aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYoann Vandoorselaere <yoann@mandriva.com>1999-12-27 16:29:51 +0000
committerYoann Vandoorselaere <yoann@mandriva.com>1999-12-27 16:29:51 +0000
commit400bffd28039227e43fef4229f7d8a0c54bf8256 (patch)
treeb0ad1b03cecd5073439bb0e7879f115f5a502f3a
parent5131eb47114909bdce4cebebc09a57a5a72ad039 (diff)
downloadmsec-400bffd28039227e43fef4229f7d8a0c54bf8256.tar
msec-400bffd28039227e43fef4229f7d8a0c54bf8256.tar.gz
msec-400bffd28039227e43fef4229f7d8a0c54bf8256.tar.bz2
msec-400bffd28039227e43fef4229f7d8a0c54bf8256.tar.xz
msec-400bffd28039227e43fef4229f7d8a0c54bf8256.zip
*** empty log message ***
-rw-r--r--ChangeLog5
-rwxr-xr-xcron-sh/diff_check.sh33
-rwxr-xr-xcron-sh/security.sh48
-rwxr-xr-xcron-sh/security_check.sh21
-rwxr-xr-xinit-sh/level0.sh2
-rwxr-xr-xinit-sh/level1.sh2
-rwxr-xr-xinit-sh/level2.sh2
-rwxr-xr-xinit-sh/level3.sh5
-rwxr-xr-xinit-sh/level4.sh3
-rwxr-xr-xinit-sh/level5.sh3
-rw-r--r--init-sh/perm.01
-rw-r--r--init-sh/perm.11
-rw-r--r--init-sh/perm.21
-rw-r--r--init-sh/perm.33
-rw-r--r--init-sh/perm.43
-rw-r--r--init-sh/perm.53
-rw-r--r--msec.spec6
17 files changed, 84 insertions, 58 deletions
diff --git a/ChangeLog b/ChangeLog
index 28b8ab0..e872102 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+1999-12-24 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+ * level[35]: also do a mail report.
+ * moved Syslog(), Ttylog(), Maillog() to security.sh
+ * security_check.sh & diff_check.sh now sourced from security.sh
+
1999-12-22 Yoann Vandoorselaere <yoann@mandrakesoft.com>
* init-sh/perm[15]: files should be constant in their content.
all entry should be in each perm file
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index f6cff92..9b548d6 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -17,27 +17,6 @@ fi
SECURITY_LOG="/var/log/security.log"
TMP=`mktemp /tmp/secure.XXXXXX`
-### Functions ###
-
-Syslog() {
- if [[ ${SYSLOG_WARN} == yes ]]; then
- cat ${1} | while read line; do
- /sbin/initlog --string="${line}"
- done
- fi
-}
-
-Ttylog() {
- if [[ ${TTY_WARN} == yes ]]; then
- for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
- cat ${1} > /dev/$i
- done
- fi
-}
-
-##################
-
-
### New Suid root files detection
if [[ ${CHECK_SUID_ROOT} == yes ]]; then
@@ -95,10 +74,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then
if ! diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF}; then
printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP}
- grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
+ grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
printf "\t\t- Added un-owned files : ${file}\n"
- done > ${TMP}
- grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
+ done >> ${TMP}
+ grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
printf "\t\t- Removed un-owned files : ${file}\n"
done >> ${TMP}
fi
@@ -110,7 +89,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
printf "\t\t- Added un-owned files : ${file}\n"
done >> ${TMP}
- grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
+ grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
printf "\t\t- Removed un-owned files : ${file}\n"
done >> ${TMP}
fi
@@ -161,8 +140,12 @@ if [[ -s ${TMP} ]]; then
Syslog ${TMP}
Ttylog ${TMP}
date=`date`
+
echo -e "\n\n*** Diff Check, ${date} ***\n" >> ${SECURITY_LOG}
cat ${TMP} >> ${SECURITY_LOG}
+
+ Maillog "*** Diff Check, ${date} ***" "${TMP}"
+
fi
if [[ -f ${TMP} ]]; then
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 10eb54b..9f97382 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -42,31 +42,31 @@ if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
-if [[ -s ${SUID_ROOT_TODAY} ]]; then
+if [[ -f ${SUID_ROOT_TODAY} ]]; then
mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY};
fi
-if [[ -s ${SUID_GROUP_TODAY} ]]; then
+if [[ -f ${SUID_GROUP_TODAY} ]]; then
mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY};
fi
-if [[ -s ${WRITEABLE_TODAY} ]]; then
+if [[ -f ${WRITEABLE_TODAY} ]]; then
mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY};
fi
-if [[ -s ${UNOWNED_USER_TODAY} ]]; then
+if [[ -f ${UNOWNED_USER_TODAY} ]]; then
mv ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY};
fi
-if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then
+if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then
mv ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY};
fi
-if [[ -s ${OPEN_PORT_TODAY} ]]; then
+if [[ -f ${OPEN_PORT_TODAY} ]]; then
mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
fi
-if [[ -s ${SUID_MD5_TODAY} ]]; then
+if [[ -f ${SUID_MD5_TODAY} ]]; then
mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
fi
@@ -82,15 +82,43 @@ cat ${SUID_ROOT_TODAY} | while read line; do
md5sum ${line}
done > ${SUID_MD5_TODAY}
+### Functions ###
-. /etc/security/msec/cron-sh/diff_check.sh
-. /etc/security/msec/cron-sh/security_check.sh
-
+Syslog() {
+ if [[ ${SYSLOG_WARN} == yes ]]; then
+ cat ${1} | while read line; do
+ /sbin/initlog --string="${line}"
+ done
+ fi
+}
+Ttylog() {
+ if [[ ${TTY_WARN} == yes ]]; then
+ for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
+ cat ${1} > /dev/$i
+ done
+ fi
+}
+Maillog() {
+ subject=${1}
+ text=${2}
+ if [[ ${MAIL_WARN} != yes ]]; then
+ return;
+ fi
+ if [[ -z ${MAIL_USER} ]]; then
+ return;
+ fi
+ if [[ -x /bin/mail ]]; then
+ cat ${text} | /bin/mail -s "${subject}" "${MAIL_USER}"
+ fi
+}
+##################
+. /etc/security/msec/cron-sh/diff_check.sh
+. /etc/security/msec/cron-sh/security_check.sh
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index bc0cd62..0c0948a 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -24,24 +24,6 @@ if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
-### Functions ###
-
-Syslog() {
- if [[ ${SYSLOG_WARN} == yes ]]; then
- cat ${1} | while read line; do
- /sbin/initlog --string="${line}"
- done
- fi
-}
-
-Ttylog() {
- if [[ ${TTY_WARN} == yes ]]; then
- for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
- cat ${1} > /dev/${i}
- done
- fi
-}
-
### Writeable file detection
if [[ ${CHECK_WRITEABLE} == yes ]]; then
if [[ -s ${WRITEABLE_TODAY} ]]; then
@@ -265,9 +247,12 @@ if [[ -s ${SECURITY} ]]; then
Syslog ${SECURITY}
Ttylog ${SECURITY}
date=`date`
+
echo -e "\n\n*** Security Check, ${date} ***\n" >> ${SECURITY_LOG}
cat ${SECURITY} >> ${SECURITY_LOG}
cat ${INFOS} >> ${SECURITY_LOG}
+
+ Maillog "*** Security Check, ${date} ***" "${SECURITY} ${INFOS}"
fi
if [[ -f ${SECURITY} ]]; then
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index 5f4d66b..1c1447f 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no."
AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : no."
AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : no."
+ AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : no."
AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf
# end security check
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index 2cab039..269873b 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no."
AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : no."
AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : no."
+ AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : no."
AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf
# end security check
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index a6b82c2..379776a 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no."
AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : no."
AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : no."
+ AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : yes."
AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
# end security check
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index 6f091fd..6be1a66 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -50,6 +50,9 @@ echo -e "\t- Check shadow file integrity : yes."
AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : yes."
AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : yes."
+ AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet
+ AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : yes."
AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
# end security check
@@ -82,4 +85,4 @@ rm -f ${tmpfile}
echo "done."
# Group were modified in lib.sh...
-grpconv \ No newline at end of file
+grpconv
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index f1a5b4c..6fbcf9b 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -59,6 +59,9 @@ echo -e "\t- Check shadow file integrity : yes."
AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : yes."
AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : yes."
+ AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet
+ AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : yes."
AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
# end security check
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index a8c50ff..f3752a6 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -50,6 +50,9 @@ echo -e "\t- Check shadow file integrity : yes."
AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning on tty : yes."
AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet
+echo -e "\t- Security warning by mail : yes."
+ AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet
+ AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet
echo -e "\t- Security warning in syslog : yes."
AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf
# end security check
diff --git a/init-sh/perm.0 b/init-sh/perm.0
index 5249019..d305e1d 100644
--- a/init-sh/perm.0
+++ b/init-sh/perm.0
@@ -26,6 +26,7 @@
/etc/hosts.equiv root.root 644
/etc/inetd.conf root.root 644
/etc/init.d/ root.root 755
+/etc/rc.d/init.d/syslog root.root 744
/etc/inittab root.root 644
/etc/ld.so.conf root.root 644
/etc/lilo.conf root.root 644
diff --git a/init-sh/perm.1 b/init-sh/perm.1
index 39ded6d..b0815fa 100644
--- a/init-sh/perm.1
+++ b/init-sh/perm.1
@@ -26,6 +26,7 @@
/etc/hosts.equiv root.root 644
/etc/inetd.conf root.root 644
/etc/init.d/ root.root 755
+/etc/rc.d/init.d/syslog root.root 744
/etc/inittab root.root 644
/etc/ld.so.conf root.root 644
/etc/lilo.conf root.root 644
diff --git a/init-sh/perm.2 b/init-sh/perm.2
index d8cbec2..e416827 100644
--- a/init-sh/perm.2
+++ b/init-sh/perm.2
@@ -26,6 +26,7 @@
/etc/hosts.equiv root.root 644
/etc/inetd.conf root.root 644
/etc/init.d/ root.root 755
+/etc/rc.d/init.d/syslog root.root 744
/etc/inittab root.root 644
/etc/ld.so.conf root.root 644
/etc/lilo.conf root.root 644
diff --git a/init-sh/perm.3 b/init-sh/perm.3
index 69f9fe5..17305d7 100644
--- a/init-sh/perm.3
+++ b/init-sh/perm.3
@@ -26,6 +26,7 @@
/etc/hosts.equiv root.root 644
/etc/inetd.conf root.root 644
/etc/init.d/ root.root 755
+/etc/rc.d/init.d/syslog root.root 700
/etc/inittab root.root 644
/etc/ld.so.conf root.root 644
/etc/lilo.conf root.root 644
@@ -40,7 +41,7 @@
/etc/ssh_host_key root.root 644
/etc/ssh_host_key.pub root.root 644
/etc/sshd_config root.root 644
-/etc/syslog.conf root.root 644
+/etc/syslog.conf root.adm 640
/etc/updatedb.conf root.root 644
/home/ root.root 755
/home/* current 700
diff --git a/init-sh/perm.4 b/init-sh/perm.4
index d976e49..8df0c23 100644
--- a/init-sh/perm.4
+++ b/init-sh/perm.4
@@ -25,7 +25,8 @@
/etc/hosts.deny root.adm 640
/etc/hosts.equiv root.adm 640
/etc/inetd.conf root.adm 640
-/etc/init.d/ root.root 750
+/etc/rc.d/init.d/ root.adm 750
+/etc/rc.d/init.d/syslog root.adm 740
/etc/inittab root.adm 640
/etc/ld.so.conf root.adm 640
/etc/lilo.conf root.adm 600
diff --git a/init-sh/perm.5 b/init-sh/perm.5
index ec1b9b9..5765340 100644
--- a/init-sh/perm.5
+++ b/init-sh/perm.5
@@ -25,7 +25,8 @@
/etc/hosts.deny root.root 600
/etc/hosts.equiv root.root 600
/etc/inetd.conf root.root 600
-/etc/init.d/ root.root 700
+/etc/rc.d/init.d/ root.root 700
+/etc/rc.d/init.d/syslog root.root 700
/etc/inittab root.root 600
/etc/ld.so.conf root.root 600
/etc/lilo.conf root.root 600
diff --git a/msec.spec b/msec.spec
index d439ec4..65b50c8 100644
--- a/msec.spec
+++ b/msec.spec
@@ -4,7 +4,7 @@
Summary: Security Level & Program for the Linux Mandrake distribution
Name: msec
Version: %{version}
-Release: 8mdk
+Release: 10mdk
Source: %{name}-%{version}.tar.bz2
Copyright: GPL
Group: System Environment/Base
@@ -41,6 +41,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Dec 24 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
+- Use the mail user variable.
+- level[35]: also do a mail report.
+- moved Syslog(), Ttylog(), Maillog() to security.sh
+- security_check.sh & diff_check.sh now sourced from security.sh
- Typo / bug fix
- init-sh/perm[15]: files should be constant in their content.
all entry should be in each perm file