" is the directory I assume you want to add. This change is only temporary (it works only in the current session of the shell) to make it permanent add the previous line to your .bashrc file located in your home directory

No comments:

Post a Comment