blob: 2297595b3fa6901a69a623c013ab4f66691dc3c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/bash
if [ -f /etc/security/msec/security.conf ]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
exit 1
fi
if tail /var/log/security.log | grep -q "promiscuous"; then
# Dont flood with warning.
exit 0
fi
Syslog() {
if [ "${SYSLOG_WARN}" == "yes" ]; then
/sbin/initlog --string="${1}"
fi
}
Ttylog() {
if [ "${TTYLOG_WARN}" == "yes" ]; then
w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do
echo -e "${1}" > /dev/$i
done
fi
}
PROMISC="/usr/bin/promisc_check -q"
#
# Check if a network interface is in promisc check...
# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
#
LogPromisc() {
date=`date`
Syslog "Security warning : $1 is in promiscuous mode."
Syslog " A sniffer is probably running on your system."
Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m"
Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m"
echo -e "\n${date} Security warning : $1 is in promiscuous mode." >> /var/log/security.log
echo " A sniffer is probably running on your system." >> /var/log/security.log
}
if [ -f /etc/security/msec/security.conf ]; then
. /etc/security/msec/security.conf
else
exit 1
fi
if [ ${CHECK_PROMISC}=="no" ]; then
exit 0;
fi
for INTERFACE in `${PROMISC}`; do
LogPromisc $INTERFACE
done
|
