[ubuntu-hardened] home folder permissions

Jeff Schroeder jeffschroed at gmail.com
Sun Nov 25 00:07:37 GMT 2007


On Nov 24, 2007 3:20 PM, Nafallo Bjälevik <nafallo at magicalforest.se> wrote:
> You must have changed that yourself. 022 is the default umask on all yet
> released Ubuntu versions.
That actually is a Debian default (kind of strange I know).


http://www.digitalprognosis.com/opensource/scripts/lockdown-ubuntu.sh.txt
Here is a really basic script to fix some perms and remove the login
shells from a ton of system accounts that should not have them. Note
that I just change the dns to a new provider so if it is down, try
again in a day and it will be up.

Just tested it with Gutsy and it works.

All you really need from that script is:
# Non-root system level accounts have normal shells. Disable them
for user in `awk -F: '{if ($3 < 1000 && $3 != 0) print $1}' /etc/passwd`; do
    if [ "$(grep "^$user" /etc/passwd | awk -F: '{print $NF}')" =
'/bin/bash' ]; then
      usermod -s /bin/false $user && echo "Disabled shell for user: $user"
    fi
done

find /etc -maxdepth 1 -type d -name 'cron.*' | xargs chmod 750
find /home -maxdepth 1 -type d | egrep -v 'home$|lost\+found' | xargs chmod 750

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com



More information about the ubuntu-hardened mailing list