Accueil Explorer Aide
Connexion
guillaume
/
concierge
1
0
Fork 0
Fichiers Tickets 0
Parcourir la source

concierge-permaudit: catch moved/deleted running executables and scripts

root il y a 7 ans
Parent
78ca8cb71e
commit
d60d57a959
1 fichiers modifiés avec 13 ajouts et 9 suppressions
Vue séparée Afficher les stats Diff
  1. 13 9
      src/concierge-permaudit

+ 13 - 9
src/concierge-permaudit
Voir le fichier 

@@ -230,7 +230,7 @@ def isWorldWritable(path):
 
 
 exceptions = ''
 
 
-def logExceptions(description, paths = [], context = None):
 
+def logExceptions(description, paths = [], context = None, severity = 3):
 
   global exceptions
 
   exceptions += "%s\n" % description
 
   if context != None:
 
@@ -243,6 +243,9 @@ def logExceptions(description, paths = [], context = None):
 
       exceptions += "   * %s\n" % path.as_posix()
 
   exceptions += "\n"
 
 
+def logWarnings(description, paths = [], context = None):
 
+  return logExceptions(description, paths, context, 4)
 
+
 
 def printExceptions():
 
   global exceptions
 
   print(exceptions, end='')
 
@@ -254,13 +257,14 @@ def auditProcess(proc):
 
   if len(exePathStr) > 0:
 
     exePath = Path(exePathStr)
 
     try:
 
+      exePath = exePath.resolve()
 
       if (exePath.stat().st_uid != rootPwe.pw_uid and
 
           exePath.stat().st_uid != ruid):
 
-        logExceptions('Executable is owned by another, non-root user', [exePath.resolve()], 'Process %d' % proc.pid)
 
-    except:
 
-      pass
 
+        logExceptions('Executable is owned by another, non-root user', [exePath], 'Process %d' % proc.pid)
 
+    except FileNotFoundError:
 
+      logWarnings('Executable was moved or deleted', [exePath], 'Process %d' % proc.pid)
 
     if isWorldWritable(exePath):
 
-      logExceptions('Executable is world-writable', [exePath.resolve()], 'Process %d' % proc.pid)
 
+      logExceptions('Executable is world-writable', [exePath], 'Process %d' % proc.pid)
 
 
 def auditCommand(ruid, argList, cwd, env = {}, context = None):
 
   if 'PATH' in env:
 
@@ -277,11 +281,11 @@ def auditCommand(ruid, argList, cwd, env = {}, context = None):
 
       scriptPath = scriptPath.resolve()
 
       if (scriptPath.stat().st_uid != rootPwe.pw_uid and
 
           scriptPath.stat().st_uid != ruid):
 
-        logExceptions('Script is owned by another, non-root user', [scriptPath.resolve()], context)
 
+        logExceptions('Script is owned by another, non-root user', [scriptPath], context)
 
+      if isWorldWritable(scriptPath):
 
+        logExceptions('Script is world-writable', [scriptPath], context)
 
     except FileNotFoundError:
 
-      pass # warning('File not found')
 
-    if isWorldWritable(scriptPath):
 
-      logExceptions('Script is world-writable', [scriptPath.resolve()], context)
 
+      logWarnings('Script was moved or deleted', [scriptPath], context)
 
 
 readExceptions = []
 
 for pattern in readPatterns: