AniNIX/ShadowArch
3
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Wiki Activity

CVE-2016-4484

Browse Source
This commit is contained in:
DarkFeather
2016-11-16 16:23:52 -06:00
parent ce8320ce2e
commit 8874a42107
5 changed files with 132 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
Admin/silent-guardian
View File

@@ -1,5 +1,5 @@
#!/bin/bash
DEPRIV=depriv
if [ ! -f /usr/local/src/SharedLibraries/Bash/header ]; then
echo This script requires the SharedLibraries package.
exit 1;
@@ -7,27 +7,29 @@ fi
source /usr/local/src/SharedLibraries/Bash/header
export logfile="/var/log/silent-guardian.log"
logstatement "Started $(date)"
# Fix the Webserver permissions
chown -R cxford:http /srv/http/*
if [ -f /srv/http ]; then
chown -R $DEPRIV:http /srv/http/*
find /srv/http/* -type f -exec chmod 0640 {} \;
find /srv/http/* -type d -exec chmod 0750 {} \;
fi;
# Fix the media permissions
chown -R cxford:http /srv/yggdrasil
find /srv/yggdrasil/ -type f -exec chmod 0440 {} \;
find /srv/yggdrasil/ -type d -exec chmod 0550 {} \;
chmod -R u+w /srv/yggdrasil/new_acquisition
if [ -f /usr/lib/systemd/system/yggdrasil.service ]; then
chown -R $DEPRIV:http /srv/yggdrasil
/usr/local/bin/yggdrasil-lock
fi
# fix the WolfPack results location
find /srv/WolfPackResults -type d -exec chmod 0755 {} \;
find /srv/WolfPackResults -type f -exec chmod 0644 {} \;
if [ -x /usr/local/bin/wolfpack ]; then
find /srv/wolfpack -type d -exec chmod 0755 {} \;
find /srv/wolfpack -type f -exec chmod 0644 {} \;
fi
# Seal the special directories.
for i in $(ls -a /srv/yggdrasil/Digital_Library/ | egrep '^\.[a-zA-Z0-9]+$'); do
chown cxford:cxford -R $i;
chown $DEPRIV:$DEPRIV -R $i;
find $i -type f -exec chmod 0400 {} \;
find $i -type d -exec chmod 0500 {} \;
done
@@ -39,11 +41,17 @@ find /root -type d -exec chmod 0700 {} \;
# Guard home directories
chmod 0750 /home/*
chmod 0700 /home/.root-only/
# Guard API's
chmod 0750 /usr/local/bin/api-keys
chown root:api /usr/local/bin/api-keys
if [ -f /usr/local/bin/api-keys ]; then
chmod 0750 /usr/local/bin/api-keys
chown root:api /usr/local/bin/api-keys
fi
# Guard LDAP
if [ -d /etc/openldap ]; then
chown ldap:ldap /var/lib/openldap/openldap-data/*
fi
logstatement "Ended $(date)"
logstatement " "