#!/usr/bin/ruby
#
# Ensure that some critical directories are not world-writeable.
#



require 'yaml'


if __FILE__ ==  $PROGRAM_NAME

  def verbose(str)
    STDERR.puts(str)
  end

  to_raise = []

  %w( /etc /bin /sbin /usr/bin /usr/sbin ).each do |path|

    begin
      if File.world_writable? path
        h = {}
        h[:id]      = "insecure-path-#{path}-low"
        h[:summary] = "The directory #{path} is world-writeable."
        h[:detail]  = "<p>The directory <tt>#{path}</tt> is world-writeable allowing users to trivially become root.</p>"

        to_raise.push(h)
      end
    rescue NoMethodError
      verbose( "Test disabled due to old ruby" )
    end
  end

  # Show the output.
  puts YAML.dump(to_raise)
  exit(0)
end
