diff options
| author | Frederic Lepied <flepied@mandriva.com> | 2002-02-14 00:53:31 +0000 |
|---|---|---|
| committer | Frederic Lepied <flepied@mandriva.com> | 2002-02-14 00:53:31 +0000 |
| commit | 243db9ef7ae3fc061fc841c51b8c6f20490b3df7 (patch) | |
| tree | 25bbd8e9c6381837ec45326ec1487306c8f89547 | |
| parent | f5f8da18b3aeca5175bbf09f66938190c1ee67fc (diff) | |
| download | msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.gz msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.bz2 msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.xz msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.zip | |
use ip to detect promiscuous mode with 2.4 kernels.
| -rwxr-xr-x | cron-sh/promisc_check.sh | 52 |
1 files changed, 20 insertions, 32 deletions
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh index ec0526d..9a6c3dd 100755 --- a/cron-sh/promisc_check.sh +++ b/cron-sh/promisc_check.sh @@ -3,18 +3,6 @@ # Writen by Vandoorselaere Yoann, # <yoann@mandrakesoft.com> -if [[ -f /etc/security/msec/security.conf ]]; then - . /etc/security/msec/security.conf -else - echo "/etc/security/msec/security.conf doesn't exist." - exit 1 -fi - -if tail /var/log/security.log | grep -q "promiscuous"; then - # Dont flood with warning. - exit 0 -fi - Syslog() { if [[ ${SYSLOG_WARN} == yes ]]; then /sbin/initlog --string="${1}" @@ -23,15 +11,12 @@ Syslog() { Ttylog() { if [[ ${TTYLOG_WARN} == yes ]]; then - w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do + w | grep -v "load\|TTY" | grep '^root' | awk '{print $2}' | while read line; do echo -e "${1}" > /dev/$i done fi } -# Check if a network interface is in promiscuous mode... -PROMISC="/usr/bin/promisc_check -q" - LogPromisc() { date=`date` Syslog "Security warning : $1 is in promiscuous mode." @@ -42,30 +27,33 @@ LogPromisc() { echo " A sniffer is probably running on your system." >> /var/log/security.log } + +if [[ -f /etc/security/msec/security.conf ]]; then + . /etc/security/msec/security.conf +else + echo "/etc/security/msec/security.conf doesn't exist." + exit 1 +fi + +if tail /var/log/security.log | grep -q "promiscuous"; then + # Dont flood with warning. + exit 0 +fi + +# Check if a network interface is in promiscuous mode... if [[ -f /etc/security/msec/security.conf ]]; then . /etc/security/msec/security.conf else - exit 1 + exit 1 fi if [[ ${CHECK_PROMISC} == no ]]; then - exit 0; + exit 0; fi -for INTERFACE in `${PROMISC}`; do - LogPromisc ${INTERFACE} +for INTERFACE in `ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do + LogPromisc ${INTERFACE} done - - - - - - - - - - - - +# promisc_check.sh ends here |