diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rwxr-xr-x | cron-sh/diff_check.sh | 9 | ||||
-rwxr-xr-x | cron-sh/security_check.sh | 25 | ||||
-rw-r--r-- | init-sh/lib.sh | 7 |
5 files changed, 21 insertions, 27 deletions
@@ -1,5 +1,6 @@ 1999-12-17 Yoann Vandoorselaere <yoann@mandrakesoft.com> - * security_check.sh: fix the mktemp problem + * security_check.sh: Bugfix + * diff_check.sh: dito 1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com> * Don't use msec parsing routine to hack inittab. @@ -23,7 +23,7 @@ rpm_install: all cp init-sh/grpuser.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh cp init-sh/custom.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh cp cron-sh/*.sh $(RPM_BUILD_ROOT)/etc/security/msec/cron-sh - touch $(RPM_BUILD_ROOT)/etc/security/msec/security.conf + cp init-sh/security.conf $(RPM_BUILD_ROOT)/etc/security/msec/security.conf install -s src/promisc_check/promisc_check $(RPM_BUILD_ROOT)/usr/bin echo "Install complete" @@ -48,7 +48,7 @@ install: (cp init-sh/*.[0-5] /etc/security/msec/init-sh/) (cp init-sh/custom.sh /etc/security/msec/init-sh); (cp init-sh/server.* /etc/security/msec/init-sh) - (touch /etc/security/msec/security.conf) + (cp init-sh/security.conf /etc/security/msec/security.conf) (cd src/promisc_check; make install) (cd cron-sh; make install) diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 6c22184..603edf6 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -14,15 +14,6 @@ if [[ ${CHECK_SECURITY} == no ]]; then exit 0 fi -# Modified filters coming from debian security scripts. -CS_NFSAFS='(nfs|afs|xfs|coda)' -CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')' -CS_DEVS='^/dev/fd' -CS_DIRS='on /mnt' -FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS" -DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3` -### - SUID_ROOT_TODAY="/var/log/security/suid_root.today" SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" SUID_ROOT_DIFF="/var/log/security/suid_root.diff" diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index 87c7043..d7d6ff3 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -7,7 +7,7 @@ if [[ -f /etc/security/msec/security.conf ]]; then . /etc/security/msec/security.conf else - echo "/etc/security/msec/security.conf don't exist." + echo "/etc/security/msec/security.conf don't exist." exit 1 fi @@ -43,30 +43,35 @@ Ttylog() { ### Writeable file detection if [[ ${CHECK_WRITEABLE} == yes ]]; then - find ${DIR} -xdev -type f -perm -2 -ls -print | awk '{print $11}' | sort > ${TMP} + find ${DIR} -xdev -type f -perm -2 -print | sort > ${TMP} if [[ -s ${TMP} ]]; then printf "\nSecurity Warning: World Writeable Files found :\n" >> ${SECURITY} - cat ${TMP} >> ${SECURITY} + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} fi fi ### Search Un Owned file if [[ ${CHECK_UNOWNED} == yes ]]; then - find ${DIR} -xdev -nouser -print -ls | awk '{print $11}' | sort > ${TMP} + find ${DIR} -xdev -nouser -print | sort > ${TMP} + if [[ -s ${TMP} ]]; then printf "\nSecurity Warning : the following file aren't owned by any user :\n" >> ${SECURITY} - printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURE_LOG} - cat ${TMP} >> ${SECURITY} - cat ${TMP} | while read line; do chown nobody ${line}; done + printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURITY_LOG} + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} + cat ${TMP} | while read line; do + chown nobody ${line}; + done fi - find $DIR -xdev -nogroup -print -ls | awk '{print $11}' | sort > ${TMP} + find $DIR -xdev -nogroup -print | sort > ${TMP} if [[ -s ${TMP} ]]; then printf "\nSecurity Warning : the following file aren't owned by any group :\n" >> ${SECURITY} printf "\ttheses files now have group \"nogroup\" as their group owner." >> ${SECURITY} - cat ${TMP} >> ${SECURITY} - cat ${TMP} | while read line; do chgrp nogroup ${line}; done + cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY} + cat ${TMP} | while read line; do + chgrp nogroup ${line}; + done fi fi diff --git a/init-sh/lib.sh b/init-sh/lib.sh index 71af4c7..e8798c7 100644 --- a/init-sh/lib.sh +++ b/init-sh/lib.sh @@ -85,7 +85,7 @@ CleanRules() { fi echo -en "\t- Cleaning msec appended line in ${file} : " - + tmpfile=`mktemp /tmp/secure.XXXXXX` cp ${file} ${tmpfile} @@ -196,7 +196,7 @@ CommentUserRules /etc/hosts.allow CleanRules /etc/securetty CommentUserRules /etc/securetty CleanRules /etc/security/msec/security.conf -CommentUserRules /etc/security/msec/security.conf +#CommentUserRules /etc/security/msec/security.conf CleanRules /etc/profile CleanRules /etc/lilo.conf CleanRules /etc/rc.d/rc.firewall @@ -260,6 +260,3 @@ echo - - - |