Run the following script to verify root's path does not include:
- Locations that are not directories
- An empty directory (::)
- A trailing (:)
- Current working directory (.)
- Non root owned directories
- Directories that less restrictive than mode 0755
#!/usr/bin/env bash{l_output2=""l_pmask="0022"l_maxperm="$(printf'%o'$((0777&~$l_pmask)))"l_root_path="$(sudo-Hiurootenv|grep'^PATH'|cut-d=-f2)"unseta_path_loc&&IFS=":"read-raa_path_loc<<<"$l_root_path"grep-q"::"<<<"$l_root_path"&&l_output2="$l_output2\n - root's path contains a empty directory (::)"grep-Pq":\h*$"<<<"$l_root_path"&&l_output2="$l_output2\n - root's path contains a trailing (:)"grep-Pq'(\h+|:)\.(:|\h*$)'<<<"$l_root_path"&&l_output2="$l_output2\n - root's path contains current working directory (.)"whileread-rl_path;doif[-d"$l_path"];thenwhileread-rl_fmodel_fown;do["$l_fown"!="root"]&&l_output2="$l_output2\n - Directory: \"$l_path\" is owned by: \"$l_fown\" should be owned by \"root\""[$(($l_fmode&$l_pmask))-gt0]&&l_output2="$l_output2\n - Directory: \"$l_path\" is mode: \"$l_fmode\" and should be mode: \"$l_maxperm\" or more restrictive"done<<<"$(stat-Lc'%#a %U'"$l_path")"elsel_output2="$l_output2\n - \"$l_path\" is not a directory"fidone<<<"$(printf"%s\n""${a_path_loc[@]}")"if[-z"$l_output2"];thenecho-e"\n- Audit Result:\n *** PASS ***\n - Root's path is correctly configured\n"elseecho-e"\n- Audit Result:\n ** FAIL **\n - * Reasons for audit failure * :\n$l_output2\n"fi}
Correct or justify any:
- Locations that are not directories
- Empty directory (::)
- Trailing (:)
- Current working directory (.)
- Non root owned directories
- Directories that less restrictive than mode 0755