blob: 10110b4eb6f2418917e430bb1b025eba36cc9d3a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/bash
if [ -f /etc/security/msec/security.conf ]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
exit 1
fi
Syslog() {
if [ "${SYSLOG_WARN}" == "yes" ]; then
/sbin/initlog --string="${1}"
fi
}
Ttylog() {
if [ "${TTYLOG_WARN}" == "yes" ]; then
w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do
echo -e "${1}" > /dev/$i
done
fi
}
PROMISC_CHECK="/usr/bin/promisc_check -q"
#
# Check if a network interface is in promisc check...
# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
#
LogPromisc() {
Syslog "Security warning : $1 is in promiscuous mode."
Syslog " A sniffer is probably running on your system."
Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m"
Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m"
echo "Security warning : $1 is in promiscuous mode." >> /var/log/security.log
echo " A sniffer is probably running on your system." >> /var/log/security.log
}
if [ -f /etc/security/msec/security.conf ]; then
. /etc/security/msec/security.conf
else
exit 1
fi
if [ CHECK_PROMISC == "no" ]; then
exit 0;
fi
for INTERFACE in `$PROMISC_CHECK`; do
LogPromisc $INTERFACE
done
|
