diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:19 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:19 +0000 |
| commit | 65e2c9e92c8ef52fc6d47348ddd1bf255e069701 (patch) | |
| tree | c1a17bae95574c827018b72374f4715a5318e366 | |
| parent | cf3dd6d78e400692f9d34bb3d5692db4d613906b (diff) | |
| download | msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.gz msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.bz2 msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.tar.xz msec-65e2c9e92c8ef52fc6d47348ddd1bf255e069701.zip | |
Simplified diff checks.
| -rw-r--r-- | cron-sh/functions.sh | 18 | ||||
| -rwxr-xr-x | cron-sh/scripts/01_files.sh | 157 | ||||
| -rwxr-xr-x | cron-sh/scripts/02_network.sh | 31 | ||||
| -rwxr-xr-x | cron-sh/scripts/03_rpm.sh | 48 | ||||
| -rwxr-xr-x | cron-sh/scripts/04_rootkit.sh | 14 | ||||
| -rwxr-xr-x | cron-sh/scripts/05_access.sh | 28 |
6 files changed, 69 insertions, 227 deletions
diff --git a/cron-sh/functions.sh b/cron-sh/functions.sh index e987d91..594d703 100644 --- a/cron-sh/functions.sh +++ b/cron-sh/functions.sh @@ -37,6 +37,24 @@ FILTER="\(`echo $EXCLUDEDIR | sed -e 's/ /\\\|/g'`\)" ### Functions ### +Diffcheck() { + TODAY="$1" + YESTERDAY="$2" + DIFF="$3" + MESSAGE="$4" + if [[ -f ${YESTERDAY} ]]; then + if ! diff -u ${YESTERDAY} ${TODAY} > ${DIFF}; then + printf "\nSecurity Warning: change in $MESSAGE found :\n" >> ${DIFF} + grep '^+' ${DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Newly added $MESSAGE : ${file}\n" + done >> ${DIFF} + grep '^-' ${DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- No longer present $MESSAGE : ${file}\n" + done >> ${DIFF} + fi + fi +} + Syslog() { if [[ ${SYSLOG_WARN} == yes ]]; then cat ${1} | while read line; do diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh index dc20bd0..a38a874 100755 --- a/cron-sh/scripts/01_files.sh +++ b/cron-sh/scripts/01_files.sh @@ -94,139 +94,60 @@ fi ### New Suid root files detection if [[ ${CHECK_SUID_ROOT} == yes ]]; then - - if [[ -f ${SUID_ROOT_YESTERDAY} ]]; then - if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then - printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${DIFF} - grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added suid root file : ${file}\n" - done >> ${DIFF} - grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present suid root file : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_DIFF} "Suid Root files" fi ### New Sgid files detection if [[ ${CHECK_SGID} == yes ]]; then - - if [[ -f ${SGID_YESTERDAY} ]]; then - if ! diff -u ${SGID_YESTERDAY} ${SGID_TODAY} > ${SGID_DIFF}; then - printf "\nSecurity Warning: Changes in Sgid files found :\n" >> ${DIFF} - grep '^+' ${SGID_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added sgid file : ${file}\n" - done >> ${DIFF} - grep '^-' ${SGID_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present sgid file : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${SGID_TODAY} ${SGID_YESTERDAY} ${SGID_DIFF} "Sgid files" fi ### Writable files detection if [[ ${CHECK_WRITABLE} == yes ]]; then - - if [[ -f ${WRITABLE_YESTERDAY} ]]; then - diff -u ${WRITABLE_YESTERDAY} ${WRITABLE_TODAY} > ${WRITABLE_DIFF} - if [ -s ${WRITABLE_DIFF} ]; then - printf "\nSecurity Warning: Change in World Writable Files found :\n" >> ${DIFF} - grep '^+' ${WRITABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added writable file : ${file}\n" - done >> ${DIFF} - grep '^-' ${WRITABLE_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present writable file : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY} ${WRITABLE_DIFF} "World Writable files" fi ### Search Non Owned files if [[ ${CHECK_UNOWNED} == yes ]]; then - - if [[ -f ${UNOWNED_USER_YESTERDAY} ]]; then - diff -u ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_TODAY} > ${UNOWNED_USER_DIFF} - if [ -s ${UNOWNED_USER_DIFF} ]; then - printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${DIFF} - grep '^+' ${UNOWNED_USER_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added un-owned file : ${file}\n" - done >> ${DIFF} - grep '^-' ${UNOWNED_USER_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present un-owned file : ${file}\n" - done >> ${DIFF} - fi - fi - - if [[ -f ${UNOWNED_GROUP_YESTERDAY} ]]; then - diff -u ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_TODAY} > ${UNOWNED_GROUP_DIFF} - if [ -s ${UNOWNED_GROUP_DIFF} ]; then - printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${DIFF} - grep '^+' ${UNOWNED_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added un-owned file : ${file}\n" - done >> ${DIFF} - grep '^-' ${UNOWNED_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present un-owned file : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_DIFF} "Un-owned files" + Diffcheck ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_DIFF} "Un-owned group files" fi ### Md5 check for SUID root fileg if [[ ${CHECK_SUID_MD5} == yes ]]; then - ctrl_md5=0; - - if [[ -f ${SUID_MD5_YESTERDAY} ]]; then - diff -u ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} > ${SUID_MD5_DIFF} - if [ -s ${SUID_MD5_DIFF} ]; then - grep '^+' ${SUID_MD5_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | awk '{print $2}' | while read file; do - if cat ${SUID_MD5_YESTERDAY} | awk '{print $2}' | grep -qw ${file}; then - if [[ ${ctrl_md5} == 0 ]]; then - printf "\nSecurity Warning: the md5 checksum for one of your SUID files has changed,\n" >> ${DIFF} - printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${DIFF} - ctrl_md5=1; - fi - printf "\t\t- Checksum changed file : ${file}\n" - fi - done >> ${DIFF} - fi - fi - + Diffcheck ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} ${SUID_MD5_DIFF} "SUID files MD5 checksum" fi ### Writable file detection if [[ ${CHECK_WRITABLE} == yes ]]; then if [[ -s ${WRITABLE_TODAY} ]]; then - printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY} - cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} + printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY} + cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} fi fi ### Search Un Owned file if [[ ${CHECK_UNOWNED} == yes ]]; then if [[ -s ${UNOWNED_USER_TODAY} ]]; then - printf "\nSecurity Warning : User Unowned files found :\n" >> ${SECURITY} - printf "\t( theses files now have user \"nobody\" as their owner. )\n" >> ${SECURITY} - cat ${UNOWNED_USER_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} + printf "\nSecurity Warning : User Unowned files found :\n" >> ${SECURITY} + printf "\t( theses files now have user \"nobody\" as their owner. )\n" >> ${SECURITY} + cat ${UNOWNED_USER_TODAY} >> ${SECURITY} cat ${UNOWNED_USER_TODAY} | while read line; do - if [[ ${FIX_UNOWNED} == yes ]]; then - chown nobody "${line}"; # Use quote if filename contain space. - fi - done + if [[ ${FIX_UNOWNED} == yes ]]; then + chown nobody "${line}"; # Use quote if filename contain space. + fi + done fi if [[ -s ${UNOWNED_GROUP_TODAY} ]]; then - printf "\nSecurity Warning : Group Unowned files found :\n" >> ${SECURITY} + printf "\nSecurity Warning : Group Unowned files found :\n" >> ${SECURITY} printf "\t( theses files now have group \"nogroup\" as their group owner. )\n" >> ${SECURITY} - cat ${UNOWNED_GROUP_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY} - cat ${UNOWNED_GROUP_TODAY} | while read line; do - if [[ ${FIX_UNOWNED} == yes ]]; then - chgrp nogroup "${line}"; # Use quote if filename contain space. - fi - done + cat ${UNOWNED_GROUP_TODAY} >> ${SECURITY} + cat ${UNOWNED_GROUP_TODAY} | while read line; do + if [[ ${FIX_UNOWNED} == yes ]]; then + chgrp nogroup "${line}"; # Use quote if filename contain space. + fi + done fi fi @@ -237,23 +158,23 @@ list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \ getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | while IFS=: read username uid homedir; do if ! expr "$homedir" : "$FILTER" > /dev/null; then - for f in ${list} ; do - file="${homedir}/${f}" - if [[ -f "${file}" ]] ; then - res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'` - printf "${uid}:${username}:${file}:${res}\n" - fi - done + for f in ${list} ; do + file="${homedir}/${f}" + if [[ -f "${file}" ]] ; then + res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'` + printf "${uid}:${username}:${file}:${res}\n" + fi + done fi done | awk -F: '$1 != $6 && $6 != "0" \ { print "\t\t- " $3 " : file is owned by uid " $6 "." } - $4 ~ /^-...r/ \ + $4 ~ /^-...r/ \ { print "\t\t- " $3 " : file is group readable." } - $4 ~ /^-......r/ \ + $4 ~ /^-......r/ \ { print "\t\t- " $3 " : file is other readable." } - $4 ~ /^-....w/ \ + $4 ~ /^-....w/ \ { print "\t\t- " $3 " : file is group writable." } - $4 ~ /^-.......w/ \ + $4 ~ /^-.......w/ \ { print "\t\t- " $3 " : file is other writable." }' > ${MSEC_TMP} if [[ -s ${MSEC_TMP} ]]; then @@ -271,12 +192,12 @@ list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \ getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \ while IFS=: read username uid homedir; do if ! expr "$homedir" : "$FILTER" > /dev/null; then - for f in ${list} ; do - file="${homedir}/${f}" - if [[ -e "${file}" ]] ; then - res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'` - printf "${uid}:${username}:${file}:${res}\n" - fi + for f in ${list} ; do + file="${homedir}/${f}" + if [[ -e "${file}" ]] ; then + res=`ls -LldcGn "${file}" | sed 's/ \{1,\}/:/g'` + printf "${uid}:${username}:${file}:${res}\n" + fi done fi done | awk -F: '$1 != $6 && $6 != "0" \ diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh index cdb477d..ebd8a4c 100755 --- a/cron-sh/scripts/02_network.sh +++ b/cron-sh/scripts/02_network.sh @@ -34,43 +34,16 @@ fi ### Changed open port if [[ ${CHECK_OPEN_PORT} == yes ]]; then - - if [[ -f ${OPEN_PORT_YESTERDAY} ]]; then - diff -u ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF} - if [ -s ${OPEN_PORT_DIFF} ]; then - printf "\nSecurity Warning: There are modifications for port listening on your machine :\n" >> ${DIFF} - grep '^+' ${OPEN_PORT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Opened ports : ${file}\n" - done >> ${DIFF} - grep '^-' ${OPEN_PORT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Closed ports : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_DIFF} "network ports" fi ### Changed firewall if [[ ${CHECK_FIREWALL} == yes ]]; then - - if [[ -f ${FIREWALL_YESTERDAY} ]]; then - diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF} - if [ -s ${FIREWALL_DIFF} ]; then - printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${DIFF} - grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- New entries : ${file}\n" - done >> ${DIFF} - grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Removed entries : ${file}\n" - done >> ${DIFF} - fi - fi - + Diffcheck ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY} ${FIREWALL_DIFF} "firewall rules" fi ### Dump a list of open port. if [[ ${CHECK_OPEN_PORT} == yes ]]; then - if [[ -s ${OPEN_PORT_TODAY} ]]; then printf "\nThese are the ports listening on your machine :\n" >> ${INFOS} cat ${OPEN_PORT_TODAY} >> ${INFOS} diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh index ae88542..5eb1399 100755 --- a/cron-sh/scripts/03_rpm.sh +++ b/cron-sh/scripts/03_rpm.sh @@ -40,19 +40,7 @@ fi # list of installed packages if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY} - - if [[ -f ${RPM_QA_YESTERDAY} ]]; then - diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF} - if [ -s ${RPM_QA_DIFF} ]; then - printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF} - grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly installed package : ${file}\n" - done >> ${DIFF} - grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present package : ${file}\n" - done >> ${DIFF} - fi - fi + Diffcheck ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY} ${RPM_QA_DIFF} "installed packages" fi # integrity of installed packages @@ -66,42 +54,16 @@ if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then # full check if [[ -s ${RPM_VA_TODAY} ]]; then printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY} - cat ${RPM_VA_TODAY} | while read f; do - printf "\t\t- $f\n" - done >> ${SECURITY} + cat ${RPM_VA_TODAY} >> ${SECURITY} fi if [[ -s ${RPM_VA_CONFIG_TODAY} ]]; then printf "\nSecurity Warning: These config files belonging to packages are modified on the system :\n" >> ${SECURITY} - cat ${RPM_VA_CONFIG_TODAY} | while read f; do - printf "\t\t- $f\n" - done >> ${SECURITY} + cat ${RPM_VA_CONFIG_TODAY} >> ${SECURITY} fi # diff check - if [[ -f ${RPM_VA_YESTERDAY} ]]; then - diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF} - if [ -s ${RPM_VA_DIFF} ]; then - printf "\nSecurity Warning: These files belonging to packages have changed of status on the system :\n" >> ${DIFF} - grep '^+' ${RPM_VA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly modified : ${file}\n" - done >> ${DIFF} - grep '^-' ${RPM_VA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer modified : ${file}\n" - done >> ${DIFF} - fi - fi - if [[ -f ${RPM_VA_CONFIG_YESTERDAY} ]]; then - diff -u ${RPM_VA_CONFIG_YESTERDAY} ${RPM_VA_CONFIG_TODAY} > ${RPM_VA_CONFIG_DIFF} - if [ -s ${RPM_VA_CONFIG_DIFF} ]; then - printf "\nSecurity Warning: These config files belonging to packages have changed of status on the system :\n" >> ${DIFF} - grep '^+' ${RPM_VA_CONFIG_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly modified : ${file}\n" - done >> ${DIFF} - grep '^-' ${RPM_VA_CONFIG_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer modified : ${file}\n" - done >> ${DIFF} - fi - fi + Diffcheck ${RPM_VA_TODAY} ${RPM_VA_YESTERDAY} ${RPM_VA_DIFF} "files belonging to packages" + Diffcheck ${RPM_VA_CONFIG_TODAY} ${RPM_VA_CONFIG_YESTERDAY} ${RPM_VA_CONFIG_DIFF} "config files belonging to packages" fi diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh index b83e727..c518247 100755 --- a/cron-sh/scripts/04_rootkit.sh +++ b/cron-sh/scripts/04_rootkit.sh @@ -32,18 +32,6 @@ fi ### Changed chkrootkit if [[ ${CHECK_CHKROOTKIT} == yes ]]; then - - if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then - diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF} - if [ -s ${CHKROOTKIT_DIFF} ]; then - printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${DIFF} - grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Added : ${file}\n" - done >> ${DIFF} - grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Removed : ${file}\n" - done >> ${DIFF} - fi - fi + Diffcheck ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_DIFF} "chkrootkit results" fi diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh index e63a3c8..b66e87f 100755 --- a/cron-sh/scripts/05_access.sh +++ b/cron-sh/scripts/05_access.sh @@ -20,18 +20,8 @@ fi # check for changes in users if [[ ${CHECK_USERS} == yes ]]; then - getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY} - if [[ -f ${USERS_LIST_YESTERDAY} ]]; then - if ! diff -u ${USERS_LIST_YESTERDAY} ${USERS_LIST_TODAY} > ${USERS_LIST_DIFF}; then - printf "\nSecurity Warning: Changes in list of users found :\n" >> ${DIFF} - grep '^+' ${USERS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added users : ${file}\n" - done >> ${DIFF} - grep '^-' ${USERS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present users : ${file}\n" - done >> ${DIFF} - fi - fi + getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY} + Diffcheck ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY} ${USERS_LIST_DIFF} "local users" fi # check for changes in groups @@ -45,18 +35,8 @@ fi # check for changes in groups if [[ ${CHECK_GROUPS} == yes ]]; then - getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY} - if [[ -f ${GROUPS_LIST_YESTERDAY} ]]; then - if ! diff -u ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_TODAY} > ${GROUPS_LIST_DIFF}; then - printf "\nSecurity Warning: Changes in list of groups found :\n" >> ${DIFF} - grep '^+' ${GROUPS_LIST_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- Newly added groups : ${file}\n" - done >> ${DIFF} - grep '^-' ${GROUPS_LIST_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do - printf "\t\t- No longer present groups : ${file}\n" - done >> ${DIFF} - fi - fi + getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY} + Diffcheck ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_DIFF} "local groups" fi ### Passwd file check |