rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   ff1465361ce508f93601c5dcefe092ef09bc26bb
  2.   SOURCES
  3.   scap-security-guide-0.1.59-fix_accounts_umask_interactive_users-PR_7898.patch
Blob Blame History Raw 
From f74121fc8b4074854e7cd96cc276711e80b54131 Mon Sep 17 00:00:00 2001
From: Marcus Burghardt <maburgha@redhat.com>
Date: Thu, 18 Nov 2021 10:23:10 +0100
Subject: [PATCH] Fix remediation for accounts_umask_interactive_users

Included logic to ensure sed command considers only hidden files,
ignoring possible hidden folders.
---
 .../accounts_umask_interactive_users/ansible/shared.yml      | 4 +++-
 .../accounts_umask_interactive_users/bash/shared.sh          | 4 +++-
 .../tests/hidden_folder_ignored.pass.sh                      | 5 +++++
 3 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/tests/hidden_folder_ignored.pass.sh

diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
index 142f10a2157..67064ac4a3b 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
@@ -8,5 +8,7 @@
   ansible.builtin.shell:
     cmd: |
       for dir in $(awk -F':' '{ if ($3 >= {{{ uid_min }}} && $3 != 65534) print $6}' /etc/passwd); do
-        sed -i 's/^\([\s]*umask\s*\)/#\1/g' $dir/.[^\.]?*
+        for file in $(find $dir -maxdepth 1 -type f -name ".*"); do
+          sed -i 's/^\([\s]*umask\s*\)/#\1/g' $file
+        done
       done
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
index 0644b221df8..f81fdfe41fd 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
@@ -5,5 +5,7 @@
 # disruption = low
 
 for dir in $(awk -F':' '{ if ($3 >= {{{ uid_min }}} && $3 != 65534) print $6}' /etc/passwd); do
-    sed -i 's/^\([\s]*umask\s*\)/#\1/g' $dir/.[^\.]?*
+    for file in $(find $dir -maxdepth 1 -type f -name ".*"); do
+        sed -i 's/^\([\s]*umask\s*\)/#\1/g' $file
+    done
 done
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/tests/hidden_folder_ignored.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/tests/hidden_folder_ignored.pass.sh
new file mode 100644
index 00000000000..b9e1b7519ef
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/tests/hidden_folder_ignored.pass.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+USER="cac_user"
+useradd -m $USER
+mkdir /home/$USER/.hiddenfolder

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation