diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rwxr-xr-x | cron-sh/diff_check.sh | 33 | ||||
| -rwxr-xr-x | cron-sh/security.sh | 48 | ||||
| -rwxr-xr-x | cron-sh/security_check.sh | 21 | ||||
| -rwxr-xr-x | init-sh/level0.sh | 2 | ||||
| -rwxr-xr-x | init-sh/level1.sh | 2 | ||||
| -rwxr-xr-x | init-sh/level2.sh | 2 | ||||
| -rwxr-xr-x | init-sh/level3.sh | 5 | ||||
| -rwxr-xr-x | init-sh/level4.sh | 3 | ||||
| -rwxr-xr-x | init-sh/level5.sh | 3 | ||||
| -rw-r--r-- | init-sh/perm.0 | 1 | ||||
| -rw-r--r-- | init-sh/perm.1 | 1 | ||||
| -rw-r--r-- | init-sh/perm.2 | 1 | ||||
| -rw-r--r-- | init-sh/perm.3 | 3 | ||||
| -rw-r--r-- | init-sh/perm.4 | 3 | ||||
| -rw-r--r-- | init-sh/perm.5 | 3 | ||||
| -rw-r--r-- | msec.spec | 6 |
17 files changed, 84 insertions, 58 deletions
@@ -1,3 +1,8 @@ +1999-12-24 Yoann Vandoorselaere <yoann@mandrakesoft.com> + * level[35]: also do a mail report. + * moved Syslog(), Ttylog(), Maillog() to security.sh + * security_check.sh & diff_check.sh now sourced from security.sh + 1999-12-22 Yoann Vandoorselaere <yoann@mandrakesoft.com> * init-sh/perm[15]: files should be constant in their content. all entry should be in each perm file diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index f6cff92..9b548d6 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -17,27 +17,6 @@ fi SECURITY_LOG="/var/log/security.log" TMP=`mktemp /tmp/secure.XXXXXX` -### Functions ### - -Syslog() { - if [[ ${SYSLOG_WARN} == yes ]]; then - cat ${1} | while read line; do - /sbin/initlog --string="${line}" - done - fi -} - -Ttylog() { - if [[ ${TTY_WARN} == yes ]]; then - for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do - cat ${1} > /dev/$i - done - fi -} - -################## - - ### New Suid root files detection if [[ ${CHECK_SUID_ROOT} == yes ]]; then @@ -95,10 +74,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then if ! diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF}; then printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP} - grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do + grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do printf "\t\t- Added un-owned files : ${file}\n" - done > ${TMP} - grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + done >> ${TMP} + grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do printf "\t\t- Removed un-owned files : ${file}\n" done >> ${TMP} fi @@ -110,7 +89,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do printf "\t\t- Added un-owned files : ${file}\n" done >> ${TMP} - grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do printf "\t\t- Removed un-owned files : ${file}\n" done >> ${TMP} fi @@ -161,8 +140,12 @@ if [[ -s ${TMP} ]]; then Syslog ${TMP} Ttylog ${TMP} date=`date` + echo -e "\n\n*** Diff Check, ${date} ***\n" >> ${SECURITY_LOG} cat ${TMP} >> ${SECURITY_LOG} + + Maillog "*** Diff Check, ${date} ***" "${TMP}" + fi if [[ -f ${TMP} ]]; then diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 10eb54b..9f97382 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -42,31 +42,31 @@ if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi -if [[ -s ${SUID_ROOT_TODAY} ]]; then +if [[ -f ${SUID_ROOT_TODAY} ]]; then mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY}; fi -if [[ -s ${SUID_GROUP_TODAY} ]]; then +if [[ -f ${SUID_GROUP_TODAY} ]]; then mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY}; fi -if [[ -s ${WRITEABLE_TODAY} ]]; then +if [[ -f ${WRITEABLE_TODAY} ]]; then mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY}; fi -if [[ -s ${UNOWNED_USER_TODAY} ]]; then +if [[ -f ${UNOWNED_USER_TODAY} ]]; then mv ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY}; fi -if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then +if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then mv ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY}; fi -if [[ -s ${OPEN_PORT_TODAY} ]]; then +if [[ -f ${OPEN_PORT_TODAY} ]]; then mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} fi -if [[ -s ${SUID_MD5_TODAY} ]]; then +if [[ -f ${SUID_MD5_TODAY} ]]; then mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY}; fi @@ -82,15 +82,43 @@ cat ${SUID_ROOT_TODAY} | while read line; do md5sum ${line} done > ${SUID_MD5_TODAY} +### Functions ### -. /etc/security/msec/cron-sh/diff_check.sh -. /etc/security/msec/cron-sh/security_check.sh - +Syslog() { + if [[ ${SYSLOG_WARN} == yes ]]; then + cat ${1} | while read line; do + /sbin/initlog --string="${line}" + done + fi +} +Ttylog() { + if [[ ${TTY_WARN} == yes ]]; then + for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do + cat ${1} > /dev/$i + done + fi +} +Maillog() { + subject=${1} + text=${2} + if [[ ${MAIL_WARN} != yes ]]; then + return; + fi + if [[ -z ${MAIL_USER} ]]; then + return; + fi + if [[ -x /bin/mail ]]; then + cat ${text} | /bin/mail -s "${subject}" "${MAIL_USER}" + fi +} +################## +. /etc/security/msec/cron-sh/diff_check.sh +. /etc/security/msec/cron-sh/security_check.sh diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index bc0cd62..0c0948a 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -24,24 +24,6 @@ if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi -### Functions ### - -Syslog() { - if [[ ${SYSLOG_WARN} == yes ]]; then - cat ${1} | while read line; do - /sbin/initlog --string="${line}" - done - fi -} - -Ttylog() { - if [[ ${TTY_WARN} == yes ]]; then - for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do - cat ${1} > /dev/${i} - done - fi -} - ### Writeable file detection if [[ ${CHECK_WRITEABLE} == yes ]]; then if [[ -s ${WRITEABLE_TODAY} ]]; then @@ -265,9 +247,12 @@ if [[ -s ${SECURITY} ]]; then Syslog ${SECURITY} Ttylog ${SECURITY} date=`date` + echo -e "\n\n*** Security Check, ${date} ***\n" >> ${SECURITY_LOG} cat ${SECURITY} >> ${SECURITY_LOG} cat ${INFOS} >> ${SECURITY_LOG} + + Maillog "*** Security Check, ${date} ***" "${SECURITY} ${INFOS}" fi if [[ -f ${SECURITY} ]]; then diff --git a/init-sh/level0.sh b/init-sh/level0.sh index 5f4d66b..1c1447f 100755 --- a/init-sh/level0.sh +++ b/init-sh/level0.sh @@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no." AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : no." AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : no." + AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : no." AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf # end security check diff --git a/init-sh/level1.sh b/init-sh/level1.sh index 2cab039..269873b 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no." AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : no." AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : no." + AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : no." AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf # end security check diff --git a/init-sh/level2.sh b/init-sh/level2.sh index a6b82c2..379776a 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -46,6 +46,8 @@ echo -e "\t- Check shadow file integrity : no." AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : no." AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : no." + AddRules "MAIL_WARN=no" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : yes." AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf # end security check diff --git a/init-sh/level3.sh b/init-sh/level3.sh index 6f091fd..6be1a66 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -50,6 +50,9 @@ echo -e "\t- Check shadow file integrity : yes." AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : yes." AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : yes." + AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet + AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : yes." AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf # end security check @@ -82,4 +85,4 @@ rm -f ${tmpfile} echo "done." # Group were modified in lib.sh... -grpconv
\ No newline at end of file +grpconv diff --git a/init-sh/level4.sh b/init-sh/level4.sh index f1a5b4c..6fbcf9b 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -59,6 +59,9 @@ echo -e "\t- Check shadow file integrity : yes." AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : yes." AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : yes." + AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet + AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : yes." AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf # end security check diff --git a/init-sh/level5.sh b/init-sh/level5.sh index a8c50ff..f3752a6 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -50,6 +50,9 @@ echo -e "\t- Check shadow file integrity : yes." AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : yes." AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning by mail : yes." + AddRules "MAIL_WARN=yes" /etc/security/msec/security.conf quiet + AddRules "MAIL_USER=root" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : yes." AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf # end security check diff --git a/init-sh/perm.0 b/init-sh/perm.0 index 5249019..d305e1d 100644 --- a/init-sh/perm.0 +++ b/init-sh/perm.0 @@ -26,6 +26,7 @@ /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 /etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 diff --git a/init-sh/perm.1 b/init-sh/perm.1 index 39ded6d..b0815fa 100644 --- a/init-sh/perm.1 +++ b/init-sh/perm.1 @@ -26,6 +26,7 @@ /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 /etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 diff --git a/init-sh/perm.2 b/init-sh/perm.2 index d8cbec2..e416827 100644 --- a/init-sh/perm.2 +++ b/init-sh/perm.2 @@ -26,6 +26,7 @@ /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 /etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 744 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 diff --git a/init-sh/perm.3 b/init-sh/perm.3 index 69f9fe5..17305d7 100644 --- a/init-sh/perm.3 +++ b/init-sh/perm.3 @@ -26,6 +26,7 @@ /etc/hosts.equiv root.root 644 /etc/inetd.conf root.root 644 /etc/init.d/ root.root 755 +/etc/rc.d/init.d/syslog root.root 700 /etc/inittab root.root 644 /etc/ld.so.conf root.root 644 /etc/lilo.conf root.root 644 @@ -40,7 +41,7 @@ /etc/ssh_host_key root.root 644 /etc/ssh_host_key.pub root.root 644 /etc/sshd_config root.root 644 -/etc/syslog.conf root.root 644 +/etc/syslog.conf root.adm 640 /etc/updatedb.conf root.root 644 /home/ root.root 755 /home/* current 700 diff --git a/init-sh/perm.4 b/init-sh/perm.4 index d976e49..8df0c23 100644 --- a/init-sh/perm.4 +++ b/init-sh/perm.4 @@ -25,7 +25,8 @@ /etc/hosts.deny root.adm 640 /etc/hosts.equiv root.adm 640 /etc/inetd.conf root.adm 640 -/etc/init.d/ root.root 750 +/etc/rc.d/init.d/ root.adm 750 +/etc/rc.d/init.d/syslog root.adm 740 /etc/inittab root.adm 640 /etc/ld.so.conf root.adm 640 /etc/lilo.conf root.adm 600 diff --git a/init-sh/perm.5 b/init-sh/perm.5 index ec1b9b9..5765340 100644 --- a/init-sh/perm.5 +++ b/init-sh/perm.5 @@ -25,7 +25,8 @@ /etc/hosts.deny root.root 600 /etc/hosts.equiv root.root 600 /etc/inetd.conf root.root 600 -/etc/init.d/ root.root 700 +/etc/rc.d/init.d/ root.root 700 +/etc/rc.d/init.d/syslog root.root 700 /etc/inittab root.root 600 /etc/ld.so.conf root.root 600 /etc/lilo.conf root.root 600 @@ -4,7 +4,7 @@ Summary: Security Level & Program for the Linux Mandrake distribution Name: msec Version: %{version} -Release: 8mdk +Release: 10mdk Source: %{name}-%{version}.tar.bz2 Copyright: GPL Group: System Environment/Base @@ -41,6 +41,10 @@ rm -rf $RPM_BUILD_ROOT %changelog * Fri Dec 24 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com> +- Use the mail user variable. +- level[35]: also do a mail report. +- moved Syslog(), Ttylog(), Maillog() to security.sh +- security_check.sh & diff_check.sh now sourced from security.sh - Typo / bug fix - init-sh/perm[15]: files should be constant in their content. all entry should be in each perm file |