From e43b3fec9bdf6d0ea3fa67b2d1045942382943a5 Mon Sep 17 00:00:00 2001 From: m8in Date: Mon, 30 Mar 2026 21:12:17 +0200 Subject: [PATCH] Checks fixed and added --- ...ore_ssh_config_access_restriction.check.sh | 21 +++++++++++++++++++ ..._of_jenkins_points_to_definitions.check.sh | 6 ++++++ .../core_user_name_may_contain_dots.check.sh | 11 ++++++++++ 3 files changed, 38 insertions(+) create mode 100755 script/check/host/all/core_ssh_config_access_restriction.check.sh create mode 100755 script/check/host/all/core_user_name_may_contain_dots.check.sh diff --git a/script/check/host/all/core_ssh_config_access_restriction.check.sh b/script/check/host/all/core_ssh_config_access_restriction.check.sh new file mode 100755 index 0000000..a9eeb6d --- /dev/null +++ b/script/check/host/all/core_ssh_config_access_restriction.check.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +_CURRENT_FILE='/etc/ssh/sshd_config.d/AccessRestriction.conf' + +#No file is NOT ok +[ ! -e "${_CURRENT_FILE}" ] \ + && exit 1 + +#File has to be readable, then +#search for '/definitions/' in the path of current file, after readlink expanded a potential symlink. +[ -r "${_CURRENT_FILE}" ] \ + && readlink -f "${_CURRENT_FILE}" | grep -q "/definitions/" \ + && exit 0 + +#File has to be readable, then +#search for '/core/default/' in the path of current file, after readlink expanded a potential symlink. +[ -r "${_CURRENT_FILE}" ] \ + && readlink -f "${_CURRENT_FILE}" | grep -q "/core/default/" \ + && exit 0 + +exit 1 diff --git a/script/check/host/all/core_sudoers_file_of_jenkins_points_to_definitions.check.sh b/script/check/host/all/core_sudoers_file_of_jenkins_points_to_definitions.check.sh index 5e0e97e..f9b7cdd 100755 --- a/script/check/host/all/core_sudoers_file_of_jenkins_points_to_definitions.check.sh +++ b/script/check/host/all/core_sudoers_file_of_jenkins_points_to_definitions.check.sh @@ -12,4 +12,10 @@ _CURRENT_FILE='/etc/sudoers.d/allow-jenkins-updateRepositories' && readlink -f "${_CURRENT_FILE}" | grep -q "/definitions/" \ && exit 0 +#File has to be readable, then +#search for '/core/default/' in the path of current file, after readlink expanded a potential symlink. +[ -r "${_CURRENT_FILE}" ] \ + && readlink -f "${_CURRENT_FILE}" | grep -q "/core/default/" \ + && exit 0 + exit 1 diff --git a/script/check/host/all/core_user_name_may_contain_dots.check.sh b/script/check/host/all/core_user_name_may_contain_dots.check.sh new file mode 100755 index 0000000..683dcc9 --- /dev/null +++ b/script/check/host/all/core_user_name_may_contain_dots.check.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +_FILE_NAME='/etc/adduser.conf' + +# The first expression should filter the line conaining the key. +# - here a regular expression (-E) is used to enforce the line starts with the key. +# Second expression looks for the uninterpreted fix string (-F), but without output. +grep -E '^NAME_REGEX=.*$' "${_FILE_NAME}" | grep -q -F '^[a-z][-a-z0-9_.]*\$?$' 2> /dev/null \ + && exit 0 + +exit 1