[unix-history] / usr / src / etc / security

#!/bin/sh -
#
#	@(#)security	5.9 (Berkeley) %G%
#
PATH=/sbin:/bin:/usr/bin

host=`hostname`
echo "Subject: $host security check output"

umask 22

echo ""
echo "Checking for uids of 0:"
awk -F: "\$3==\"0\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd

echo ""
echo "Checking for uids without passwords:"
awk -F: "\$2==\"\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd

DONE=/tmp/_secure1.$$
LIST=/tmp/_secure2.$$
TMP=/tmp/_secure3.$$

trap 'rm -f $DONE $LIST $TMP' 0

echo ""
echo "Checking setuid files and devices:"
(find /sbin \( ! -fstype local \) -a -prune -o \
    \( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l \) | \
    sort | sed -e 's/^/ls -lgT /' | sh >$LIST) 2>$TMP

if [ -s $TMP ] ; then
	echo "$host setuid/device find errors:"
	cat $TMP
	echo ""
fi

if [ -s $LIST ] ; then
	SETCUR=/var/log/setuid.current
	SETBACK=/var/log/setuid.backup

	if [ -s $SETCUR ] ; then
		if cmp -s $SETCUR $LIST ; then
			:
		else
			:> $DONE
			join -110 -210 -v2 $SETCUR $LIST >$TMP
			if [ -s $TMP ] ; then
				echo "$host setuid/device additions:"
				tee -a $DONE < $TMP
				echo ""
			fi

			join -110 -210 -v1 $SETCUR $LIST >$TMP
			if [ -s $TMP ] ; then
				echo "$host setuid/device deletions:"
				tee -a $DONE < $TMP
				echo ""
			fi

			sort +9 $DONE $SETCUR $LIST | uniq -u >$TMP
			if [ -s $TMP ] ; then
				echo "$host setuid/device changes:"
				cat $TMP
				echo ""
			fi

			mv $SETCUR $SETBACK
			mv $LIST $SETCUR
		fi
	else
		echo "$host setuid/device additions:"
		cat $LIST
		echo ""
		mv $LIST $SETCUR
	fi
fi
Commit	Line	Data
525ea79f KB	1	#!/bin/sh -
525ea79f KB	2	#
8e55538e	3	# @(#)security 5.9 (Berkeley) %G%
525ea79f KB	4	#
	5	PATH=/sbin:/bin:/usr/bin
	6
32e3fbdd	7	host=`hostname`
525ea79f KB	8	echo "Subject: $host security check output"
525ea79f KB	9
383148a3 KB	10	umask 22
383148a3 KB	11
8e55538e KB	12	echo ""
	13	echo "Checking for uids of 0:"
	14	awk -F: "\$3==\"0\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd
	15
	16	echo ""
	17	echo "Checking for uids without passwords:"
	18	awk -F: "\$2==\"\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd
	19
	20	DONE=/tmp/_secure1.$$
	21	LIST=/tmp/_secure2.$$
	22	TMP=/tmp/_secure3.$$
	23
	24	trap 'rm -f $DONE $LIST $TMP' 0
525ea79f	25
32e3fbdd	26	echo ""
773dea30	27	echo "Checking setuid files and devices:"
8e55538e KB	28	(find /sbin \( ! -fstype local \) -a -prune -o \
	29	\( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l \) \| \
	30	sort \| sed -e 's/^/ls -lgT /' \| sh >$LIST) 2>$TMP
383148a3	31
8e55538e	32	if [ -s $TMP ] ; then
383148a3	33	echo "$host setuid/device find errors:"
8e55538e KB	34	cat $TMP
8e55538e KB	35	echo ""
383148a3 KB	36	fi
383148a3 KB	37
8e55538e KB	38	if [ -s $LIST ] ; then
	39	SETCUR=/var/log/setuid.current
	40	SETBACK=/var/log/setuid.backup
383148a3	41
8e55538e KB	42	if [ -s $SETCUR ] ; then
	43	if cmp -s $SETCUR $LIST ; then
	44	:
	45	else
	46	:> $DONE
	47	join -110 -210 -v2 $SETCUR $LIST >$TMP
	48	if [ -s $TMP ] ; then
	49	echo "$host setuid/device additions:"
	50	tee -a $DONE < $TMP
	51	echo ""
	52	fi
	53
	54	join -110 -210 -v1 $SETCUR $LIST >$TMP
	55	if [ -s $TMP ] ; then
	56	echo "$host setuid/device deletions:"
	57	tee -a $DONE < $TMP
	58	echo ""
	59	fi
	60
	61	sort +9 $DONE $SETCUR $LIST \| uniq -u >$TMP
	62	if [ -s $TMP ] ; then
	63	echo "$host setuid/device changes:"
	64	cat $TMP
	65	echo ""
	66	fi
	67
	68	mv $SETCUR $SETBACK
	69	mv $LIST $SETCUR
	70	fi
	71	else
	72	echo "$host setuid/device additions:"
	73	cat $LIST
	74	echo ""
	75	mv $LIST $SETCUR
	76	fi
525ea79f	77	fi
525ea79f	78