From cf3dd6d78e400692f9d34bb3d5692db4d613906b Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Fri, 26 Jun 2009 19:20:16 +0000
Subject: Updated promisc check.

---
 cron-sh/scripts/02_network.sh |  5 +++++
 cron-sh/scripts/06_promisc.sh | 41 -----------------------------------------
 2 files changed, 5 insertions(+), 41 deletions(-)
 delete mode 100755 cron-sh/scripts/06_promisc.sh

(limited to 'cron-sh/scripts')

diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index 621c7af..cdb477d 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -77,3 +77,8 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
     fi
 fi
 
+### Check if network is in promisc mode
+if [[ ${CHECK_PROMISC} == yes ]]; then
+        # check_promisc handles this
+        . /usr/share/msec/promisc_check.sh
+fi
diff --git a/cron-sh/scripts/06_promisc.sh b/cron-sh/scripts/06_promisc.sh
deleted file mode 100755
index af248f0..0000000
--- a/cron-sh/scripts/06_promisc.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-# msec: this checks if the network is in promiscuous mose
-
-. /usr/share/msec/functions.sh
-
-LogPromisc() {
-    date=`date`
-    Syslog "Security warning : $1 is in promiscuous mode."
-    Syslog "    A sniffer is probably running on your system."
-    Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m"
-    Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m"
-    # are we being run from security.sh script?
-    if [ ! -z "$SECURITY" ]; then
-            printf "\nSecurity Warning: $1 is in promiscuous mode!" >> ${SECURITY}
-            printf "    A sniffer is probably running on your system." >> ${SECURITY}
-    fi
-}
-
-if [[ -f /etc/security/msec/security.conf ]]; then
-    . /etc/security/msec/security.conf
-else
-    echo "/etc/security/msec/security.conf don't exist."
-    return 1
-fi
-
-if tail /var/log/security.log | grep -q "promiscuous"; then
-    # Dont flood with warning.
-    return 0
-fi
-
-# Check if a network interface is in promiscuous mode...
-
-if [[ ${CHECK_PROMISC} == no ]]; then
-    return 0;
-fi
-
-for INTERFACE in `/sbin/ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do
-    LogPromisc ${INTERFACE}
-done
-
-# promisc_check.sh ends here
-- 
cgit v1.2.1