mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-08-07 22:42:16 -04:00
24 lines
761 B
Bash
Executable file
24 lines
761 B
Bash
Executable file
#!/bin/bash
|
|
|
|
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## sysfs and debugfs expose a lot of information
|
|
## that should not be accessible by an unprivileged
|
|
## user which includes hardware info, debug info and
|
|
## more. This restricts /sys, /proc/cpuinfo, /proc/bus
|
|
## and /proc/scsi to the root user only. This hides
|
|
## many hardware identifiers from ordinary users
|
|
## and increases security.
|
|
for i in /proc/cpuinfo /proc/bus /proc/scsi /sys
|
|
do
|
|
if [ -e "${i}" ]; then
|
|
chmod og-rwx "${i}"
|
|
else
|
|
## /proc/scsi doesn't exist on Debian so errors
|
|
## are expected here.
|
|
if ! [ "${i}" = "/proc/scsi" ]; then
|
|
echo "ERROR: ${i} could not be found."
|
|
fi
|
|
fi
|
|
done
|