blob: 594d70329c0c5433fce158edd25a2f135814e363 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/bin/bash
# msec: shared function
. /etc/sysconfig/i18n
if [[ -f /etc/profile.d/10lang.sh ]]; then
. /etc/profile.d/10lang.sh
fi
if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
exit 1
fi
if [ -r /etc/security/shell ]; then
. /etc/security/shell
fi
umask ${UMASK_ROOT=077}
# main security log
SECURITY_LOG="/var/log/security.log"
# Modified filters coming from debian security scripts.
# rootfs is not listed among excluded types, because
# / is mounted twice, and filtering it would mess with excluded dir list
TYPE_FILTER='(devpts|sysfs|usbfs|tmpfs|binfmt_misc|rpc_pipefs|securityfs|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|hfs|nfs|afs|coda|cifs|fuse.gvfs-fuse-daemon)'
MOUNTPOINT_FILTER='^\/mnt|^\/media'
DIR=`awk '$3 !~ /'$TYPE_FILTER'/ && $2 !~ /'$MOUNTPOINT_FILTER'/ \
{print $2}' /proc/mounts | uniq`
PRINT="%h/%f\n"
EXCLUDEDIR=`awk '$3 ~ /'$TYPE_FILTER'/ || $2 ~ /'$MOUNTPOINT_FILTER'/ \
{print $2}' /proc/mounts | uniq`
export EXCLUDEDIR
FILTER="\(`echo $EXCLUDEDIR | sed -e 's/ /\\\|/g'`\)"
### Functions ###
Diffcheck() {
TODAY="$1"
YESTERDAY="$2"
DIFF="$3"
MESSAGE="$4"
if [[ -f ${YESTERDAY} ]]; then
if ! diff -u ${YESTERDAY} ${TODAY} > ${DIFF}; then
printf "\nSecurity Warning: change in $MESSAGE found :\n" >> ${DIFF}
grep '^+' ${DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
printf "\t\t- Newly added $MESSAGE : ${file}\n"
done >> ${DIFF}
grep '^-' ${DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
printf "\t\t- No longer present $MESSAGE : ${file}\n"
done >> ${DIFF}
fi
fi
}
Syslog() {
if [[ ${SYSLOG_WARN} == yes ]]; then
cat ${1} | while read line; do
logger -t msec -- "${line}"
done
fi
}
Ttylog() {
if [[ ${TTY_WARN} == yes ]]; then
for i in `w | grep -v "load\|TTY" | grep '^root' | awk '{print $2}'` ; do
cat ${1} > /dev/$i
done
fi
}
Maillog() {
subject=${1}
text=${2}
SOMETHING_TO_SEND=
if [[ ${MAIL_WARN} == yes ]]; then
# define a mail user
if [[ -z ${MAIL_USER} ]]; then
MAIL_USER="root"
fi
if [[ -x /bin/mail ]]; then
for f in ${text}; do
if [[ -s $f ]]; then
SOMETHING_TO_SEND=1
break
fi
done
if [[ -z ${SOMETHING_TO_SEND} ]]; then
if [[ ${MAIL_EMPTY_CONTENT} != no ]]; then
/bin/mail -s "${subject}" "${MAIL_USER}" <<EOF
Nothing has changed since the last run.
EOF
fi
else
# remove non-printable characters,
# see http://qa.mandriva.com/show_bug.cgi?id=36848 and https://qa.mandriva.com/show_bug.cgi?id=26773
cat ${text} | sed -e "s,[[:cntrl:]],,g" | LC_CTYPE=$LC_CTYPE /bin/mail -s "${subject}" "${MAIL_USER}"
fi
fi
fi
}
Notifylog() {
if [[ ${NOTIFY_WARN} == yes ]]; then
message=${1}
DBUS_SEND=`which dbus-send 2>/dev/null`
if [ -x "$DBUS_SEND" ]; then
$DBUS_SEND --system --type=signal /com/mandriva/user com.mandriva.user.security_notification string:"$message"
fi
fi
}
##################
|
