blob: 1909ed2cee91acc255d94428664c3c9a7d5b31e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/sh -
#
# @(#)security 5.3 (Berkeley) 5/28/91
# $Id: security,v 1.13 1996/06/30 19:35:20 alex Exp $
#
PATH=/sbin:/bin:/usr/bin
LC_ALL=C; export LC_ALL
separator () {
echo ""
echo ""
}
host=`hostname -s`
echo "Subject: $host security check output"
LOG=/var/log
TMP=/var/run/_secure.$$
umask 027
echo "checking setuid files and devices:"
# don't have ncheck, but this does the equivalent of the commented out block.
# note that one of the original problem, the possibility of overrunning
# the args to ls, is still here...
#
MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'`
set $MP
while test $# -ge 1; do
mount=$1
shift
find -X $mount -xdev -type f \
\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
\( -perm -u+s -or -perm -g+s \) | sort
done | xargs -n 20 ls -lgTd > $TMP
if [ ! -f $LOG/setuid.today ] ; then
separator
echo "no $LOG/setuid.today"
cp $TMP $LOG/setuid.today
fi
if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
separator
echo "$host setuid diffs:"
diff -b $LOG/setuid.today $TMP
mv $LOG/setuid.today $LOG/setuid.yesterday
mv $TMP $LOG/setuid.today
fi
separator
echo "checking for uids of 0:"
awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
# show denied packets
if ipfw -a l 2>/dev/null | egrep "deny|reject" > $TMP; then
if [ ! -f $LOG/ipfw.today ] ; then
separator
echo "no $LOG/ipfw.today"
cp $TMP $LOG/ipfw.today
fi
if cmp $LOG/ipfw.today $TMP >/dev/null; then :; else
separator
echo "$host denied packets:"
diff -b $LOG/ipfw.today $TMP | egrep "^>"
mv $LOG/ipfw.today $LOG/ipfw.yesterday
mv $TMP $LOG/ipfw.today
fi
fi
rm -f $TMP
|
