From 46466c12ad9dcc62d52dd3e887665ced6bdedf3a Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 05:49:11 -0500
Subject: [PATCH] parse drop-in config folder rather than only one config file

---
 .../30_default.conf}                                  |  0
 usr/lib/security-misc/permission-hardening            | 11 ++++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)
 rename etc/{permission-hardening.conf => permission-hardening.d/30_default.conf} (100%)

diff --git a/etc/permission-hardening.conf b/etc/permission-hardening.d/30_default.conf
similarity index 100%
rename from etc/permission-hardening.conf
rename to etc/permission-hardening.d/30_default.conf
diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 733e0e9..d0b4584 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -7,8 +7,6 @@
 
 exit_code=0
 
-config_file="/etc/permission-hardening.conf"
-
 echo_wrapper() {
    echo "run: $@"
    "$@"
@@ -161,6 +159,13 @@ set_file_perms() {
   done < "$config_file"
 }
 
-set_file_perms
+parse_config_folder() {
+  shopt -s nullglob
+  for config_file in /etc/permission-hardening.d/*.conf /usr/local/etc/permission-hardening.d/*.conf; do
+    set_file_perms
+  done
+}
+
+parse_config_folder
 
 exit "$exit_code"