Check for world readable private keys
This commit is contained in:
parent
9e21e22414
commit
69a61bcc51
10
evocheck.sh
10
evocheck.sh
|
@ -73,6 +73,7 @@ IS_BACKUPUPTODATE=1
|
||||||
IS_GITPERMS=1
|
IS_GITPERMS=1
|
||||||
IS_NOTUPGRADED=1
|
IS_NOTUPGRADED=1
|
||||||
IS_TUNE2FS_M5=1
|
IS_TUNE2FS_M5=1
|
||||||
|
IS_PRIVKEYWOLRDREADABLE=1
|
||||||
|
|
||||||
#Proper to OpenBSD
|
#Proper to OpenBSD
|
||||||
IS_SOFTDEP=1
|
IS_SOFTDEP=1
|
||||||
|
@ -620,3 +621,12 @@ if [ "$IS_EVOMAINTENANCECONF" = 1 ]; then
|
||||||
&& grep "^URGENCYTEL" $f |grep -qv "06.00.00.00.00" \
|
&& grep "^URGENCYTEL" $f |grep -qv "06.00.00.00.00" \
|
||||||
&& grep "^REALM" $f |grep -qv "example.com" ) || echo 'IS_EVOMAINTENANCECONF FAILED!'
|
&& grep "^REALM" $f |grep -qv "example.com" ) || echo 'IS_EVOMAINTENANCECONF FAILED!'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
||||||
|
for f in /etc/ssl/private/*; do
|
||||||
|
perms=$(stat -c "%a" $f)
|
||||||
|
if [ ${perms: -1} != "0" ]; then
|
||||||
|
echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in a new issue