aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:19 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:19 +0000
commit65e2c9e92c8ef52fc6d47348ddd1bf255e069701 (patch)
treec1a17bae95574c827018b72374f4715a5318e366 /cron-sh
parentcf3dd6d78e400692f9d34bb3d5692db4d613906b (diff)
downloadmsec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar
msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.gz
msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.bz2
msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.xz
msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.zip
Simplified diff checks.
Diffstat (limited to 'cron-sh')
-rw-r--r--cron-sh/functions.sh18
-rwxr-xr-xcron-sh/scripts/01_files.sh157
-rwxr-xr-xcron-sh/scripts/02_network.sh31
-rwxr-xr-xcron-sh/scripts/03_rpm.sh48
-rwxr-xr-xcron-sh/scripts/04_rootkit.sh14
-rwxr-xr-xcron-sh/scripts/05_access.sh28
6 files changed, 69 insertions, 227 deletions
diff --git a/cron-sh/functions.sh b/cron-sh/functions.sh
index e987d91..594d703 100644
--- a/cron-sh/functions.sh
+++ b/cron-sh/functions.sh
@@ -37,6 +37,24 @@ FILTER="\(`echo $EXCLUDEDIR | sed -e 's/ /\\\|/g'`\)"
### Functions ###
+Diffcheck() {
+ TODAY="$1"
+ YESTERDAY="$2"
+ DIFF="$3"
+ MESSAGE="$4"
+ if [[ -f ${YESTERDAY} ]]; then
+ if ! diff -u ${YESTERDAY} ${TODAY} > ${DIFF}; then
+ printf "\nSecurity Warning: change in $MESSAGE found :\n" >> ${DIFF}
+ grep '^+' ${DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- Newly added $MESSAGE : ${file}\n"
+ done >> ${DIFF}
+ grep '^-' ${DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- No longer present $MESSAGE : ${file}\n"
+ done >> ${DIFF}
+ fi
+ fi
+}
+
Syslog() {
if [[ ${SYSLOG_WARN} == yes ]]; then
cat ${1} | while read line; do
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index dc20bd0..a38a874 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -94,139 +94,60 @@ fi
### New Suid root files detection
if [[ ${CHECK_SUID_ROOT} == yes ]]; then
-
- if [[ -f ${SUID_ROOT_YESTERDAY} ]]; then
- if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then
- printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${DIFF}
- grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added suid root file : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present suid root file : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_DIFF} "Suid Root files"
fi
### New Sgid files detection
if [[ ${CHECK_SGID} == yes ]]; then
-
- if [[ -f ${SGID_YESTERDAY} ]]; then
- if ! diff -u ${SGID_YESTERDAY} ${SGID_TODAY} > ${SGID_DIFF}; then
- printf "\nSecurity Warning: Changes in Sgid files found :\n" >> ${DIFF}
- grep '^+' ${SGID_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added sgid file : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${SGID_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present sgid file : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${SGID_TODAY} ${SGID_YESTERDAY} ${SGID_DIFF} "Sgid files"
fi
### Writable files detection
if [[ ${CHECK_WRITABLE} == yes ]]; then
-
- if [[ -f ${WRITABLE_YESTERDAY} ]]; then
- diff -u ${WRITABLE_YESTERDAY} ${WRITABLE_TODAY} > ${WRITABLE_DIFF}
- if [ -s ${WRITABLE_DIFF} ]; then
- printf "\nSecurity Warning: Change in World Writable Files found :\n" >> ${DIFF}
- grep '^+' ${WRITABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added writable file : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${WRITABLE_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present writable file : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY} ${WRITABLE_DIFF} "World Writable files"
fi
### Search Non Owned files
if [[ ${CHECK_UNOWNED} == yes ]]; then
-
- if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then
- diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF}
- if [ -s ${UNOWNED_USER_DIFF} ]; then
- printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${DIFF}
- grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added un-owned file : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present un-owned file : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
- if [[ -f ${UNOWNED_GROUP_YESTERDAY} ]]; then
- diff -u ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_TODAY} > ${UNOWNED_GROUP_DIFF}
- if [ -s ${UNOWNED_GROUP_DIFF} ]; then
- printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${DIFF}
- grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added un-owned file : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present un-owned file : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_DIFF} "Un-owned files"
+ Diffcheck ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_DIFF} "Un-owned group files"
fi
### Md5 check for SUID root fileg
if [[ ${CHECK_SUID_MD5} == yes ]]; then
- ctrl_md5=0;
-
- if [[ -f ${SUID_MD5_YESTERDAY} ]]; then
- diff -u ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} > ${SUID_MD5_DIFF}
- if [ -s ${SUID_MD5_DIFF} ]; then
- grep '^+' ${SUID_MD5_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | awk '{print $2}' | while read file; do
- if cat ${SUID_MD5_YESTERDAY} | awk '{print $2}' | grep -qw ${file}; then
- if [[ ${ctrl_md5} == 0 ]]; then
- printf "\nSecurity Warning: the md5 checksum for one of your SUID files has changed,\n" >> ${DIFF}
- printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${DIFF}
- ctrl_md5=1;
- fi
- printf "\t\t- Checksum changed file : ${file}\n"
- fi
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} ${SUID_MD5_DIFF} "SUID files MD5 checksum"
fi
### Writable file detection
if [[ ${CHECK_WRITABLE} == yes ]]; then
if [[ -s ${WRITABLE_TODAY} ]]; then
- printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY}
- cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
+ printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY}
+ cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
fi
fi
### Search Un Owned file
if [[ ${CHECK_UNOWNED} == yes ]]; then
if [[ -s ${UNOWNED_USER_TODAY} ]]; then
- printf "\nSecurity Warning : User Unowned files found :\n" >> ${SECURITY}
- printf "\t( theses files now have user \"nobody\" as their owner. )\n" >> ${SECURITY}
- cat ${UNOWNED_USER_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
+ printf "\nSecurity Warning : User Unowned files found :\n" >> ${SECURITY}
+ printf "\t( theses files now have user \"nobody\" as their owner. )\n" >> ${SECURITY}
+ cat ${UNOWNED_USER_TODAY} >> ${SECURITY}
cat ${UNOWNED_USER_TODAY} | while read line; do
- if [[ ${FIX_UNOWNED} == yes ]]; then
- chown nobody "${line}"; # Use quote if filename contain space.
- fi
- done
+ if [[ ${FIX_UNOWNED} == yes ]]; then
+ chown nobody "${line}"; # Use quote if filename contain space.
+ fi
+ done
fi
if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then
- printf "\nSecurity Warning : Group Unowned files found :\n" >> ${SECURITY}
+ printf "\nSecurity Warning : Group Unowned files found :\n" >> ${SECURITY}
printf "\t( theses files now have group \"nogroup\" as their group owner. )\n" >> ${SECURITY}
- cat ${UNOWNED_GROUP_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
- cat ${UNOWNED_GROUP_TODAY} | while read line; do
- if [[ ${FIX_UNOWNED} == yes ]]; then
- chgrp nogroup "${line}"; # Use quote if filename contain space.
- fi
- done
+ cat ${UNOWNED_GROUP_TODAY} >> ${SECURITY}
+ cat ${UNOWNED_GROUP_TODAY} | while read line; do
+ if [[ ${FIX_UNOWNED} == yes ]]; then
+ chgrp nogroup "${line}"; # Use quote if filename contain space.
+ fi
+ done
fi
fi
@@ -237,23 +158,23 @@ list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \
getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' |
while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
- for f in ${list} ; do
- file="${homedir}/${f}"
- if [[ -f "${file}" ]] ; then
- res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'`
- printf "${uid}:${username}:${file}:${res}\n"
- fi
- done
+ for f in ${list} ; do
+ file="${homedir}/${f}"
+ if [[ -f "${file}" ]] ; then
+ res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'`
+ printf "${uid}:${username}:${file}:${res}\n"
+ fi
+ done
fi
done | awk -F: '$1 != $6 && $6 != "0" \
{ print "\t\t- " $3 " : file is owned by uid " $6 "." }
- $4 ~ /^-...r/ \
+ $4 ~ /^-...r/ \
{ print "\t\t- " $3 " : file is group readable." }
- $4 ~ /^-......r/ \
+ $4 ~ /^-......r/ \
{ print "\t\t- " $3 " : file is other readable." }
- $4 ~ /^-....w/ \
+ $4 ~ /^-....w/ \
{ print "\t\t- " $3 " : file is group writable." }
- $4 ~ /^-.......w/ \
+ $4 ~ /^-.......w/ \
{ print "\t\t- " $3 " : file is other writable." }' > ${MSEC_TMP}
if [[ -s ${MSEC_TMP} ]]; then
@@ -271,12 +192,12 @@ list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \
getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \
while IFS=: read username uid homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then
- for f in ${list} ; do
- file="${homedir}/${f}"
- if [[ -e "${file}" ]] ; then
- res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'`
- printf "${uid}:${username}:${file}:${res}\n"
- fi
+ for f in ${list} ; do
+ file="${homedir}/${f}"
+ if [[ -e "${file}" ]] ; then
+ res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'`
+ printf "${uid}:${username}:${file}:${res}\n"
+ fi
done
fi
done | awk -F: '$1 != $6 && $6 != "0" \
diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index cdb477d..ebd8a4c 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -34,43 +34,16 @@ fi
### Changed open port
if [[ ${CHECK_OPEN_PORT} == yes ]]; then
-
- if [[ -f ${OPEN_PORT_YESTERDAY} ]]; then
- diff -u ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}
- if [ -s ${OPEN_PORT_DIFF} ]; then
- printf "\nSecurity Warning: There are modifications for port listening on your machine :\n" >> ${DIFF}
- grep '^+' ${OPEN_PORT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Opened ports : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${OPEN_PORT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Closed ports : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_DIFF} "network ports"
fi
### Changed firewall
if [[ ${CHECK_FIREWALL} == yes ]]; then
-
- if [[ -f ${FIREWALL_YESTERDAY} ]]; then
- diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF}
- if [ -s ${FIREWALL_DIFF} ]; then
- printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${DIFF}
- grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- New entries : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Removed entries : ${file}\n"
- done >> ${DIFF}
- fi
- fi
-
+ Diffcheck ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY} ${FIREWALL_DIFF} "firewall rules"
fi
### Dump a list of open port.
if [[ ${CHECK_OPEN_PORT} == yes ]]; then
-
if [[ -s ${OPEN_PORT_TODAY} ]]; then
printf "\nThese are the ports listening on your machine :\n" >> ${INFOS}
cat ${OPEN_PORT_TODAY} >> ${INFOS}
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index ae88542..5eb1399 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -40,19 +40,7 @@ fi
# list of installed packages
if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY}
-
- if [[ -f ${RPM_QA_YESTERDAY} ]]; then
- diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
- if [ -s ${RPM_QA_DIFF} ]; then
- printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF}
- grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly installed package : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present package : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ Diffcheck ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY} ${RPM_QA_DIFF} "installed packages"
fi
# integrity of installed packages
@@ -66,42 +54,16 @@ if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then
# full check
if [[ -s ${RPM_VA_TODAY} ]]; then
printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY}
- cat ${RPM_VA_TODAY} | while read f; do
- printf "\t\t- $f\n"
- done >> ${SECURITY}
+ cat ${RPM_VA_TODAY} >> ${SECURITY}
fi
if [[ -s ${RPM_VA_CONFIG_TODAY} ]]; then
printf "\nSecurity Warning: These config files belonging to packages are modified on the system :\n" >> ${SECURITY}
- cat ${RPM_VA_CONFIG_TODAY} | while read f; do
- printf "\t\t- $f\n"
- done >> ${SECURITY}
+ cat ${RPM_VA_CONFIG_TODAY} >> ${SECURITY}
fi
# diff check
- if [[ -f ${RPM_VA_YESTERDAY} ]]; then
- diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF}
- if [ -s ${RPM_VA_DIFF} ]; then
- printf "\nSecurity Warning: These files belonging to packages have changed of status on the system :\n" >> ${DIFF}
- grep '^+' ${RPM_VA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly modified : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${RPM_VA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer modified : ${file}\n"
- done >> ${DIFF}
- fi
- fi
- if [[ -f ${RPM_VA_CONFIG_YESTERDAY} ]]; then
- diff -u ${RPM_VA_CONFIG_YESTERDAY} ${RPM_VA_CONFIG_TODAY} > ${RPM_VA_CONFIG_DIFF}
- if [ -s ${RPM_VA_CONFIG_DIFF} ]; then
- printf "\nSecurity Warning: These config files belonging to packages have changed of status on the system :\n" >> ${DIFF}
- grep '^+' ${RPM_VA_CONFIG_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly modified : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${RPM_VA_CONFIG_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer modified : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ Diffcheck ${RPM_VA_TODAY} ${RPM_VA_YESTERDAY} ${RPM_VA_DIFF} "files belonging to packages"
+ Diffcheck ${RPM_VA_CONFIG_TODAY} ${RPM_VA_CONFIG_YESTERDAY} ${RPM_VA_CONFIG_DIFF} "config files belonging to packages"
fi
diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh
index b83e727..c518247 100755
--- a/cron-sh/scripts/04_rootkit.sh
+++ b/cron-sh/scripts/04_rootkit.sh
@@ -32,18 +32,6 @@ fi
### Changed chkrootkit
if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
-
- if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then
- diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF}
- if [ -s ${CHKROOTKIT_DIFF} ]; then
- printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${DIFF}
- grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Added : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Removed : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ Diffcheck ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_DIFF} "chkrootkit results"
fi
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh
index e63a3c8..b66e87f 100755
--- a/cron-sh/scripts/05_access.sh
+++ b/cron-sh/scripts/05_access.sh
@@ -20,18 +20,8 @@ fi
# check for changes in users
if [[ ${CHECK_USERS} == yes ]]; then
- getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY}
- if [[ -f ${USERS_LIST_YESTERDAY} ]]; then
- if ! diff -u ${USERS_LIST_YESTERDAY} ${USERS_LIST_TODAY} > ${USERS_LIST_DIFF}; then
- printf "\nSecurity Warning: Changes in list of users found :\n" >> ${DIFF}
- grep '^+' ${USERS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added users : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${USERS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present users : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY}
+ Diffcheck ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY} ${USERS_LIST_DIFF} "local users"
fi
# check for changes in groups
@@ -45,18 +35,8 @@ fi
# check for changes in groups
if [[ ${CHECK_GROUPS} == yes ]]; then
- getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY}
- if [[ -f ${GROUPS_LIST_YESTERDAY} ]]; then
- if ! diff -u ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_TODAY} > ${GROUPS_LIST_DIFF}; then
- printf "\nSecurity Warning: Changes in list of groups found :\n" >> ${DIFF}
- grep '^+' ${GROUPS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- Newly added groups : ${file}\n"
- done >> ${DIFF}
- grep '^-' ${GROUPS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
- printf "\t\t- No longer present groups : ${file}\n"
- done >> ${DIFF}
- fi
- fi
+ getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY}
+ Diffcheck ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_DIFF} "local groups"
fi
### Passwd file check