Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-22 11:13:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux-baseline/libraries/suid_check.rb
Miguel Angel Garcia 10657ca958 Improve SUID find 
Signed-off-by: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
2022-02-12 17:38:33 +01:00

28 lines
728 B
Ruby
Raw Blame History

# frozen_string_literal: true
# author: Christoph Hartmann
class SUIDCheck < Inspec.resource(1)
name 'suid_check'
desc 'Use the suid_check resource to verify the current SUID/SGID against a blacklist'
example "
describe suid_check(blacklist) do
its('diff') { should be_empty }
end
"
def initialize(blacklist = nil)
super()
blacklist = default if blacklist.nil?
@blacklist = blacklist
end
def permissions
output = inspec.command('find / -type d \( -path \'/proc/*\' -o -path \'/var/lib/lxd/containers/*\' \) -prune -type f -o -perm -2000 -o -perm 4000 2>/dev/null | grep -v \'^find:\'')
output.stdout.split(/\r?\n/)
end
def diff
permissions & @blacklist
end
end
Reference in a new issue View git blame Copy permalink