]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 64567c9)
Do not permit world-readability of /etc/sudoers.d/
authorPeter Müller <peter.mueller@ipfire.org>
Sat, 30 Apr 2022 10:05:44 +0000 (10:05 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Mon, 2 May 2022 05:36:32 +0000 (05:36 +0000)
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
lfs/logwatch patch | blob | blame | history
lfs/setup patch | blob | blame | history
lfs/zabbix_agentd patch | blob | blame | history

diff --git a/lfs/logwatch b/lfs/logwatch
index 26da2c62efacc898ef1b79fc6c029595ad86879e..8631f4541d58ceb4e366abb3b7d4bb66ae560fdf 100644 (file)
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -106,8 +106,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf
 
        -mkdir -p /etc/sudoers.d
-       chmod -v 755 /etc/sudoers.d
-       install -v -m 644 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \
+       chmod -v 750 /etc/sudoers.d
+       install -v -m 640 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \
                 /etc/sudoers.d/logwatch-mdadm
 
        @rm -rf $(DIR_APP)
diff --git a/lfs/setup b/lfs/setup
index 5779406ef03c0dbcd07568beda262e26b86f2fd2..82286d6a09dd4b54b2942eeaad16049cc57da8e8 100644 (file)
--- a/lfs/setup
+++ b/lfs/setup
@@ -58,5 +58,9 @@ $(TARGET) :
                --with-config-root="$(CONFIG_ROOT)"
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
+
+       # Fix file permissions of /etc/sudoers.d/setup
+       chmod 640 /etc/sudoers.d/setup
+
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index c44f2b5f5848ee9d197d2042011d89ae7af8f3b3..63566c1a7ac3f82d395e74d422fc850230c4050d 100644 (file)
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -113,7 +113,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(call INSTALL_INITSCRIPTS,$(SERVICES))
 
        # Install sudoers include file
-       install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/sudoers \
+       install -v -m 640 $(DIR_SRC)/config/zabbix_agentd/sudoers \
                /etc/sudoers.d/zabbix
 
        # Install include file for backup
IPFire 2.x development tree