How do i output the result of my command in this script?

Question

if [ "$(stat -c "%a" /etc/crontab)" == "644" ]
then
  echo "Is there a vulnerability: No, Permission set on /etc/crontab file is correct."
else
  echo "Is there a vulnerability: Yes, Permission set on /etc/crontab file is incorrect. echo awk -F: $(stat -c "%a" /etc/crontab)"
fi

This is an audit script i am working on, and I would like to output the current Permissions of the /etc/crontab file, if it is not equals to chmod 644. I've tried many methods to no avail. I am doing this in a RHEL 7 server if it matters.

`echo "Is there a vulnerability: Yes, Permission set on /etc/crontab file is incorrect. echo awk -F: $(stat -c "%a" /etc/crontab)"`. Should it be `echo "Is there a vulnerability: Yes, Permission set on /etc/crontab file is incorrect : $(stat -c "%a" /etc/crontab)"` ? (without `awk -F:`) — anishsane, Nov 13 '19 at 08:36
The code looks fine and works for me. Beside this you should considered using the recommended arithmetic context in `Bash`: `if (( "$(stat -c "%a" /etc/crontab)" == 644 )); then echo "Vulnerability"; fi`. — stephanmg, Nov 13 '19 at 08:38
See also https://stackoverflow.com/questions/18668556/comparing-numbers-in-bash. — stephanmg, Nov 13 '19 at 08:38
Can you share the output of `stat -c "%a" /etc/crontab` ? Given that this is audit script, might be that the file has more restricted permission than 0644, which should be OK for the audit purpose (e.g., 0600, or even 0400). — dash-o, Nov 13 '19 at 09:24

score 1 · Answer 1 · answered Nov 13 '19 at 09:24

1

This should be the most correct way to do what you want

#!/bin/bash

if (( $(stat -c "%a" /etc/crontab) == 644 ))
then
  echo "Is there a vulnerability: No, Permission set on /etc/crontab file is correct."
else
  echo "Is there a vulnerability: Yes, Permission set on /etc/crontab file is incorrect: $(stat -c "%a" /etc/crontab)"
fi

answered Nov 13 '19 at 09:24

Francesco Gasparetto

1,819
16
20

That's what I wrote in my comment above, though. – stephanmg Nov 13 '19 at 09:25
1

Your comment pointed out the numeric compare and it's right, another comment fixed the awk command substitution, also right. This is the whole solution, with the correct syntax, not just one part – Francesco Gasparetto Nov 13 '19 at 09:31

Romeo Ninov · Answer 2 · 2019-11-13T09:24:30.170

0

When you compare numbers in bash you should use -eq instead of ==. So your if from this:

if [ "$(stat -c "%a" /etc/crontab)" == "644" ]

must be

if [ "$(stat -c "%a" /etc/crontab)" -eq "644" ]

And in this line

 echo "Is there a vulnerability: Yes, Permission set on /etc/crontab file is incorrect. echo awk -F: $(stat -c "%a" /etc/crontab)"

you should remove quotes around %a

edited Nov 13 '19 at 09:24

answered Nov 13 '19 at 08:43

Romeo Ninov

6,538
1
22
31

Does this answer solve the problem of the questioner? – Cyrus Nov 13 '19 at 09:18
@Cyrus, IMO yes. – Romeo Ninov Nov 13 '19 at 09:22
I'd say maybe, as I pointed out both methods work for me on my two test boxes. – stephanmg Nov 13 '19 at 09:24

How do i output the result of my command in this script?

2 Answers2