115 lines
3.5 KiB
C
115 lines
3.5 KiB
C
#include <stdio.h>
|
|
#include "file.h"
|
|
#include "audit.h"
|
|
|
|
/*
|
|
* This function check the ownership of the file
|
|
* If the owner is root, the audit test fail
|
|
* Return the struct st_audit which contain the result
|
|
*/
|
|
struct st_audit ownership(uid_t uid, char *username, size_t len){
|
|
struct st_audit st_audit;
|
|
get_username(uid, username);
|
|
if (strncmp(username, "root", 64) == 0){
|
|
//printf("The %s account is not recommended. You should change the owner.\n", username);
|
|
char result[BUF_SIZE_AUDIT];
|
|
sprintf(st_audit.result, "The account %s is not recommended. You should change the owner.", username);
|
|
st_audit.audit = FALSE;
|
|
}
|
|
else{
|
|
//printf("The owner of the file is not root, it's recommended.\n");
|
|
sprintf(st_audit.result, "Audit passed with success. The owner of the file isn't root.");
|
|
st_audit.audit = TRUE;
|
|
}
|
|
return st_audit;
|
|
}
|
|
/*
|
|
* This function check the permission of the file
|
|
* Return the struct st_audit which contain the result
|
|
* https://www.man7.org/linux/man-pages/man2/chmod.2.html
|
|
*/
|
|
void permission(mode_t mode, struct st_audit *st_audit_owner, struct st_audit *st_audit_group, struct st_audit *st_audit_other){
|
|
|
|
/* Owner */
|
|
int irusr = mode & S_IRUSR;
|
|
int iwusr = mode & S_IWUSR;
|
|
int ixusr = mode & S_IXUSR;
|
|
if (irusr == 0 && iwusr == 0) {
|
|
sprintf(st_audit_owner->result, "Audit passed with success. Only the owner has the privilege to read/write the file.");
|
|
st_audit_owner->audit = TRUE;
|
|
}
|
|
else if (ixusr != 0){
|
|
sprintf(st_audit_owner->result, "The file can be executabled for the owner. The permission should be removed.");
|
|
st_audit_owner->audit = FALSE;
|
|
}
|
|
else{
|
|
sprintf(st_audit_owner->result, "The certificate has the correct permission for the owner.");
|
|
st_audit_owner->audit = TRUE;
|
|
}
|
|
|
|
/* Group */
|
|
int irgrp = mode & S_IRGRP;
|
|
int iwgrp = mode & S_IWGRP;
|
|
int ixgrp = mode & S_IXGRP;
|
|
if (irgrp != 0 || iwgrp != 0 || ixgrp != 0){
|
|
sprintf(st_audit_group->result, "The group has the permission to manipulate the file. Should be removed.");
|
|
st_audit_group->audit = FALSE;
|
|
}
|
|
else
|
|
st_audit_group->audit = TRUE;
|
|
|
|
/* Other */
|
|
int iroth = mode & S_IROTH;
|
|
int iwoth = mode & S_IWOTH;
|
|
int ixoth = mode & S_IXOTH;
|
|
if (iroth != 0 || iwoth != 0 || ixoth != 0){
|
|
sprintf(st_audit_other->result, "The other has the permission to manipulate the file. Should be removed.");
|
|
st_audit_other->audit = FALSE;
|
|
}
|
|
else
|
|
st_audit_other->audit = TRUE;
|
|
}
|
|
/*
|
|
* This function convert the mode_t value to human-readable value
|
|
*/
|
|
int convert_mode_t(mode_t mode){
|
|
int perm = 0;
|
|
|
|
/* Owner */
|
|
if (mode & S_IRUSR)
|
|
perm += 400;
|
|
if (mode & S_IWUSR)
|
|
perm += 200;
|
|
if (mode & S_IXUSR)
|
|
perm += 100;
|
|
/* Group */
|
|
if (mode & S_IRGRP)
|
|
perm += 40;
|
|
if (mode & S_IWGRP)
|
|
perm += 20;
|
|
if (mode & S_IXGRP)
|
|
perm += 10;
|
|
/* Other */
|
|
if (mode & S_IROTH)
|
|
perm += 4;
|
|
if (mode & S_IWOTH)
|
|
perm += 2;
|
|
if (mode & S_IXOTH)
|
|
perm += 1;
|
|
|
|
return perm;
|
|
}
|
|
/*
|
|
* This function retrieve the username from the uid_t passed in argument
|
|
*/
|
|
static void get_username(uid_t uid, char *username){
|
|
struct passwd *p;
|
|
p = getpwuid(uid);
|
|
if (p == NULL){
|
|
//printf("Failed to get the username from the UID\n");
|
|
strncpy(username, "Unknown", 8);
|
|
return;
|
|
}
|
|
strncpy(username, p->pw_name, 64);
|
|
}
|