diff options
author | sheldonh <sheldonh@FreeBSD.org> | 1999-09-13 15:44:20 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 1999-09-13 15:44:20 +0000 |
commit | d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663 (patch) | |
tree | f61d8b7d858e07792674c281853167482e6806c5 /etc/security | |
parent | 019fd9cb5fe17ed3ce93a28306ec3009d2a512f7 (diff) | |
download | FreeBSD-src-d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663.zip FreeBSD-src-d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663.tar.gz |
Apply a consistent style to most of the etc scripts. Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>
Diffstat (limited to 'etc/security')
-rw-r--r-- | etc/security | 54 |
1 files changed, 31 insertions, 23 deletions
diff --git a/etc/security b/etc/security index 0eb9ab3..f56073f 100644 --- a/etc/security +++ b/etc/security @@ -7,8 +7,8 @@ PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL separator () { - echo "" - echo "" + echo '' + echo '' } host=`hostname` @@ -21,25 +21,26 @@ umask 027 echo "checking setuid files and devices:" -# don't have ncheck, but this does the equivalent of the commented out block. -# note that one of the original problem, the possibility of overrunning +# Don't have ncheck, but this does the equivalent of the commented out block. +# Note that one of the original problems, the possibility of overrunning # the args to ls, is still here... # MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'` set ${MP} -while test $# -ge 1; do +while [ $# -ge 1 ]; do mount=$1 shift find $mount -xdev -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ - \( -perm -u+s -or -perm -g+s \) -print0 + \( -perm -u+s -or -perm -g+s \) -print0 done | xargs -0 -n 20 ls -lTd | sort +9 > ${TMP} -if [ ! -f ${LOG}/setuid.today ] ; then +if [ ! -f ${LOG}/setuid.today ]; then separator echo "no ${LOG}/setuid.today" cp ${TMP} ${LOG}/setuid.today fi + if cmp ${LOG}/setuid.today ${TMP} >/dev/null; then :; else separator echo "${host} setuid diffs:" @@ -56,25 +57,28 @@ separator echo "checking for passwordless accounts:" awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd -# show denied packets +# Show denied packets +# if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then - if [ ! -f ${LOG}/ipfw.today ] ; then + if [ ! -f ${LOG}/ipfw.today ]; then separator echo "no ${LOG}/ipfw.today" cp ${TMP} ${LOG}/ipfw.today fi + if cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then :; else separator - echo "${host} denied packets:" - diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + echo "${host} denied packets:" + diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday + mv ${TMP} ${LOG}/ipfw.today fi fi -# show ipfw rules which have reached the log limit +# Show ipfw rules which have reached the log limit +# IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` -if [ $? -eq 0 ] && [ ${IPFW_LOG_LIMIT} -ne 0 ]; then +if [ $? -eq 0 -a ${IPFW_LOG_LIMIT} -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s ${TMP} ]; then @@ -84,28 +88,32 @@ if [ $? -eq 0 ] && [ ${IPFW_LOG_LIMIT} -ne 0 ]; then fi fi -# show kernel log messages +# Show kernel log messages +# if dmesg 2>/dev/null > ${TMP}; then - if [ ! -f ${LOG}/dmesg.today ] ; then + if [ ! -f ${LOG}/dmesg.today ]; then separator echo "no ${LOG}/dmesg.today" cp ${TMP} ${LOG}/dmesg.today fi + if cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then :; else separator - echo "${host} kernel log messages:" - diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + echo "${host} kernel log messages:" + diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday + mv ${TMP} ${LOG}/dmesg.today fi fi -# show login failures +# Show login failures +# separator echo "${host} login failures:" grep -i "login failure" ${LOG}/messages -# show tcp_wrapper warning messages +# Show tcp_wrapper warning messages +# separator echo "${host} refused connections:" grep -i "refused connect" ${LOG}/messages |