diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-09-09 00:03:00 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-09-09 00:03:00 +0000 |
| commit | d8c7abe367ab0ed3b698ca6d71ff17f1d102f083 (patch) | |
| tree | a7fa718385bcface27e971da0a6009fe5ed6b126 /cron-sh/scripts/05_access.sh | |
| parent | 92cac6c3193c86dda3be4b409592bfec9c7a40e0 (diff) | |
| download | msec-d8c7abe367ab0ed3b698ca6d71ff17f1d102f083.tar msec-d8c7abe367ab0ed3b698ca6d71ff17f1d102f083.tar.gz msec-d8c7abe367ab0ed3b698ca6d71ff17f1d102f083.tar.bz2 msec-d8c7abe367ab0ed3b698ca6d71ff17f1d102f083.tar.xz msec-d8c7abe367ab0ed3b698ca6d71ff17f1d102f083.zip | |
create check summary report
Diffstat (limited to 'cron-sh/scripts/05_access.sh')
| -rwxr-xr-x | cron-sh/scripts/05_access.sh | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh index b66e87f..2b35d8c 100755 --- a/cron-sh/scripts/05_access.sh +++ b/cron-sh/scripts/05_access.sh @@ -22,6 +22,7 @@ fi if [[ ${CHECK_USERS} == yes ]]; then getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY} Diffcheck ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY} ${USERS_LIST_DIFF} "local users" + Count ${INFOS} ${USERS_LIST_TODAY} "Total local users" fi # check for changes in groups @@ -37,6 +38,7 @@ fi if [[ ${CHECK_GROUPS} == yes ]]; then getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY} Diffcheck ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_DIFF} "local groups" + Count ${INFOS} ${GROUPS_LIST_TODAY} "Total local group" fi ### Passwd file check @@ -53,6 +55,7 @@ if [[ ${CHECK_PASSWD} == yes ]]; then if [[ -s ${MSEC_TMP} ]]; then printf "\nSecurity Warning: /etc/passwd check :\n" >> ${SECURITY} cat ${MSEC_TMP} >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Issues found in /etc/passwd file" fi fi @@ -66,6 +69,7 @@ if [[ ${CHECK_SHADOW} == yes ]]; then if [[ -s ${MSEC_TMP} ]]; then printf "\nSecurity Warning: /etc/shadow check :\n" >> ${SECURITY} cat ${MSEC_TMP} >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Issues found in /etc/shadow file" fi fi @@ -88,6 +92,7 @@ if [[ -s /etc/exports ]] ; then if [[ -s ${MSEC_TMP} ]] ; then printf "\nSecurity Warning: Some NFS filesystem are exported globally :\n" >> ${SECURITY} cat ${MSEC_TMP} >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Issues found in NFS exports" fi fi @@ -96,6 +101,7 @@ fi if [[ -s ${MSEC_TMP} ]] ; then printf "\nSecurity Warning: The following NFS mounts haven't got the nosuid option set :\n" >> ${SECURITY} cat ${MSEC_TMP} | awk '{ print "\t\t- "$0 }' >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Unsafe NFS exports" fi ### Files that should not have + signs. @@ -134,6 +140,7 @@ if [[ ${CHECK_SHOSTS} == yes ]]; then printf "\tthis probably mean that you trust certains users/domain\n" >> ${SECURITY} printf "\tto connect on this host without proper authentication :\n" >> ${SECURITY} cat ${MSEC_TMP} >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Unsafe hosts trusting files" fi fi @@ -150,6 +157,7 @@ for file in ${list}; do printf "\nSecurity Warning: The following programs are executed in your mail\n" >> ${SECURITY} printf "\tvia ${file} files, this could lead to security problems :\n" >> ${SECURITY} cat ${MSEC_TMP} >> ${SECURITY} + Count ${INFOS} ${MSEC_TMP} "Unsafe mail aliases" fi done |