Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-26 21:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux-baseline/libraries/suid_check.rb
Alex Pop d977b4eb26 Rubocop update 
Signed-off-by: Alex Pop <alexpop@users.noreply.github.com>
2019-05-14 23:35:31 +01:00

25 lines
670 B
Ruby
Raw Blame History

# author: Christoph Hartmann
class SUIDCheck < Inspec.resource(1)
name 'suid_check'
desc 'Use the suid_check resource to verify the current SUID/SGID against a blacklist'
example "
describe suid_check(blacklist) do
its('diff') { should be_empty }
end
"
def initialize(blacklist = nil)
blacklist = default if blacklist.nil?
@blacklist = blacklist
end
def permissions
output = inspec.command('find / -perm -4000 -o -perm -2000 -type f ! -path \'/proc/*\' ! -path \'/var/lib/lxd/containers/*\' -print 2>/dev/null | grep -v \'^find:\'')
output.stdout.split(/\r?\n/)
end
def diff
permissions & @blacklist
end
end
Reference in a new issue View git blame Copy permalink