etc/security

   1 #!/bin/sh -
   2 #
   3 #       @(#)security    5.3 (Berkeley) 5/28/91
   4 #       $Id: security,v 1.22 1997/09/26 01:38:30 alex Exp $
   5 #
   6 PATH=/sbin:/bin:/usr/bin
   7 LC_ALL=C; export LC_ALL
   8
   9 separator () {
  10         echo ""
  11         echo ""
  12 }
  13
  14 host=`hostname -s`
  15 echo "Subject: $host security check output"
  16
  17 LOG=/var/log
  18 TMP=/var/run/_secure.$$
  19
  20 umask 027
  21
  22 echo "checking setuid files and devices:"
  23
  24 # don't have ncheck, but this does the equivalent of the commented out block.
  25 # note that one of the original problem, the possibility of overrunning
  26 # the args to ls, is still here...
  27 #
  28 MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'`
  29 set $MP
  30 while test $# -ge 1; do
  31         mount=$1
  32         shift
  33         find $mount -xdev -type f \
  34                 \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
  35                 \( -perm -u+s -or -perm -g+s \)  -print0
  36 done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
  37
  38 if [ ! -f $LOG/setuid.today ] ; then
  39         separator
  40         echo "no $LOG/setuid.today"
  41         cp $TMP $LOG/setuid.today
  42 fi
  43 if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
  44         separator
  45         echo "$host setuid diffs:"
  46         diff -b $LOG/setuid.today $TMP
  47         mv $LOG/setuid.today $LOG/setuid.yesterday
  48         mv $TMP $LOG/setuid.today
  49 fi
  50
  51 separator
  52 echo "checking for uids of 0:"
  53 awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
  54
  55 # show denied packets
  56 if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then
  57         if [ ! -f $LOG/ipfw.today ] ; then
  58                 separator
  59                 echo "no $LOG/ipfw.today"
  60                 cp $TMP $LOG/ipfw.today
  61         fi
  62         if cmp $LOG/ipfw.today $TMP >/dev/null; then :; else
  63                 separator
  64                 echo "$host denied packets:"
  65                 diff -b $LOG/ipfw.today $TMP | egrep "^>"
  66                 mv $LOG/ipfw.today $LOG/ipfw.yesterday
  67                 mv $TMP $LOG/ipfw.today
  68         fi
  69 fi
  70
  71 # show ipfw rules which have reached the log limit
  72 IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
  73 if [ $? -eq 0 ] && [ $IPFW_LOG_LIMIT -ne 0 ]; then
  74         ipfw -a l | grep " log " | perl -n -e \
  75                 '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > $TMP
  76         if [ -s $TMP ]; then
  77                 separator
  78                 echo "ipfw log limit reached:"
  79                 cat $TMP
  80         fi
  81 fi
  82
  83 # show kernel log messages
  84 if dmesg 2>/dev/null > $TMP; then
  85         if [ ! -f $LOG/dmesg.today ] ; then
  86                 separator
  87                 echo "no $LOG/dmesg.today"
  88                 cp $TMP $LOG/dmesg.today
  89         fi
  90         if cmp $LOG/dmesg.today $TMP >/dev/null 2>&1; then :; else
  91                 separator
  92                 echo "$host kernel log messages:"
  93                 diff -b $LOG/dmesg.today $TMP | egrep "^>"
  94                 mv $LOG/dmesg.today $LOG/dmesg.yesterday
  95                 mv $TMP $LOG/dmesg.today
  96         fi
  97 fi
  98
  99 rm -f $TMP