SCCS-vsn: etc/security 5.8
-# @(#)security 5.7 (Berkeley) %G%
+# @(#)security 5.8 (Berkeley) %G%
#
PATH=/sbin:/bin:/usr/bin
host=`hostname`
echo "Subject: $host security check output"
#
PATH=/sbin:/bin:/usr/bin
host=`hostname`
echo "Subject: $host security check output"
+TMP1=/tmp/_secure1.$$
+TMP2=/tmp/_secure2.$$
echo ""
echo "Checking setuid files and devices:"
echo ""
echo "Checking setuid files and devices:"
-find / \( ! -fstype local \) -a -prune -o \
- \( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l \) \
- -a -exec /bin/ls -cgl {} \; 2>&1 > $TMP
-
-if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
- echo "$host setuid/device diffs:"
- diff $LOG/setuid.today $TMP
- mv $LOG/setuid.today $LOG/setuid.yesterday
- mv $TMP $LOG/setuid.today
+(find / \( ! -fstype local \) -a -prune -o \( -perm -u+s -o -perm -g+s \
+ -o ! -type d -a ! -type f -a ! -type l \) | sort >$TMP1) 2>$TMP2
+
+if [ -s $TMP2 ] ; then
+ echo "$host setuid/device find errors:"
+ cat $TMP2
+ echo ""; echo ""
+fi
+
+if cmp $LOG/setuid.today $TMP1 >/dev/null; then :; else
+ echo "$host setuid/device additions:"
+ ls -lgT `join -v1 $LOG/setuid.today $TMP1`
+ echo ""; echo ""
+ echo "$host setuid/device deletions:"
+ ls -lgT `join -v2 $LOG/setuid.today $TMP1`
+
+ mv $LOG/setuid.current $LOG/setuid.backup
+ mv $TMP1 $LOG/setuid.current