concierge-permaudit: check permission of ruby search paths, and running executables

src/concierge-permaudit

@@ -8,7 +8,7 @@ import sys
 import glob
 from pathlib import Path
 
-def get_perl_inc():
+def get_perl_searchpath():
   # perl -e "print join $/, values @INC"
   try:
     res = subprocess.check_output(['perl', '-e', 'print join $/, values @INC'])
@@ -16,6 +16,14 @@ def get_perl_inc():
   except FileNotFoundError:
     return []
 
+def get_ruby_searchpath():
+  # ruby -e 'puts $:'
+  try:
+    res = subprocess.check_output(['ruby', '-e', 'puts $:'])
+    return res.decode('utf-8').split("\n")
+  except FileNotFoundError:
+    return []
+
 disRules = list()
 disRules.append(('/etc/apache2/sites-available/*', 'SSLCertificateKeyFile\s+(\S+)'))
 disRules.append(('/etc/dovecot/conf.d/10-ssl.conf', 'ssl_key\s*=\s*<(\S+)'))
@@ -257,12 +265,28 @@ for strPath in sys.path:
 logExceptions('These python search paths are world-writable', pythonpathWriteExceptions)
 
 perlpathWriteExceptions = []
-for strPath in get_perl_inc():
+for strPath in get_perl_searchpath():
   path = Path(strPath)
   if isWorldWritable(path):
     perlpathWriteExceptions.append(path)
 
-logExceptions('These perl include paths are world-writable', perlpathWriteExceptions)
+logExceptions('These perl search paths are world-writable', perlpathWriteExceptions)
+
+rubypathWriteExceptions = []
+for strPath in get_ruby_searchpath():
+  path = Path(strPath)
+  if isWorldWritable(path):
+    rubypathWriteExceptions.append(path)
+
+logExceptions('These ruby search paths are world-writable', rubypathWriteExceptions)
+
+processWriteExceptions = []
+for strPath in patternWalk('/proc/*/exe'):
+  path = Path(strPath)
+  if isWorldWritable(path):
+    processWriteExceptions.append(path.resolve())
+
+logExceptions('Running processes use world-writable executables', processWriteExceptions)
 
 # Passwords should be stored in /etc/shadow, not /etc/passwd
 contentExceptions = []