aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/diff_check.sh48
-rwxr-xr-xcron-sh/security.sh16
-rwxr-xr-xcron-sh/security_check.sh30
3 files changed, 47 insertions, 47 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index bccfc44..ac7c10c 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -28,10 +28,10 @@ if [[ ${CHECK_SUID_ROOT} == yes ]]; then
if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then
printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${TMP}
grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly added suid root file : ${file}\n"
+ printf "\t\t- Newly added suid root file : ${file}\n"
done >> ${TMP}
grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present suid root file : ${file}\n"
+ printf "\t\t- No longer present suid root file : ${file}\n"
done >> ${TMP}
fi
fi
@@ -45,10 +45,10 @@ if [[ ${CHECK_SUID_GROUP} == yes ]]; then
if ! diff -u ${SUID_GROUP_YESTERDAY} ${SUID_GROUP_TODAY} > ${SUID_GROUP_DIFF}; then
printf "\nSecurity Warning: Changes in Sgid files found :\n" >> ${TMP}
grep '^+' ${SUID_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly added sgid file : ${file}\n"
+ printf "\t\t- Newly added sgid file : ${file}\n"
done >> ${TMP}
grep '^-' ${SUID_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present sgid file : ${file}\n"
+ printf "\t\t- No longer present sgid file : ${file}\n"
done >> ${TMP}
fi
fi
@@ -56,17 +56,17 @@ if [[ ${CHECK_SUID_GROUP} == yes ]]; then
fi
### Writable files detection
-if [[ ${CHECK_WRITEABLE} == yes ]]; then
+if [[ ${CHECK_WRITABLE} == yes ]]; then
- if [[ -f ${WRITEABLE_YESTERDAY} ]]; then
- diff -u ${WRITEABLE_YESTERDAY} ${WRITEABLE_TODAY} > ${WRITEABLE_DIFF}
- if [ -s ${WRITEABLE_DIFF} ]; then
- printf "\nSecurity Warning: Change in World Writeable Files found :\n" >> ${TMP}
- grep '^+' ${WRITEABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly added writables files : ${file}\n"
+ if [[ -f ${WRITABLE_YESTERDAY} ]]; then
+ diff -u ${WRITABLE_YESTERDAY} ${WRITABLE_TODAY} > ${WRITABLE_DIFF}
+ if [ -s ${WRITABLE_DIFF} ]; then
+ printf "\nSecurity Warning: Change in World Writable Files found :\n" >> ${TMP}
+ grep '^+' ${WRITABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
+ printf "\t\t- Newly added writable file : ${file}\n"
done >> ${TMP}
- grep '^-' ${WRITEABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present writables file : ${file}\n"
+ grep '^-' ${WRITABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
+ printf "\t\t- No longer present writable file : ${file}\n"
done >> ${TMP}
fi
fi
@@ -81,10 +81,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
if [ -s ${UNOWNED_USER_DIFF} ]; then
printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP}
grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly added un-owned file : ${file}\n"
+ printf "\t\t- Newly added un-owned file : ${file}\n"
done >> ${TMP}
grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present un-owned file : ${file}\n"
+ printf "\t\t- No longer present un-owned file : ${file}\n"
done >> ${TMP}
fi
fi
@@ -94,10 +94,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
if [ -s ${UNOWNED_GROUP_DIFF} ]; then
printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${TMP}
grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly added un-owned file : ${file}\n"
+ printf "\t\t- Newly added un-owned file : ${file}\n"
done >> ${TMP}
grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present un-owned file : ${file}\n"
+ printf "\t\t- No longer present un-owned file : ${file}\n"
done >> ${TMP}
fi
fi
@@ -118,7 +118,7 @@ if [[ ${CHECK_SUID_MD5} == yes ]]; then
printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${TMP}
ctrl_md5=1;
fi
- printf "\t\t- Checksum changed files : ${file}\n"
+ printf "\t\t- Checksum changed file : ${file}\n"
fi
done >> ${TMP}
fi
@@ -151,10 +151,10 @@ if [[ ${RPM_CHECK} == yes ]]; then
if [ -s ${RPM_QA_DIFF} ]; then
printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${TMP}
grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly installed package : ${file}\n"
+ printf "\t\t- Newly installed package : ${file}\n"
done >> ${TMP}
grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more present package : ${file}\n"
+ printf "\t\t- No longer present package : ${file}\n"
done >> ${TMP}
fi
fi
@@ -163,10 +163,10 @@ if [[ ${RPM_CHECK} == yes ]]; then
if [ -s ${RPM_VA_DIFF} ]; then
printf "\nSecurity Warning: These files belonging to packages have changed of status on the system :\n" >> ${TMP}
grep '^+' ${RPM_VA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly modified : ${file}\n"
+ printf "\t\t- Newly modified : ${file}\n"
done >> ${TMP}
grep '^-' ${RPM_VA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more modified : ${file}\n"
+ printf "\t\t- No longer modified : ${file}\n"
done >> ${TMP}
fi
fi
@@ -175,10 +175,10 @@ if [[ ${RPM_CHECK} == yes ]]; then
if [ -s ${RPM_VA_CONFIG_DIFF} ]; then
printf "\nSecurity Warning: These config files belonging to packages have changed of status on the system :\n" >> ${TMP}
grep '^+' ${RPM_VA_CONFIG_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
- printf "\t\t- Newly modified : ${file}\n"
+ printf "\t\t- Newly modified : ${file}\n"
done >> ${TMP}
grep '^-' ${RPM_VA_CONFIG_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
- printf "\t\t- No more modified : ${file}\n"
+ printf "\t\t- No longer modified : ${file}\n"
done >> ${TMP}
fi
fi
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 2828f71..7c51395 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -49,9 +49,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
export OPEN_PORT_TODAY="/var/log/security/open_port.today"
OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
OPEN_PORT_DIFF="/var/log/security/open_port.diff"
-export WRITEABLE_TODAY="/var/log/security/writeable.today"
-WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday"
-WRITEABLE_DIFF="/var/log/security/writeable.diff"
+export WRITABLE_TODAY="/var/log/security/writable.today"
+WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
+WRITABLE_DIFF="/var/log/security/writable.diff"
export UNOWNED_USER_TODAY="/var/log/security/unowned_user.today"
UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.yesterday"
UNOWNED_USER_DIFF="/var/log/security/unowned_user.diff"
@@ -91,8 +91,8 @@ if [[ -f ${SUID_GROUP_TODAY} ]]; then
mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY};
fi
-if [[ -f ${WRITEABLE_TODAY} ]]; then
- mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY};
+if [[ -f ${WRITABLE_TODAY} ]]; then
+ mv ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY};
fi
if [[ -f ${UNOWNED_USER_TODAY} ]]; then
@@ -142,9 +142,9 @@ if [[ -f ${SUID_GROUP_TODAY} ]]; then
mv -f ${SUID_GROUP_TODAY}.tmp ${SUID_GROUP_TODAY}
fi
-if [[ -f ${WRITEABLE_TODAY} ]]; then
- sort < ${WRITEABLE_TODAY} | egrep -v '^(/var)?/tmp$' > ${WRITEABLE_TODAY}.tmp
- mv -f ${WRITEABLE_TODAY}.tmp ${WRITEABLE_TODAY}
+if [[ -f ${WRITABLE_TODAY} ]]; then
+ sort < ${WRITABLE_TODAY} | egrep -v '^(/var)?/tmp$' > ${WRITABLE_TODAY}.tmp
+ mv -f ${WRITABLE_TODAY}.tmp ${WRITABLE_TODAY}
fi
if [[ -f ${UNOWNED_USER_TODAY} ]]; then
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 1e9b5cc..dbac4f4 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -28,11 +28,11 @@ if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
-### Writeable file detection
-if [[ ${CHECK_WRITEABLE} == yes ]]; then
- if [[ -s ${WRITEABLE_TODAY} ]]; then
- printf "\nSecurity Warning: World Writeable files found :\n" >> ${SECURITY}
- cat ${WRITEABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
+### Writable file detection
+if [[ ${CHECK_WRITABLE} == yes ]]; then
+ if [[ -s ${WRITABLE_TODAY} ]]; then
+ printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY}
+ cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
fi
fi
@@ -76,16 +76,16 @@ done | awk '$1 != $6 && $6 != "0" \
$4 ~ /^-......r/ \
{ print "\t\t- " $3 " : file is other readable." }
$4 ~ /^-....w/ \
- { print "\t\t- " $3 " : file is group writeable." }
+ { print "\t\t- " $3 " : file is group writable." }
$4 ~ /^-.......w/ \
- { print "\t\t- " $3 " : file is other writeable." }' > ${TMP}
+ { print "\t\t- " $3 " : file is other writable." }' > ${TMP}
if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: these files shouldn't be owned by someone else or readable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
-### Files that should not be owned by someone else or writeable.
+### Files that should not be owned by someone else or writable.
list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \
.forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \
.nexrc .screenrc .ssh .ssh/config .ssh/authorized_keys .ssh/environment \
@@ -101,16 +101,16 @@ while read username uid homedir; do
done | awk '$1 != $6 && $6 != "0" \
{ print "\t\t- " $3 " : file is owned by uid " $6 "." }
$4 ~ /^.....w/ \
- { print "\t\t- " $3 " : file is group writeable." }
+ { print "\t\t- " $3 " : file is group writable." }
$4 ~ /^........w/ \
- { print "\t\t- " $3 " : file is other writeable." }' > ${TMP}
+ { print "\t\t- " $3 " : file is other writable." }' > ${TMP}
if [[ -s ${TMP} ]]; then
- printf "\nSecurity Warning: theses files should not be owned by someone else or writeable :\n" >> ${SECURITY}
+ printf "\nSecurity Warning: theses files should not be owned by someone else or writable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
-### Check home directories. Directories should not be owned by someone else or writeable.
+### Check home directories. Directories should not be owned by someone else or writable.
awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | \
while read username uid homedir; do
if [[ -d ${homedir} ]] ; then
@@ -122,12 +122,12 @@ while read username uid homedir; do
done | awk '$3 != $5 && $5 != "(0)" \
{ print "user=" $2 $3 " : home directory is owned by " $4 $5 "." }
$1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" \
- { print "user=" $2 $3" : home directory is group writeable." }
+ { print "user=" $2 $3" : home directory is group writable." }
$1 ~ /^d.......w/ \
- { print "user=" $2 $3" : home directory is other writeable." }' > ${TMP}
+ { print "user=" $2 $3" : home directory is other writable." }' > ${TMP}
if [[ -s $TMP ]] ; then
- printf "\nSecurity Warning: these home directory should not be owned by someone else or writeable :\n" >> ${SECURITY}
+ printf "\nSecurity Warning: these home directory should not be owned by someone else or writable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
fi # End of check perms