1 #!/usr/bin/env bash
  2 {
  3     l_output2=""
  4     l_pmask="0022"
  5     l_maxperm="$( printf '%o' $(( 0777 & ~$l_pmask )) )"
  6     l_root_path="$(sudo -Hiu root env | grep '^PATH' | cut -d= -f2)"
  7     unset a_path_loc && IFS=":" read -ra a_path_loc <<< "$l_root_path"
  8     grep -q "::" <<< "$l_root_path" && l_output2="$l_output2\n - root's path
  9     contains a empty directory (::)"
 10     grep -Pq ":\h*$" <<< "$l_root_path" && l_output2="$l_output2\n - root's
 11     path contains a trailing (:)"
 12     grep -Pq '(\h+|:)\.(:|\h*$)' <<< "$l_root_path" && l_output2="$l_output2\n
 13     - root's path contains current working directory (.)"
 14     while read -r l_path; do
 15         if [ -d "$l_path" ]; then
 16         while read -r l_fmode l_fown; do
 17             [ "$l_fown" != "root" ] && l_output2="$l_output2\n - Directory:
 18             \"$l_path\" is owned by: \"$l_fown\" should be owned by \"root\""
 19             [ $(( $l_fmode & $l_pmask )) -gt 0 ] && l_output2="$l_output2\n -
 20             Directory: \"$l_path\" is mode: \"$l_fmode\" and should be mode:
 21             \"$l_maxperm\" or more restrictive"
 22         done <<< "$(stat -Lc '%#a %U' "$l_path")"
 23         else
 24             l_output2="$l_output2\n - \"$l_path\" is not a directory"
 25         fi
 26     done <<< "$(printf "%s\n" "${a_path_loc[@]}")"
 27     if [ -z "$l_output2" ]; then
 28         echo -e "\n- Audit Result:\n *** PASS ***\n - Root's path is correctly
 29         configured\n"
 30     else
 31         echo -e "\n- Audit Result:\n ** FAIL **\n - * Reasons for audit
 32     failure * :\n$l_output2\n"
 33     fi
 34 }