diff options
Diffstat (limited to 'cron-sh')
-rwxr-xr-x | cron-sh/diff_check.sh | 33 | ||||
-rwxr-xr-x | cron-sh/security.sh | 48 | ||||
-rwxr-xr-x | cron-sh/security_check.sh | 21 |
3 files changed, 49 insertions, 53 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index f6cff92..9b548d6 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -17,27 +17,6 @@ fi SECURITY_LOG="/var/log/security.log" TMP=`mktemp /tmp/secure.XXXXXX` -### Functions ### - -Syslog() { - if [[ ${SYSLOG_WARN} == yes ]]; then - cat ${1} | while read line; do - /sbin/initlog --string="${line}" - done - fi -} - -Ttylog() { - if [[ ${TTY_WARN} == yes ]]; then - for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do - cat ${1} > /dev/$i - done - fi -} - -################## - - ### New Suid root files detection if [[ ${CHECK_SUID_ROOT} == yes ]]; then @@ -95,10 +74,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then if ! diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF}; then printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP} - grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do + grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do printf "\t\t- Added un-owned files : ${file}\n" - done > ${TMP} - grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + done >> ${TMP} + grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do printf "\t\t- Removed un-owned files : ${file}\n" done >> ${TMP} fi @@ -110,7 +89,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do printf "\t\t- Added un-owned files : ${file}\n" done >> ${TMP} - grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do printf "\t\t- Removed un-owned files : ${file}\n" done >> ${TMP} fi @@ -161,8 +140,12 @@ if [[ -s ${TMP} ]]; then Syslog ${TMP} Ttylog ${TMP} date=`date` + echo -e "\n\n*** Diff Check, ${date} ***\n" >> ${SECURITY_LOG} cat ${TMP} >> ${SECURITY_LOG} + + Maillog "*** Diff Check, ${date} ***" "${TMP}" + fi if [[ -f ${TMP} ]]; then diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 10eb54b..9f97382 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -42,31 +42,31 @@ if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi -if [[ -s ${SUID_ROOT_TODAY} ]]; then +if [[ -f ${SUID_ROOT_TODAY} ]]; then mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY}; fi -if [[ -s ${SUID_GROUP_TODAY} ]]; then +if [[ -f ${SUID_GROUP_TODAY} ]]; then mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY}; fi -if [[ -s ${WRITEABLE_TODAY} ]]; then +if [[ -f ${WRITEABLE_TODAY} ]]; then mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY}; fi -if [[ -s ${UNOWNED_USER_TODAY} ]]; then +if [[ -f ${UNOWNED_USER_TODAY} ]]; then mv ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY}; fi -if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then +if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then mv ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY}; fi -if [[ -s ${OPEN_PORT_TODAY} ]]; then +if [[ -f ${OPEN_PORT_TODAY} ]]; then mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} fi -if [[ -s ${SUID_MD5_TODAY} ]]; then +if [[ -f ${SUID_MD5_TODAY} ]]; then mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY}; fi @@ -82,15 +82,43 @@ cat ${SUID_ROOT_TODAY} | while read line; do md5sum ${line} done > ${SUID_MD5_TODAY} +### Functions ### -. /etc/security/msec/cron-sh/diff_check.sh -. /etc/security/msec/cron-sh/security_check.sh - +Syslog() { + if [[ ${SYSLOG_WARN} == yes ]]; then + cat ${1} | while read line; do + /sbin/initlog --string="${line}" + done + fi +} +Ttylog() { + if [[ ${TTY_WARN} == yes ]]; then + for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do + cat ${1} > /dev/$i + done + fi +} +Maillog() { + subject=${1} + text=${2} + if [[ ${MAIL_WARN} != yes ]]; then + return; + fi + if [[ -z ${MAIL_USER} ]]; then + return; + fi + if [[ -x /bin/mail ]]; then + cat ${text} | /bin/mail -s "${subject}" "${MAIL_USER}" + fi +} +################## +. /etc/security/msec/cron-sh/diff_check.sh +. /etc/security/msec/cron-sh/security_check.sh diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index bc0cd62..0c0948a 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -24,24 +24,6 @@ if [[ ! -d /var/log/security ]]; then mkdir /var/log/security fi -### Functions ### - -Syslog() { - if [[ ${SYSLOG_WARN} == yes ]]; then - cat ${1} | while read line; do - /sbin/initlog --string="${line}" - done - fi -} - -Ttylog() { - if [[ ${TTY_WARN} == yes ]]; then - for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do - cat ${1} > /dev/${i} - done - fi -} - ### Writeable file detection if [[ ${CHECK_WRITEABLE} == yes ]]; then if [[ -s ${WRITEABLE_TODAY} ]]; then @@ -265,9 +247,12 @@ if [[ -s ${SECURITY} ]]; then Syslog ${SECURITY} Ttylog ${SECURITY} date=`date` + echo -e "\n\n*** Security Check, ${date} ***\n" >> ${SECURITY_LOG} cat ${SECURITY} >> ${SECURITY_LOG} cat ${INFOS} >> ${SECURITY_LOG} + + Maillog "*** Security Check, ${date} ***" "${SECURITY} ${INFOS}" fi if [[ -f ${SECURITY} ]]; then |