aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/diff_check.sh33
-rwxr-xr-xcron-sh/security.sh48
-rwxr-xr-xcron-sh/security_check.sh21
3 files changed, 49 insertions, 53 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index f6cff92..9b548d6 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -17,27 +17,6 @@ fi
SECURITY_LOG="/var/log/security.log"
TMP=`mktemp /tmp/secure.XXXXXX`
-### Functions ###
-
-Syslog() {
- if [[ ${SYSLOG_WARN} == yes ]]; then
- cat ${1} | while read line; do
- /sbin/initlog --string="${line}"
- done
- fi
-}
-
-Ttylog() {
- if [[ ${TTY_WARN} == yes ]]; then
- for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
- cat ${1} > /dev/$i
- done
- fi
-}
-
-##################
-
-
### New Suid root files detection
if [[ ${CHECK_SUID_ROOT} == yes ]]; then
@@ -95,10 +74,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then
if ! diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF}; then
printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP}
- grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
+ grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
printf "\t\t- Added un-owned files : ${file}\n"
- done > ${TMP}
- grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
+ done >> ${TMP}
+ grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
printf "\t\t- Removed un-owned files : ${file}\n"
done >> ${TMP}
fi
@@ -110,7 +89,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
printf "\t\t- Added un-owned files : ${file}\n"
done >> ${TMP}
- grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
+ grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
printf "\t\t- Removed un-owned files : ${file}\n"
done >> ${TMP}
fi
@@ -161,8 +140,12 @@ if [[ -s ${TMP} ]]; then
Syslog ${TMP}
Ttylog ${TMP}
date=`date`
+
echo -e "\n\n*** Diff Check, ${date} ***\n" >> ${SECURITY_LOG}
cat ${TMP} >> ${SECURITY_LOG}
+
+ Maillog "*** Diff Check, ${date} ***" "${TMP}"
+
fi
if [[ -f ${TMP} ]]; then
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 10eb54b..9f97382 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -42,31 +42,31 @@ if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
-if [[ -s ${SUID_ROOT_TODAY} ]]; then
+if [[ -f ${SUID_ROOT_TODAY} ]]; then
mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY};
fi
-if [[ -s ${SUID_GROUP_TODAY} ]]; then
+if [[ -f ${SUID_GROUP_TODAY} ]]; then
mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY};
fi
-if [[ -s ${WRITEABLE_TODAY} ]]; then
+if [[ -f ${WRITEABLE_TODAY} ]]; then
mv ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY};
fi
-if [[ -s ${UNOWNED_USER_TODAY} ]]; then
+if [[ -f ${UNOWNED_USER_TODAY} ]]; then
mv ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY};
fi
-if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then
+if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then
mv ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY};
fi
-if [[ -s ${OPEN_PORT_TODAY} ]]; then
+if [[ -f ${OPEN_PORT_TODAY} ]]; then
mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
fi
-if [[ -s ${SUID_MD5_TODAY} ]]; then
+if [[ -f ${SUID_MD5_TODAY} ]]; then
mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
fi
@@ -82,15 +82,43 @@ cat ${SUID_ROOT_TODAY} | while read line; do
md5sum ${line}
done > ${SUID_MD5_TODAY}
+### Functions ###
-. /etc/security/msec/cron-sh/diff_check.sh
-. /etc/security/msec/cron-sh/security_check.sh
-
+Syslog() {
+ if [[ ${SYSLOG_WARN} == yes ]]; then
+ cat ${1} | while read line; do
+ /sbin/initlog --string="${line}"
+ done
+ fi
+}
+Ttylog() {
+ if [[ ${TTY_WARN} == yes ]]; then
+ for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
+ cat ${1} > /dev/$i
+ done
+ fi
+}
+Maillog() {
+ subject=${1}
+ text=${2}
+ if [[ ${MAIL_WARN} != yes ]]; then
+ return;
+ fi
+ if [[ -z ${MAIL_USER} ]]; then
+ return;
+ fi
+ if [[ -x /bin/mail ]]; then
+ cat ${text} | /bin/mail -s "${subject}" "${MAIL_USER}"
+ fi
+}
+##################
+. /etc/security/msec/cron-sh/diff_check.sh
+. /etc/security/msec/cron-sh/security_check.sh
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index bc0cd62..0c0948a 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -24,24 +24,6 @@ if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
-### Functions ###
-
-Syslog() {
- if [[ ${SYSLOG_WARN} == yes ]]; then
- cat ${1} | while read line; do
- /sbin/initlog --string="${line}"
- done
- fi
-}
-
-Ttylog() {
- if [[ ${TTY_WARN} == yes ]]; then
- for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
- cat ${1} > /dev/${i}
- done
- fi
-}
-
### Writeable file detection
if [[ ${CHECK_WRITEABLE} == yes ]]; then
if [[ -s ${WRITEABLE_TODAY} ]]; then
@@ -265,9 +247,12 @@ if [[ -s ${SECURITY} ]]; then
Syslog ${SECURITY}
Ttylog ${SECURITY}
date=`date`
+
echo -e "\n\n*** Security Check, ${date} ***\n" >> ${SECURITY_LOG}
cat ${SECURITY} >> ${SECURITY_LOG}
cat ${INFOS} >> ${SECURITY_LOG}
+
+ Maillog "*** Security Check, ${date} ***" "${SECURITY} ${INFOS}"
fi
if [[ -f ${SECURITY} ]]; then