#!/usr/bin/env bash{l_output=""l_output2=""a_nouser=();a_nogroup=()# Initialize arraysa_path=(!-path"/run/user/*"-a!-path"/proc/*"-a!-path"*/containerd/*"-a!-path"*/kubelet/pods/*"-a!-path"*/kubelet/plugins/*"-a!-path"/sys/fs/cgroup/memory/*"-a!-path"/var/*/private/*")whileIFS=read-rl_mount;dowhileIFS=read-r-d$'\0'l_file;doif[-e"$l_file"];thenwhileIFS=:read-rl_userl_group;do["$l_user"="UNKNOWN"]&&a_nouser+=("$l_file")["$l_group"="UNKNOWN"]&&a_nogroup+=("$l_file")done<<(stat-Lc'%U:%G'"$l_file")fidone<<(find"$l_mount"-xdev\("${a_path[@]}"\)\(-typef-o-typed\)\(-nouser-o-nogroup\)-print02>/dev/null)done<<(findmnt-Dkernofstype,target|awk'($1 !~/^\s*(nfs|proc|smb|vfat|iso9660|efivarfs|selinuxfs)/ && $2 !~/^\/run\/user\//){print $2}')if!((${#a_nouser[@]}>0));thenl_output="$l_output\n - No files or directories without a owner exist on the local filesystem."elsel_output2="$l_output2\n - There are \"$(printf'%s'"${#a_nouser[@]}")\" unowned files or directories on the system.\n- The following is a list of unowned files and/or directories:\n$(printf'%s\n'"${a_nouser[@]}")\n - end of list"fiif!((${#a_nogroup[@]}>0));thenl_output="$l_output\n - No files or directories without a group exist on the local filesystem."elsel_output2="$l_output2\n - There are \"$(printf'%s'"${#a_nogroup[@]}")\" ungrouped files or directories on the system.\n- The following is a list of ungrouped files and/or directories:\n$(printf'%s\n'"${a_nogroup[@]}")\n- end of list"fiunseta_path;unseta_arr;unseta_nouser;unseta_nogroup# Remove arraysif[-z"$l_output2"];then# If l_output2 is empty, we pass echo-e"\n- Audit Result:\n ** PASS **\n - * Correctly configured * :\n$l_output\n"elseecho-e"\n- Audit Result:\n ** FAIL **\n - * Reasons for audit failure * :\n$l_output2"[-n"$l_output"]&&echo-e"\n- * Correctly configured * :\n$l_output\n"fi}
Note: On systems with a large number of files and/or directories, this audit may be a long running process