#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
#  File permissions
#
#################################################################################
#
    InsertSection "System Tools"
#
#################################################################################
#

    counttests
    SCANNEDPATHS=""
    Display --indent 2 --text "- Checking system binaries..."
    logtext "Starting binary scan..."
    for SCANDIR in ${BINPATHS}; do
        logtext "Test: Checking binaries in directory ${SCANDIR}"
        if [ -d ${SCANDIR} ]; then
	    Display --indent 4 --text "- Checking ${SCANDIR}... " --result FOUND --color GREEN
            SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
            logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
    	    FIND=`ls ${SCANDIR}`
	    for I in ${FIND}; do
	      logtext "Binary: ${SCANDIR}/${I}"
    	    done
          else
	    Display --indent 4 --text "- Checking ${SCANDIR}... " --result "NOT FOUND" --color WHITE
            logtext "Directory ${SCANDIR} does NOT exist."
        fi
        logtextbreak
    done

    logtext "Scanned directories: ${SCANNEDPATHS}"
    logtextbreak

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

    counttests

    Display --indent 2 --text "- Starting file permissions check..."
    logtext "Test: Checking file permissions"
    logtext "Using profile ${PROFILE} for baseline."
    FIND=`cat ${PROFILE} | egrep '^permfile:|^permdir:' | cut -d: -f2`
    for I in ${FIND}; do

      logtext "Checking ${I}"
      CheckFilePermissions ${I}
      logtext "  Expected permissions: ${PROFILEVALUE}"
      logtext "  Actual permissions: ${FILEVALUE}"
      logtext "  Result: $PERMS"
      if [ "${PERMS}" = "FILE_NOT_FOUND" ]; then
	  Display --indent 4 --text "${I}" --result "NOT FOUND" --color WHITE
	elif [ "${PERMS}" = "OK" ]; then
	  Display --indent 4 --text "${I}" --result OK --color GREEN
	elif [ "${PERMS}" = "BAD" ]; then
	  Display --indent 4 --text "${I}" --result WARNING --color RED
	else
	  echo "UNKNOWN"
      fi
    done
    

#YYY enter file checks here
#

logtextbreak

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
