aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/security.sh21
-rwxr-xr-xcron-sh/security_check.sh2
2 files changed, 10 insertions, 13 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 054a312..10eb54b 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -30,7 +30,6 @@ UNOWNED_GROUP_YESTERDAY="/var/log/security/unowned_group.yesterday"
UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.diff"
# Modified filters coming from debian security scripts.
-
CS_NFSAFS='(nfs|afs|xfs|coda)'
CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')'
CS_DEVS='^/dev/fd'
@@ -38,9 +37,6 @@ CS_DIRS='on /mnt'
FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS"
DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3`
PRINT="%h/%f\n"
-#PRINT="%8i %5m %3n %-10u %-10g %9s %t %h/%f\n"
-
-
if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
@@ -74,20 +70,21 @@ if [[ -s ${SUID_MD5_TODAY} ]]; then
mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
fi
-netstat -pvlA inet > ${OPEN_PORT_TODAY};
-find ${DIR} -xdev -type f -perm +04000 -user root -printf "${PRINT}" | sort > ${SUID_ROOT_TODAY}
-find ${DIR} -xdev -type f -perm +02000 -printf "${PRINT}" | sort > ${SUID_GROUP_TODAY}
-find ${DIR} -xdev -type f -perm -2 -printf "${PRINT}" | sort > ${WRITEABLE_TODAY}
-find ${DIR} -xdev -nouser -printf "${PRINT}" | sort > ${UNOWNED_USER_TODAY}
-find ${DIR} -xdev -nogroup -printf "${PRINT}" | sort > ${UNOWNED_GROUP_TODAY}
+
+netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY};
+find ${DIR} -xdev -type f -perm +04000 -user root -printf "${PRINT}" 2> /dev/null | sort > ${SUID_ROOT_TODAY}
+find ${DIR} -xdev -type f -perm +02000 -printf "${PRINT}" 2> /dev/null | sort > ${SUID_GROUP_TODAY}
+find ${DIR} -xdev -type f -perm -2 -printf "${PRINT}" 2> /dev/null | sort > ${WRITEABLE_TODAY}
+find ${DIR} -xdev -nouser -printf "${PRINT}" 2> /dev/null | sort > ${UNOWNED_USER_TODAY}
+find ${DIR} -xdev -nogroup -printf "${PRINT}" 2> /dev/null | sort > ${UNOWNED_GROUP_TODAY}
cat ${SUID_ROOT_TODAY} | while read line; do
md5sum ${line}
done > ${SUID_MD5_TODAY}
-/etc/security/msec/cron-sh/diff_check.sh
-/etc/security/msec/cron-sh/security_check.sh
+. /etc/security/msec/cron-sh/diff_check.sh
+. /etc/security/msec/cron-sh/security_check.sh
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 5b961bd..bc0cd62 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -197,7 +197,7 @@ fi
/bin/mount | /bin/grep -v nosuid | /bin/grep ' nfs ' > ${TMP}
if [[ -s ${TMP} ]] ; then
printf "\nSecurity Warning: The following NFS mounts haven't got the nosuid option set :\n" >> ${SECURITY}
- cat ${TMP} >> ${SECURITY}
+ cat ${TMP} | awk '{ print "\t\t- "$0 }' >> ${SECURITY}
fi
### Files that should not have + signs.