Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-13 15:19:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

lower verbosity of permission hardener

Browse Source 
fixes https://github.com/Kicksecure/security-misc/issues/158
This commit is contained in:
Patrick Schleizer 2023-11-05 15:09:29 -05:00
parent 0544657123
commit c75f80b29f
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
usr/libexec/security-misc/permission-hardening
View File

@ -180,14 +180,14 @@ add_nosuid_statoverride_entry() {
if [ "$whitelists_disable_all" = "true" ]; then if [ "$whitelists_disable_all" = "true" ]; then
true "INFO: whitelists_disable_all=true - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'" true "INFO: whitelists_disable_all=true - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'"
elif [ "$is_disable_whitelisted" = "true" ]; then elif [ "$is_disable_whitelisted" = "true" ]; then
echo "INFO: white list disabled - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'" true "INFO: white list disabled - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'"
else else
if [ "$is_exact_whitelisted" = "true" ]; then if [ "$is_exact_whitelisted" = "true" ]; then
echo "INFO: SKIP whitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'" true "INFO: SKIP whitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode'"
continue continue
fi fi
if [ "$is_match_whitelisted" = "true" ]; then if [ "$is_match_whitelisted" = "true" ]; then
echo "INFO: SKIP matchwhitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | matchwhite_list_entry: '$matchwhite_list_entry'" true "INFO: SKIP matchwhitelisted - $setuid_output $setsgid_output found - file_name: '$file_name' | existing_mode: '$existing_mode' | matchwhite_list_entry: '$matchwhite_list_entry'"
continue continue
fi fi
fi fi
@ -233,7 +233,7 @@ add_nosuid_statoverride_entry() {
} }
set_file_perms() { set_file_perms() {
echo "INFO: START parsing config_file: '$config_file'" true "INFO: START parsing config_file: '$config_file'"
local line local line
while read -r line || [[ -n "${line}" ]]; do while read -r line || [[ -n "${line}" ]]; do
if [ "$line" = "" ]; then if [ "$line" = "" ]; then
@ -295,7 +295,7 @@ set_file_perms() {
fi fi
if [ ! -e "$fso" ]; then if [ ! -e "$fso" ]; then
echo "INFO: fso: '$fso' - does not exist. This is likely normal." true "INFO: fso: '$fso' - does not exist. This is likely normal."
continue continue
fi fi
@ -458,7 +458,7 @@ set_file_perms() {
echo_wrapper_audit setcap "${capability_from_config}+ep" "$fso" echo_wrapper_audit setcap "${capability_from_config}+ep" "$fso"
fi fi
done < "$config_file" done < "$config_file"
echo "INFO: END parsing config_file: '$config_file'" true "INFO: END parsing config_file: '$config_file'"
} }
parse_config_folder() { parse_config_folder() {