diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:19:56 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:19:56 +0000 |
| commit | 3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2 (patch) | |
| tree | 14d937a6fe4a1da9e6e824fb41b13b1c2b5f513e /cron-sh/scripts | |
| parent | e0fb064bf52c9e18009573e900beb93b478fb2bb (diff) | |
| download | msec-3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2.tar msec-3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2.tar.gz msec-3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2.tar.bz2 msec-3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2.tar.xz msec-3f7ae64cbfde0c479bcfd1f96b2e2f9e49d69cb2.zip | |
Added support for CHECK_USERS and CHECK_GROUPS.
Diffstat (limited to 'cron-sh/scripts')
| -rwxr-xr-x | cron-sh/scripts/05_access.sh | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh index 1168cd7..e63a3c8 100755 --- a/cron-sh/scripts/05_access.sh +++ b/cron-sh/scripts/05_access.sh @@ -9,6 +9,56 @@ if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECUR return 1 fi +# check for changes in users +USERS_LIST_TODAY="/var/log/security/users_list.today" +USERS_LIST_YESTERDAY="/var/log/security/users_list.yesterday" +USERS_LIST_DIFF="/var/log/security/users_list.diff" + +if [[ -f ${USERS_LIST_TODAY} ]]; then + mv ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY}; +fi + +# check for changes in users +if [[ ${CHECK_USERS} == yes ]]; then + getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY} + if [[ -f ${USERS_LIST_YESTERDAY} ]]; then + if ! diff -u ${USERS_LIST_YESTERDAY} ${USERS_LIST_TODAY} > ${USERS_LIST_DIFF}; then + printf "\nSecurity Warning: Changes in list of users found :\n" >> ${DIFF} + grep '^+' ${USERS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Newly added users : ${file}\n" + done >> ${DIFF} + grep '^-' ${USERS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- No longer present users : ${file}\n" + done >> ${DIFF} + fi + fi +fi + +# check for changes in groups +GROUPS_LIST_TODAY="/var/log/security/groups_list.today" +GROUPS_LIST_YESTERDAY="/var/log/security/groups_list.yesterday" +GROUPS_LIST_DIFF="/var/log/security/groups_list.diff" + +if [[ -f ${GROUPS_LIST_TODAY} ]]; then + mv ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY}; +fi + +# check for changes in groups +if [[ ${CHECK_GROUPS} == yes ]]; then + getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY} + if [[ -f ${GROUPS_LIST_YESTERDAY} ]]; then + if ! diff -u ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_TODAY} > ${GROUPS_LIST_DIFF}; then + printf "\nSecurity Warning: Changes in list of groups found :\n" >> ${DIFF} + grep '^+' ${GROUPS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Newly added groups : ${file}\n" + done >> ${DIFF} + grep '^-' ${GROUPS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- No longer present groups : ${file}\n" + done >> ${DIFF} + fi + fi +fi + ### Passwd file check if [[ ${CHECK_PASSWD} == yes ]]; then getent passwd | awk -F: '{ |