Merge pull request #6703 from mildas/rpm_verify_ownership_tests

rpm_verify_ownership test scenarios
ComplianceAsCode · Mar 17, 2021 · 31c00d9 · 31c00d9
2 parents ddaad85 + 3fbc53e
commit 31c00d9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/.../software-integrity/rpm_verification/rpm_verify_ownership/tests/all_ownerships_ok.pass.sh b/.../software-integrity/rpm_verification/rpm_verify_ownership/tests/all_ownerships_ok.pass.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Perform same steps as remediation
+declare -A SETOWNER_RPM_LIST
+FILES_WITH_INCORRECT_OWNERSHIP=($(rpm -Va --nofiledigest | awk '{ if (substr($0,6,1)=="U" || substr($0,7,1)=="G") print $NF }'))
+
+for FILE_PATH in "${FILES_WITH_INCORRECT_OWNERSHIP[@]}"; do
+    RPM_PACKAGES=$(rpm -qf "$FILE_PATH")
+    for pkg in $RPM_PACKAGES; do
+        SETOWNER_RPM_LIST["$pkg"]=1
+    done
+done
+
+for RPM_PACKAGE in "${!SETOWNER_RPM_LIST[@]}"; do
+    rpm --setugids "${RPM_PACKAGE}"
+done
diff --git a/...tware-integrity/rpm_verification/rpm_verify_ownership/tests/wrong_group_ownership.fail.sh b/...tware-integrity/rpm_verification/rpm_verify_ownership/tests/wrong_group_ownership.fail.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+chown :1 /etc/shadow
diff --git a/...ty/software-integrity/rpm_verification/rpm_verify_ownership/tests/wrong_ownership.fail.sh b/...ty/software-integrity/rpm_verification/rpm_verify_ownership/tests/wrong_ownership.fail.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+chown 1 /etc/shadow