Commit | Line | Data |
---|---|---|
525ea79f KB |
1 | #!/bin/sh - |
2 | # | |
8e55538e | 3 | # @(#)security 5.9 (Berkeley) %G% |
525ea79f KB |
4 | # |
5 | PATH=/sbin:/bin:/usr/bin | |
6 | ||
32e3fbdd | 7 | host=`hostname` |
525ea79f KB |
8 | echo "Subject: $host security check output" |
9 | ||
383148a3 KB |
10 | umask 22 |
11 | ||
8e55538e KB |
12 | echo "" |
13 | echo "Checking for uids of 0:" | |
14 | awk -F: "\$3==\"0\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd | |
15 | ||
16 | echo "" | |
17 | echo "Checking for uids without passwords:" | |
18 | awk -F: "\$2==\"\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd | |
19 | ||
20 | DONE=/tmp/_secure1.$$ | |
21 | LIST=/tmp/_secure2.$$ | |
22 | TMP=/tmp/_secure3.$$ | |
23 | ||
24 | trap 'rm -f $DONE $LIST $TMP' 0 | |
525ea79f | 25 | |
32e3fbdd | 26 | echo "" |
773dea30 | 27 | echo "Checking setuid files and devices:" |
8e55538e KB |
28 | (find /sbin \( ! -fstype local \) -a -prune -o \ |
29 | \( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l \) | \ | |
30 | sort | sed -e 's/^/ls -lgT /' | sh >$LIST) 2>$TMP | |
383148a3 | 31 | |
8e55538e | 32 | if [ -s $TMP ] ; then |
383148a3 | 33 | echo "$host setuid/device find errors:" |
8e55538e KB |
34 | cat $TMP |
35 | echo "" | |
383148a3 KB |
36 | fi |
37 | ||
8e55538e KB |
38 | if [ -s $LIST ] ; then |
39 | SETCUR=/var/log/setuid.current | |
40 | SETBACK=/var/log/setuid.backup | |
383148a3 | 41 | |
8e55538e KB |
42 | if [ -s $SETCUR ] ; then |
43 | if cmp -s $SETCUR $LIST ; then | |
44 | : | |
45 | else | |
46 | :> $DONE | |
47 | join -110 -210 -v2 $SETCUR $LIST >$TMP | |
48 | if [ -s $TMP ] ; then | |
49 | echo "$host setuid/device additions:" | |
50 | tee -a $DONE < $TMP | |
51 | echo "" | |
52 | fi | |
53 | ||
54 | join -110 -210 -v1 $SETCUR $LIST >$TMP | |
55 | if [ -s $TMP ] ; then | |
56 | echo "$host setuid/device deletions:" | |
57 | tee -a $DONE < $TMP | |
58 | echo "" | |
59 | fi | |
60 | ||
61 | sort +9 $DONE $SETCUR $LIST | uniq -u >$TMP | |
62 | if [ -s $TMP ] ; then | |
63 | echo "$host setuid/device changes:" | |
64 | cat $TMP | |
65 | echo "" | |
66 | fi | |
67 | ||
68 | mv $SETCUR $SETBACK | |
69 | mv $LIST $SETCUR | |
70 | fi | |
71 | else | |
72 | echo "$host setuid/device additions:" | |
73 | cat $LIST | |
74 | echo "" | |
75 | mv $LIST $SETCUR | |
76 | fi | |
525ea79f | 77 | fi |
525ea79f | 78 |