diff options
| author | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-12-17 15:22:37 +0000 |
|---|---|---|
| committer | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-12-17 15:22:37 +0000 |
| commit | 35fce927a70a6e882770d33c80949b39e8ee2837 (patch) | |
| tree | abbc25b04ac45b5c9b6df15517d50523dc0994ef /cron-sh | |
| parent | 46c44c4aa32d03cbf640edc1e388d7f4a6cc649a (diff) | |
| download | msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.gz msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.bz2 msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.xz msec-35fce927a70a6e882770d33c80949b39e8ee2837.zip | |
*** empty log message ***
Diffstat (limited to 'cron-sh')
| -rwxr-xr-x | cron-sh/diff_check.sh | 9 | ||||
| -rwxr-xr-x | cron-sh/security_check.sh | 25 |
2 files changed, 15 insertions, 19 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 6c22184..603edf6 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -14,15 +14,6 @@ if [[ ${CHECK_SECURITY} == no ]]; then exit 0 fi -# Modified filters coming from debian security scripts. -CS_NFSAFS='(nfs|afs|xfs|coda)' -CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')' -CS_DEVS='^/dev/fd' -CS_DIRS='on /mnt' -FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS" -DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3` -### - SUID_ROOT_TODAY="/var/log/security/suid_root.today" SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" SUID_ROOT_DIFF="/var/log/security/suid_root.diff" diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index 87c7043..d7d6ff3 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -7,7 +7,7 @@ if [[ -f /etc/security/msec/security.conf ]]; then . /etc/security/msec/security.conf else - echo "/etc/security/msec/security.conf don't exist." + echo "/etc/security/msec/security.conf don't exist." exit 1 fi @@ -43,30 +43,35 @@ Ttylog() { ### Writeable file detection if [[ ${CHECK_WRITEABLE} == yes ]]; then - find ${DIR} -xdev -type f -perm -2 -ls -print | awk '{print $11}' | sort > ${TMP} + find ${DIR} -xdev -type f -perm -2 -print | sort > ${TMP} if [[ -s ${TMP} ]]; then printf "\nSecurity Warning: World Writeable Files found :\n" >> ${SECURITY} - cat ${TMP} >> ${SECURITY} + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} fi fi ### Search Un Owned file if [[ ${CHECK_UNOWNED} == yes ]]; then - find ${DIR} -xdev -nouser -print -ls | awk '{print $11}' | sort > ${TMP} + find ${DIR} -xdev -nouser -print | sort > ${TMP} + if [[ -s ${TMP} ]]; then printf "\nSecurity Warning : the following file aren't owned by any user :\n" >> ${SECURITY} - printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURE_LOG} - cat ${TMP} >> ${SECURITY} - cat ${TMP} | while read line; do chown nobody ${line}; done + printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURITY_LOG} + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} + cat ${TMP} | while read line; do + chown nobody ${line}; + done fi - find $DIR -xdev -nogroup -print -ls | awk '{print $11}' | sort > ${TMP} + find $DIR -xdev -nogroup -print | sort > ${TMP} if [[ -s ${TMP} ]]; then printf "\nSecurity Warning : the following file aren't owned by any group :\n" >> ${SECURITY} printf "\ttheses files now have group \"nogroup\" as their group owner." >> ${SECURITY} - cat ${TMP} >> ${SECURITY} - cat ${TMP} | while read line; do chgrp nogroup ${line}; done + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} + cat ${TMP} | while read line; do + chgrp nogroup ${line}; + done fi fi |