-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpermission-lockdown
More file actions
executable file
·53 lines (45 loc) · 2.44 KB
/
permission-lockdown
File metadata and controls
executable file
·53 lines (45 loc) · 2.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
# /usr/lib/security-misc/permission-lockdown: user: root | chmod o-rwx "/root"
# /usr/lib/security-misc/permission-lockdown: user: daemon | chmod o-rwx "/usr/sbin"
# /usr/lib/security-misc/permission-lockdown: user: bin | chmod o-rwx "/bin"
# /usr/lib/security-misc/permission-lockdown: user: sys | chmod o-rwx "/dev"
# /usr/lib/security-misc/permission-lockdown: user: sync | chmod o-rwx "/bin"
# /usr/lib/security-misc/permission-lockdown: user: games | chmod o-rwx "/usr/games"
# /usr/lib/security-misc/permission-lockdown: user: man | chmod o-rwx "/var/cache/man"
# /usr/lib/security-misc/permission-lockdown: user: mail | chmod o-rwx "/var/mail"
# /usr/lib/security-misc/permission-lockdown: user: proxy | chmod o-rwx "/bin"
# /usr/lib/security-misc/permission-lockdown: user: backup | chmod o-rwx "/var/backups"
# /usr/lib/security-misc/permission-lockdown: user: messagebus | chmod o-rwx "/var/run/dbus"
# /usr/lib/security-misc/permission-lockdown: user: tinyproxy | chmod o-rwx "/run/tinyproxy"
# /usr/lib/security-misc/permission-lockdown: user: rtkit | chmod o-rwx "/proc"
# /usr/lib/security-misc/permission-lockdown: user: colord | chmod o-rwx "/var/lib/colord"
# /usr/lib/security-misc/permission-lockdown: user: stunnel4 | chmod o-rwx "/var/run/stunnel4"
# /usr/lib/security-misc/permission-lockdown: user: iodine | chmod o-rwx "/var/run/iodine"
# /usr/lib/security-misc/permission-lockdown: user: statd | chmod o-rwx "/var/lib/nfs"
# /usr/lib/security-misc/permission-lockdown: user: timidity | chmod o-rwx "/etc/timidity"
# /usr/lib/security-misc/permission-lockdown: user: uuidd | chmod o-rwx "/run/uuidd"
# /usr/lib/security-misc/permission-lockdown: user: _rpc | chmod o-rwx "/run/rpcbind"
# /usr/lib/security-misc/permission-lockdown: user: geoclue | chmod o-rwx "/var/lib/geoclue"
home_folder_access_rights_lockdown() {
shopt -s nullglob
local folder_name base_name
for folder_name in /home/* ; do
base_name="$(basename "$folder_name")"
if [ -f "/var/cache/security-misc/state-files/$base_name" ]; then
continue
fi
if [ ! -d "$folder_name" ]; then
continue
fi
if [ "$folder_name" = "/home/" ]; then
continue
fi
mkdir -p /var/cache/security-misc/state-files
echo "$0: chmod o-rwx \"$folder_name\""
chmod o-rwx "$folder_name"
touch "/var/cache/security-misc/state-files/$base_name"
done
shopt -u nullglob
}
home_folder_access_rights_lockdown
exit 0