file_owner, file_groupowner, file_permission changed to not follow symlinks

linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh

@@ -5,5 +5,5 @@ useradd user_test
 TESTDIR="/usr/lib/"
 
 # The check ignores this symlink and results in pass
-ln -s $TESTDIR/mising_test_file $TESTDIR/faulty_symlink
+ln -s $TESTDIR/missing_test_file $TESTDIR/faulty_symlink
 chown -h user_test $TESTDIR/faulty_symlink

linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/dir_symlink_incorrect_dir_perm.pass.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+useradd user_test
+TESTDIR="/usr/lib/"
+
+# Ensure everything is all right
+chmod -R u-s,g-ws,o-wt /lib /lib64 /usr/lib /usr/lib64
+
+# Let's setup a symlink to a directory,whose permissions are incompliant
+
+# Directory with incorrect perms
+mkdir /home/user_test/directory
+chmod 0766 /home/user_test/directory
+
+# File with correct perms
+touch /home/user_test/directory/test_file
+chmod 0755 /home/user_test/directory/test_file
+
+ln -s /home/user_test $TESTDIR/user_test_home

linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/dir_symlink_incorrect_file_perm.pass.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+useradd user_test
+TESTDIR="/usr/lib/"
+
+# Ensure everything is all right
+chmod -R u-s,g-ws,o-wt /lib /lib64 /usr/lib /usr/lib64
+
+# Let's setup a symlink to a directory that contains an incomplient file
+
+# Directory with correct perms
+mkdir /home/user_test/directory
+chmod 0755 /home/user_test/directory
+
+# File with incorrect perms
+touch /home/user_test/directory/test_file
+chmod 0766 /home/user_test/directory/test_file
+
+ln -s /home/user_test $TESTDIR/user_test_home

linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/file_symlink_incorrect_target_perm.pass.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+useradd user_test
+TESTDIR="/usr/lib/"
+
+# Ensure everything is all right
+chmod -R u-s,g-ws,o-wt /lib /lib64 /usr/lib /usr/lib64
+
+# Let's setup a symlink to a file, whose permissions are incompliant
+
+# File with incorrect perms
+touch /home/user_test/test_file
+chmod 0766 /home/user_test/test_file
+
+ln -s /home/user_test/test_file $TESTDIR/user_test_home

shared/templates/file_groupowner/ansible.template

@@ -15,7 +15,7 @@
 {{%- endif %}}
 
 - name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
-  command: 'find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -gid {{{ FILEGID }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
+  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -gid {{{ FILEGID }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
   register: files_found
   changed_when: False
   failed_when: False

shared/templates/file_groupowner/bash.template

@@ -15,7 +15,7 @@
 {{%- if FILE_REGEX %}}
 find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -gid {{{ FILEGID }}} -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chgrp {{{ FILEGID }}} {} \;
 {{% else %}}
-find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chgrp {{{ FILEGID }}} {} \;
+find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chgrp {{{ FILEGID }}} {} \;
 {{%- endif %}}
 {{%- else %}}
 chgrp {{{ FILEGID }}} {{{ path }}}

shared/templates/file_groupowner/oval.template

@@ -22,10 +22,9 @@
   <unix:file_object comment="{{{ filepath }}}" id="object_file_groupowner{{{ FILEID }}}_{{{ loop.index0 }}}" version="1">
     {{%- if IS_DIRECTORY -%}}
       {{%- if RECURSIVE %}}
-      <unix:path operation="pattern match">^{{{ filepath[:-1] }}}</unix:path>
-      {{%- else %}}
-      <unix:path>{{{ filepath[:-1] }}}</unix:path>
+      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" />
       {{%- endif %}}
+      <unix:path>{{{ filepath[:-1] }}}</unix:path>
       {{%- if FILE_REGEX %}}
       <unix:filename operation="pattern match">{{{ FILE_REGEX[loop.index0] }}}</unix:filename>
       {{%- else %}}

shared/templates/file_owner/ansible.template

@@ -15,7 +15,7 @@
 {{%- endif %}}
 
 - name: Find {{{ path }}} file(s) matching {{{ FILE_REGEX[loop.index0] }}}{{% if RECURSIVE %}} recursively{{% endif %}}
-  command: 'find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
+  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regex "{{{ FILE_REGEX[loop.index0] }}}"'
   register: files_found
   changed_when: False
   failed_when: False

shared/templates/file_owner/bash.template

@@ -15,7 +15,7 @@
 {{%- if FILE_REGEX %}}
 find {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type f ! -uid {{{ FILEUID }}} -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chown {{{ FILEUID }}} {} \;
 {{%- else %}}
-find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chown {{{ FILEUID }}} {} \;
+find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} -type d -exec chown {{{ FILEUID }}} {} \;
 {{%- endif %}}
 {{%- else %}}
 chown {{{ FILEUID }}} {{{ path }}}

shared/templates/file_owner/oval.template

@@ -22,10 +22,9 @@
   <unix:file_object comment="{{{ filepath }}}" id="object_file_owner{{{ FILEID }}}_{{{ loop.index0 }}}" version="1">
     {{%- if IS_DIRECTORY -%}}
       {{%- if RECURSIVE %}}
-      <unix:path operation="pattern match">^{{{ filepath[:-1] }}}</unix:path>
-      {{%- else %}}
-      <unix:path>{{{ filepath[:-1] }}}</unix:path>
+      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" />
       {{%- endif %}}
+      <unix:path>{{{ filepath[:-1] }}}</unix:path>
       {{%- if FILE_REGEX %}}
       <unix:filename operation="pattern match">{{{ FILE_REGEX[loop.index0] }}}</unix:filename>
       {{%- else %}}

shared/templates/file_permissions/ansible.template

@@ -21,7 +21,7 @@
 {{%- endif %}}
 
 - name: Find {{{ path }}} file(s){{% if RECURSIVE %}} recursively{{% endif %}}
-  command: 'find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type f -regex "{{{ FILE_REGEX[loop.index0] }}}"'
+  command: 'find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type f -regex "{{{ FILE_REGEX[loop.index0] }}}"'
   register: files_found
   changed_when: False
   failed_when: False

shared/templates/file_permissions/bash.template

@@ -19,9 +19,9 @@
 {{% for path in FILEPATH %}}
 {{%- if IS_DIRECTORY %}}
 {{%- if FILE_REGEX %}}
-find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
+find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type f -regex '{{{ FILE_REGEX[loop.index0] }}}' -exec chmod {{{ FILEMODE }}} {} \;
 {{%- else %}}
-find -L {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type d -exec chmod {{{ FILEMODE }}} {} \;
+find -H {{{ path }}} {{{ FIND_RECURSE_ARGS }}} {{{ PERMS }}} -type d -exec chmod {{{ FILEMODE }}} {} \;
 {{%- endif %}}
 {{%- else %}}
 chmod {{{ FILEMODE }}} {{{ path }}}

shared/templates/file_permissions/oval.template

@@ -26,10 +26,9 @@
   <unix:file_object comment="{{{ filepath }}}" id="object_file_permissions{{{ FILEID }}}_{{{ loop.index0 }}}" version="1">
     {{%- if IS_DIRECTORY %}}
       {{%- if RECURSIVE %}}
-      <unix:path operation="pattern match">^{{{ filepath[:-1] }}}</unix:path>
-      {{%- else %}}
-      <unix:path>{{{ filepath[:-1] }}}</unix:path>
+      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" />
       {{%- endif %}}
+      <unix:path>{{{ filepath[:-1] }}}</unix:path>
       {{%- if FILE_REGEX %}}
       <unix:filename operation="pattern match">{{{ FILE_REGEX[loop.index0] }}}</unix:filename>
       {{%- else %}}