summaryrefslogtreecommitdiffstats
path: root/etc/security
Commit message (Collapse)AuthorAgeFilesLines
* Checking of denied zone transfers is now done indirk2001-04-211-7/+0
| | | | periodic/daily/470.status-named.
* Log denied IXFR, too.dirk2001-04-141-1/+1
| | | | MFC canidate.
* - Newer versions of bind log denied secondary zone tranfers withnate2001-04-131-1/+1
| | | | | | | | | 'denied AXFR', not 'unapproved AXFR'. This is an MFC candidate. PR: misc/26529 Submitted by: duwde@duwde.com.br
* Ignore comments in /etc/passwdbrian2001-03-171-1/+1
| | | | | PR: 25845 Submitted by: Udo Schweigert <ust@cert.siemens.de>
* Show denied secondary bind transfer attemptsbrian2001-02-081-0/+7
| | | | | | Submitted by: inTEXT Communications <glenn@intextonline.com> Ok'd by: imp, kris Not objected to by: freebsd-audit
* Pick up all messages* files less than two days old rather thanbrian2001-02-031-8/+9
| | | | | | | | | | just messages{,.0*} when looking for login failures and refused connections. PR: 23415 Mostly submitted by: phk Convert a few " "s to tabs while I'm here - for consistency.
* Apply a more consistent style to the echo statements in /etc/ scripts.dougb2000-12-171-8/+8
| | | | | | | | | | * Put quotes around each line * Single quotes for lines with no variable interpolation * Double quotes if there is * Capitalize each word that begins a line * Make echo -n 'Doing foo:' ... echo '.' more of a standard No functionality changes
* Add copyright notices. Other systems have been barrowing our /etc filesobrien2000-10-081-0/+25
| | | | w/o giving any credit.
* Sort the output of mountbrian2000-09-181-1/+1
| | | | | | Requested by: des Remove a redundant sed
* Another overhaul of the periodic stuff.brian2000-09-141-19/+44
| | | | | | | | | | | | | | | All periodic sub-scripts <larf> now have their return codes interpreted by periodic(8). Output may be masked based on variable values in periodic.conf. It's also now possible to email periodic output to arbitrary addresses, or to send it to a log file, examples of which can be found in newsyslog.conf. The upshot of it all should be no discernable changes to the default behaviour of periodic(8). PR: 21250
* Use ``diff -w'' for setuid.{to,yester}day comparisonsbrian2000-08-071-1/+1
| | | | rather than ``diff -b''.
* Get the security script to list the indoe numbers of the suid files.dwmalone2000-07-111-1/+1
| | | | | | | | | | I've seen some script kiddie tools out there that fake the timestamps but don't preserve the inode number. Note - this will cause a lot of output the first time it is run! PR: 18947 Reviewed by: Sheldon Hearn <sheldonh@uunet.co.za>
* Add -s -a and -m flags for supressing the subject line, ignoring amdbrian2000-06-231-6/+17
| | | | | mounts and ignoring mfs mounts. Default functionality stays the same.
* Add a step for showing changes in the way filesystems are mountedsheldonh2000-04-061-0/+17
| | | | | | | today from the way they were mounted yesterday. PR: 17155 Submitted by: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
* Do not report blocked out NIS password entries as passwordless.sheldonh2000-04-051-1/+1
| | | | Submitted by: "Sean O'Connell" <sean@stat.Duke.EDU>
* Test rotated logs for dangerous messages as well as currentphantom1999-12-201-2/+4
| | | | | PR: misc/12228 Submitted by: Philippe SCHACK <phschak@inba.fr>
* Do not misinterpret blank and comment lines as passwordless accounts.sheldonh1999-10-061-1/+1
| | | | | PR: 13909 Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
* The previous commit missed two unquoted variable expansions. This hadsheldonh1999-10-041-2/+2
| | | | | | | the unfortunate side-effect of breaking the security script for hosts without kernel support for IPFW. Fix. Reported by: jhay
* Apply a consistent style to most of the etc scripts. Particularly, usesheldonh1999-09-131-23/+31
| | | | | | | | | case instead of test where appropriate, since case allows case is a sh builtin and (as a side-effect) allows case-insensitivity. Changes discussed on freebsd-hackers. Submitted by: Doug Barton <Doug@gorean.org>
* $Id$ -> $FreeBSD$peter1999-08-271-1/+1
|
* Style clean-up:sheldonh1999-08-251-39/+39
| | | | | | | | | | | | | | | | * All variables are now embraced: ${foo} * All comparisons against some value now take the form: [ "${foo}" ? "value" ] where ? is a comparison operator * All empty string tests now take the form: [ -z "${foo}" ] * All non-empty string tests now take the form: [ -n "${foo}" ] Submitted by: jkh
* Ignore NIS accounts when checking for passwordless accounts.sheldonh1999-06-231-2/+2
| | | | | | PR: 9639 Reported by: Bob Willcox <bob@pmr.com> Submitted by: des
* Fix typo: "login failures" -> "login failure"danny1999-01-101-2/+2
| | | | | PR: 9424 Submitted by: Lars K*ller <root@cc.fh-lippe.de>
* Make periodic(8) and the security mailings reflect the full FQDN, as opposedbillf1999-01-011-2/+2
| | | | | | | | | to a hostname. This will help those who keep a cluster of machines all with the same hostname but different domain names. PR: bin/9091 Submitted By: Heikki Suonsivu <hsu@clinet.fi> No Response From: -current mailing list
* Fix typo in previous commit.des1998-08-161-2/+2
| | | | | PR: 7621 Submitted by: Mark Huizer
* Make /etc/security bitch about passwordless accounts.des1998-08-111-2/+6
| | | | Use awk -F: rather than 'BEGIN {FS=":"}'
* Detect user id 0 as a number instead of a string. String comparisonsalex1998-07-081-2/+2
| | | | | | | | fail to detect 00. PR: 7218 Submitted by: Michal Listos <mcl@Amnesiac.123.org> Niall Smart <rotel@indigo.ie>
* additionally warningsandreas1998-06-271-1/+11
| | | | | - login failures - tcp_wrapper messages about refused connections
* Display ipfw rules which have reached the log limit.alex1998-02-041-1/+13
|
* Changed ipfw grep string: reject rules are now listed as deny, reset,alex1997-09-261-2/+2
| | | | or unreach.
* Remove the annoying "cmp: EOF" message whenbrian1997-08-011-2/+2
| | | | dmesg changes.
* Remove the -g option from the "find ... | xargs -ls ..." line.mpp1997-03-031-2/+2
| | | | The -g option to ls has been depreciated.
* When looking for setuid files, call find with -print0 and xargs with -0.mpp1997-02-231-4/+4
| | | | | | | | | | | | | | This allows find to pass files with "illegal" characters to xargs in a safe manner. Note: due to the manner in which the file names are now passed between find and xargs, the files are now sorted differently than before. The first /etc/security run after installing this change may result in a lot of output when nothing did in fact change. Closes PR# 1910. 2.2 candidate.
* Revert $FreeBSD$ to $Id$peter1997-02-231-1/+1
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Whoops, update the comment field while we're at it. (I *hate* the linknate1996-10-121-2/+2
| | | | to freefall!)
* In the same manner that we log the ipfw entries, log the kernel lognate1996-10-121-1/+17
| | | | messages using the output of dmesg.
* Move intermediary file generation to /var partitionpst1996-07-311-2/+2
|
* If ipfw is enabled, display packet/byte counters for reject/deny rulesalex1996-06-301-4/+27
| | | | | | that have changed since the last security check. Make the spacing between sections more consistent.
* If a local ufs filesystem is mounted "nosuid", dont scan it as part ofpeter1996-06-301-2/+2
| | | | | | | the /etc/security setuid checks. This is useful for things like large news spool partitions that dont have executables. Reviewed by: pst
* Exclude devices. Character ones modes changes often and proper namesache1996-04-191-9/+4
| | | | guessing involves too much AI.
* Use -X to be xargs-friendlyache1996-04-181-3/+11
| | | | | | Check devices too, follow original BSD intention Find only executable files with s-bits, close PR bin/1022 Reset locale to C to have equal results in any case
* If no $LOG/setuid.today exists (f.e. first time to run), putache1995-09-151-1/+5
| | | | warning and make it, all following commands fails in old case
* Use -b for diff, ls produce different number of spacesache1995-05-271-2/+2
|
* Fix a bug, that someone has introduced into /etc/security. It has no longerats1995-01-141-2/+2
| | | | found SUID files, only SGID files. The find has missed some parantheses.
* From: rich@lamprey.UTMB.EDU (Rich Murphey)rgrimes1994-01-221-14/+3
| | | | | | | | | | | | | | | | Subject: Re: daily insecurity output (fwd) |From: rgrimes@agora.rain.com (Rodney Grimes) | |This is from the new /etc/security script. I no longer get the segmentation |violation, but now the arg list is too long, some /bin/sh program want to |fix the current /etc/security ls command so that it is a pipe insteal of |a back quoted arg? | |> checking setuid files and devices: |> /etc/security: ls: argument list too long This uses xargs instead. My slip line's down so I can't check it in at the moment. Rich
* When listing all suid and sgid files list the file itself rather thanrich1993-12-151-2/+2
| | | | directorty contents.
* Reworked the search for suid sgid programs to be more like the original andrgrimes1993-10-251-10/+8
| | | | | only to run find on local file systems. It now works and no longer gets the error from sort
* Fixed so that it scans for set uid/gid files. From Rich Murphy and NetBSD,rgrimes1993-09-061-12/+28
| | | | plus some tid bits from me.
* Fixed daily so that it no longer does accounting since FreeBSD does notrgrimes1993-08-071-0/+2
| | | | | yet have the accounting stuff in it. Disabled ncheck search in security due to missing ncheck.
OpenPOWER on IntegriCloud