From 243db9ef7ae3fc061fc841c51b8c6f20490b3df7 Mon Sep 17 00:00:00 2001
From: Frederic Lepied <flepied@mandriva.com>
Date: Thu, 14 Feb 2002 00:53:31 +0000
Subject: use ip to detect promiscuous mode with 2.4 kernels.

---
 cron-sh/promisc_check.sh | 52 +++++++++++++++++++-----------------------------
 1 file changed, 20 insertions(+), 32 deletions(-)

diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
index ec0526d..9a6c3dd 100755
--- a/cron-sh/promisc_check.sh
+++ b/cron-sh/promisc_check.sh
@@ -3,18 +3,6 @@
 # Writen by Vandoorselaere Yoann, 
 # <yoann@mandrakesoft.com>
 
-if [[ -f /etc/security/msec/security.conf ]]; then
-	. /etc/security/msec/security.conf
-else
-	echo "/etc/security/msec/security.conf doesn't exist."
-	exit 1
-fi
-
-if tail /var/log/security.log | grep -q "promiscuous"; then
-    # Dont flood with warning.
-    exit 0
-fi
-
 Syslog() {
     if [[ ${SYSLOG_WARN} == yes ]]; then
         /sbin/initlog --string="${1}"
@@ -23,15 +11,12 @@ Syslog() {
 
 Ttylog() {
     if [[ ${TTYLOG_WARN} == yes ]]; then
-        w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do
+	w | grep -v "load\|TTY" | grep '^root' | awk '{print $2}' | while read line; do
             echo -e "${1}" > /dev/$i
         done
     fi
 }
 
-# Check if a network interface is in promiscuous mode...
-PROMISC="/usr/bin/promisc_check -q"
-
 LogPromisc() {
     date=`date`
     Syslog "Security warning : $1 is in promiscuous mode."
@@ -42,30 +27,33 @@ LogPromisc() {
     echo "    A sniffer is probably running on your system." >> /var/log/security.log
 
 }
+    
+if [[ -f /etc/security/msec/security.conf ]]; then
+    . /etc/security/msec/security.conf
+else
+    echo "/etc/security/msec/security.conf doesn't exist."
+    exit 1
+fi
+
+if tail /var/log/security.log | grep -q "promiscuous"; then
+    # Dont flood with warning.
+    exit 0
+fi
+
+# Check if a network interface is in promiscuous mode...
 
 if [[ -f /etc/security/msec/security.conf ]]; then
     . /etc/security/msec/security.conf
 else 
-	exit 1
+    exit 1
 fi
 
 if [[ ${CHECK_PROMISC} == no ]]; then
-	exit 0;
+    exit 0;
 fi
 
-for INTERFACE in `${PROMISC}`; do
-	LogPromisc ${INTERFACE}
+for INTERFACE in `ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do
+    LogPromisc ${INTERFACE}
 done
 
-
-
-
-
-
-
-
-
-
-
-
-
+# promisc_check.sh ends here
-- 
cgit v1.2.1