Recursively find and change Permissions on Man pages
Just joined after using the site as a guest.. (Very Good Stuff in here.. thanks folks.)
I am in the process of hardening a Solaris 10 server using JASS. I also must use DISA Security Checklists (SRR) scripts to test for things that did not get hardened to DISA standards.
One of the things missing is a script that would change all of the permissions on various man pages to be no more permisive than 644.
I know I can do it by manually finding and changing them, but it would be great if someone allready had a script in place.
Thanks again for a great place to browse and learn.
Thanx to both of you for your suggestions. I was and am going to be using whatever we discover here as a learning tool to be applied across other directories where permissions need to be changed.
I am wanting to find files that are more permissive than in this case 644 and change them to 644. That would be accomplised by either of your examples I think.
I may need to run my scripts more than once and need only make changes if the files are more permissive than stated, plus I also need to capture the changes in a log for documentation.
I guess I need an ls -l of the directory to get the perms and based on the perms then perform a chmod and >> to a logfile.
I tried to post this under the Dummies forum in hopes of because it is actually more dumb than security, but I was shut down for double posting.
Now that I am willing to abide by the rules, and after some help from some others on the group, I offer this bit of code hoping that someone can show a better way to get where I am heading.
I am using the suggested fid command, but I do not know how one would use the "greater than" check against the permission bits.
Code:
#!/bin/sh
#
#
# ident "@(#)stewart-set-manpage-permissions.fin 1.1 08/02/08"
#
# Set permissions for manual pages to no more permissive than 644.
# Reference GEN001280 UNIX Security Checklist V 5R1.5.
#
#
#
MANDIR=/usr/share/man
for FILENAME in `find $MANDIR -type f -perm -7 -o -type f -perm -6
-o -type f -perm -5 -o -type f -perm -3 -o -type f -perm -2 -o -type f -perm -1`
do
#chmod 644 $FILENAME
ls -l $FILENAME
done
I am using the suggested fi[n]d command, but I do not know how one would use the "greater than" check against the permission bits.
GNU find at least has some more advanced options for this. Is installing it an option?
Also, even with regular basic old-skool BSD find, I don't really think you need to painstakingly repeat the -type f -- just add parentheses, but note that you have to backslash-escape them because they are special to the shell, too.
Of course, if you want to say "any bit except 4", that is doable too, at least with GNU find:
Code:
find $MANDIR -type f -perm /3
Also look at find2perl -- its documentation is somewhat terse but if you can't quite say what you want with the bare find(1) options, it might be less frustrating to make minor edits to a generated Perl script. Quick Googling brought up this brief tutorial
"how to see the man pages related to pthreads". while executing the command man pthread_t . im getting the following error!!!!!
No manual entry for pthread. (3 Replies)
Can anyone supply me with the man pages for:
omnidatalist
omnibarlist
omnisap.exe
I prefer the source man pages in nroff format.
A clue about the software bundles which supply these man pages is fine as well.
OS: HP-UX
TIA (11 Replies)
Hi everyone,
I have a small query, in solaris the man pages get displayed on half of the terminal , can i get a full terminal or full screen display ?:) (2 Replies)
Hi,
I am using solaris. I have to load the some man pages on different node from solaris. I have no basic idea regarding this. can anyone plz give me some basic ideas so that i can proceed.
Thanks in advance. (3 Replies)
can anybody explain me how to read unix
man pages?
for example when i want to get information about ps command
man ps gives me this output:
***********************************
Reformatting page. Please wait... completed
ps(1) ... (2 Replies)
When reading man pages, I notice that sometimes commands are follwed by a number enclosed in parenthesis. such as:
mkdir calls the mkdir(2) system call.
What exactly does this mean? (4 Replies)
Hi,
I've written now a man pages, but I don't knwo how to get 'man' to view them. Where have I to put this files, which directories are allowed??
THX Bensky (3 Replies)
Hello ,
I just installed openssh in my system . I actually tried to man sshd but it says no entry , though there is a man directory in the installation which have the man pages for sshd .
Can anyone tell me how should i install these man pages .
DP (2 Replies)
02-29-2008
