diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rwxr-xr-x | cron-sh/security.sh | 24 | ||||
| -rw-r--r-- | init-sh/security.conf | 21 |
3 files changed, 24 insertions, 23 deletions
@@ -23,7 +23,6 @@ rpm_install: all cp init-sh/grpuser.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh cp init-sh/custom.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh cp cron-sh/*.sh $(RPM_BUILD_ROOT)/etc/security/msec/cron-sh - cp init-sh/security.conf $(RPM_BUILD_ROOT)/etc/security/msec/security.conf install -s src/promisc_check/promisc_check $(RPM_BUILD_ROOT)/usr/bin echo "Install complete" @@ -48,7 +47,6 @@ install: (cp init-sh/*.[0-5] /etc/security/msec/init-sh/) (cp init-sh/custom.sh /etc/security/msec/init-sh); (cp init-sh/server.* /etc/security/msec/init-sh) - (cp init-sh/security.conf /etc/security/msec/security.conf) (cd src/promisc_check; make install) (cd cron-sh; make install) diff --git a/cron-sh/security.sh b/cron-sh/security.sh index f8916d5..af446e3 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -7,6 +7,28 @@ fi . /etc/security/msec/security.conf +SUID_ROOT_TODAY="/var/log/security/suid_root.today" +SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" +SUID_ROOT_DIFF="/var/log/security/suid_root.diff" +SUID_GROUP_TODAY="/var/log/security/suid_group.today" +SUID_GROUP_YESTERDAY="/var/log/security/suid_group.yesterday" +SUID_GROUP_DIFF="/var/log/security/suid_group.diff" +SUID_MD5_TODAY="/var/log/security/suid_md5.today" +SUID_MD5_YESTERDAY="/var/log/security/suid_md5.yesterday" +SUID_MD5_DIFF="/var/log/security/suid_md5.diff" +OPEN_PORT_TODAY="/var/log/security/open_port.today" +OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday" +OPEN_PORT_DIFF="/var/log/security/open_port.diff" +WRITEABLE_TODAY="/var/log/security/writeable.today" +WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday" +WRITEABLE_DIFF="/var/log/security/writeable.diff" +UNOWNED_USER_TODAY="/var/log/security/unowned_user.today" +UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.yesterday" +UNOWNED_USER_DIFF="/var/log/security/unowned_user.diff" +UNOWNED_GROUP_TODAY="/var/log/security/unowned_group.today" +UNOWNED_GROUP_YESTERDAY="/var/log/security/unowned_group.yesterday" +UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.diff" + # Modified filters coming from debian security scripts. CS_NFSAFS='(nfs|afs|xfs|coda)' @@ -18,6 +40,8 @@ DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3` PRINT="%h/%f\n" #PRINT="%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" + + if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi diff --git a/init-sh/security.conf b/init-sh/security.conf deleted file mode 100644 index afb9428..0000000 --- a/init-sh/security.conf +++ /dev/null @@ -1,21 +0,0 @@ -SUID_ROOT_TODAY="/var/log/security/suid_root.today" -SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" -SUID_ROOT_DIFF="/var/log/security/suid_root.diff" -SUID_GROUP_TODAY="/var/log/security/suid_group.today" -SUID_GROUP_YESTERDAY="/var/log/security/suid_group.yesterday" -SUID_GROUP_DIFF="/var/log/security/suid_group.diff" -SUID_MD5_TODAY="/var/log/security/suid_md5.today" -SUID_MD5_YESTERDAY="/var/log/security/suid_md5.yesterday" -SUID_MD5_DIFF="/var/log/security/suid_md5.diff" -OPEN_PORT_TODAY="/var/log/security/open_port.today" -OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday" -OPEN_PORT_DIFF="/var/log/security/open_port.diff" -WRITEABLE_TODAY="/var/log/security/writeable.today" -WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday" -WRITEABLE_DIFF="/var/log/security/writeable.diff" -UNOWNED_USER_TODAY="/var/log/security/unowned_user.today" -UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.yesterday" -UNOWNED_USER_DIFF="/var/log/security/unowned_user.diff" -UNOWNED_GROUP_TODAY="/var/log/security/unowned_group.today" -UNOWNED_GROUP_YESTERDAY="/var/log/security/unowned_group.yesterday" -UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.diff" |