forked from evolix/evocheck
Check for world readable private keys
This commit is contained in:
parent
9e21e22414
commit
69a61bcc51
10
evocheck.sh
10
evocheck.sh
|
@ -73,6 +73,7 @@ IS_BACKUPUPTODATE=1
|
|||
IS_GITPERMS=1
|
||||
IS_NOTUPGRADED=1
|
||||
IS_TUNE2FS_M5=1
|
||||
IS_PRIVKEYWOLRDREADABLE=1
|
||||
|
||||
#Proper to OpenBSD
|
||||
IS_SOFTDEP=1
|
||||
|
@ -620,3 +621,12 @@ if [ "$IS_EVOMAINTENANCECONF" = 1 ]; then
|
|||
&& grep "^URGENCYTEL" $f |grep -qv "06.00.00.00.00" \
|
||||
&& grep "^REALM" $f |grep -qv "example.com" ) || echo 'IS_EVOMAINTENANCECONF FAILED!'
|
||||
fi
|
||||
|
||||
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
||||
for f in /etc/ssl/private/*; do
|
||||
perms=$(stat -c "%a" $f)
|
||||
if [ ${perms: -1} != "0" ]; then
|
||||
echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue