Fix to issue #140

simp · Mar 2, 2020 · d479bae · d479bae
1 parent 4bb97f5
commit d479bae
Showing 1 changed file with 3 additions and 17 deletions.
diff --git a/controls/V-72027.rb b/controls/V-72027.rb
@@ -58,24 +58,10 @@
   ignore_shells = non_interactive_shells.join('|')
 
   findings = Set[]
-
- allowed_users = %w(user1 user2 user3)
-
-users.where { uid > 1000 && uid < 65534 }.usernames.sort.each do |u|
-  describe user(u) do
-    if allowed_users.include?(u)
-      it { should exist }
-    else
-      it { should_not exist }
-    end
+  users.where{ !shell.match(ignore_shells) && (uid >= 1000 || uid == 0)}.entries.each do |user_info|
+    next if exempt_home_users.include?("#{user_info.username}")
+    findings = findings + command("find #{user_info.home} -xdev ! -name '.*' -perm /027 ! -type l").stdout.split("\n")
   end
-end
-
-  #describe users.where{ }.entries.each do |user_info|
-  #users.where{ !shell.match(ignore_shells) && (uid >= 1000 || uid == 0)}.entries.each do |user_info|
-  #  next if exempt_home_users.include?("#{user_info.username}")
-  #  findings = findings + command("find #{user_info.home} -xdev ! -name '.*' -perm /027 ! -type l").stdout.split("\n")
-  #end
   describe "Home directories with excessive permissions" do
     subject { findings.to_a }
     it { should be_empty }