-
Title
vas_check_host.sh doesn't identify symbolic links -
Description
The vas_check_host.sh script provided with Quest Authentication Services does not identify symbolic links when checking file permissions.
Example:
[root@unixlab scripts]# ./vas_check_host.sh
other has write permissions on:
</etc/pam.d/system-auth>(lrwxrwxrwx)
That permission should be removed.
ISSUE: The system files/directories allow more access then they should.FIX: Change the permissions on the mentioned file(s)/directory(s).
ERROR: A critical error was found, the script will now exit.
If the information and suggestions in the previous output fail to lead to
resolving the issue, please contact Quest Support. When contacting Support,
please include a snapshot dump, script output, and steps taken with results.A quick check reveals that the file in question is a link and the target is indeed correct.
[root@unixlab scripts]# ls -l /etc/pam.d/system-auth
lrwxrwxrwx 1 root root 29 Jan 8 16:05 /etc/pam.d/system-auth -> /etc/pam.d/system-auth-ac-vas -
Resolution
The script is now deprecated, and been replaced with the vas_status.sh script which correctly identifies symbolic links when checking permissions. It will be removed in future packages of Authentication Services.
Please use the vas_status.sh script instead of vas_check_host.sh.