|
|
|
|
|||||||
| Security Anything involving computer security goes here. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to change the permissions of ksh? | ponnuvel | UNIX for Advanced & Expert Users | 3 | 04-15-2008 12:17 AM |
| Recursively changing permissions on files | altamaha | UNIX for Dummies Questions & Answers | 1 | 03-01-2008 01:15 AM |
| Change permissions of /var/log/messages | anindra | UNIX for Dummies Questions & Answers | 3 | 11-05-2007 08:53 AM |
| need command to change permissions | calredd | UNIX for Dummies Questions & Answers | 1 | 04-28-2007 09:53 AM |
| How to change permissions in UNIX? | a8111978 | Filesystems, Disks and Memory | 2 | 06-24-2002 11:40 AM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
02-29-2008
|
|||
|
|||
|
Recursively find and change Permissions on Man pages
Just joined after using the site as a guest.. (Very Good Stuff in here.. thanks folks.)
I am in the process of hardening a Solaris 10 server using JASS. I also must use DISA Security Checklists (SRR) scripts to test for things that did not get hardened to DISA standards. One of the things missing is a script that would change all of the permissions on various man pages to be no more permisive than 644. I know I can do it by manually finding and changing them, but it would be great if someone allready had a script in place.  Thanks again for a great place to browse and learn. Altamaha 
|
| Forum Sponsor | ||
|
|
|
03-03-2008
|
|||
|
|||
|
Thanx to both of you for your suggestions. I was and am going to be using whatever we discover here as a learning tool to be applied across other directories where permissions need to be changed.
I am wanting to find files that are more permissive than in this case 644 and change them to 644. That would be accomplised by either of your examples I think. I may need to run my scripts more than once and need only make changes if the files are more permissive than stated, plus I also need to capture the changes in a log for documentation. I guess I need an ls -l of the directory to get the perms and based on the perms then perform a chmod and >> to a logfile. Does that make any sense? Thanks, JB aka Altamaha
|
|
03-05-2008
|
|||
|
|||
|
I tried to post this under the Dummies forum in hopes of because it is actually more dumb than security, but I was shut down for double posting.
Now that I am willing to abide by the rules, and after some help from some others on the group, I offer this bit of code hoping that someone can show a better way to get where I am heading. I am using the suggested fid command, but I do not know how one would use the "greater than" check against the permission bits. Code:
#!/bin/sh
#
#
# ident "@(#)stewart-set-manpage-permissions.fin 1.1 08/02/08"
#
# Set permissions for manual pages to no more permissive than 644.
# Reference GEN001280 UNIX Security Checklist V 5R1.5.
#
#
#
MANDIR=/usr/share/man
for FILENAME in `find $MANDIR -type f -perm -7 -o -type f -perm -6
-o -type f -perm -5 -o -type f -perm -3 -o -type f -perm -2 -o -type f -perm -1`
do
#chmod 644 $FILENAME
ls -l $FILENAME
done
JB aka Altamaha
|
|
03-25-2008
|
|||
|
|||
|
Quote:
Also, even with regular basic old-skool BSD find, I don't really think you need to painstakingly repeat the -type f -- just add parentheses, but note that you have to backslash-escape them because they are special to the shell, too. Code:
find $MANDIR -type f \( -perm -7 -o -perm -6 -o -perm -5 -o -perm -3 -o -perm -2 -o -perm -1 \) Code:
find $MANDIR -type f -perm /3
|
|||
| Google UNIX.COM |
|
| Tags |
| solaris |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
