aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYoann Vandoorselaere <yoann@mandriva.com>1999-12-17 15:22:37 +0000
committerYoann Vandoorselaere <yoann@mandriva.com>1999-12-17 15:22:37 +0000
commit35fce927a70a6e882770d33c80949b39e8ee2837 (patch)
treeabbc25b04ac45b5c9b6df15517d50523dc0994ef
parent46c44c4aa32d03cbf640edc1e388d7f4a6cc649a (diff)
downloadmsec-35fce927a70a6e882770d33c80949b39e8ee2837.tar
msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.gz
msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.bz2
msec-35fce927a70a6e882770d33c80949b39e8ee2837.tar.xz
msec-35fce927a70a6e882770d33c80949b39e8ee2837.zip
*** empty log message ***
-rw-r--r--ChangeLog3
-rw-r--r--Makefile4
-rwxr-xr-xcron-sh/diff_check.sh9
-rwxr-xr-xcron-sh/security_check.sh25
-rw-r--r--init-sh/lib.sh7
5 files changed, 21 insertions, 27 deletions
diff --git a/ChangeLog b/ChangeLog
index a5e9d20..4d790c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
1999-12-17 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- * security_check.sh: fix the mktemp problem
+ * security_check.sh: Bugfix
+ * diff_check.sh: dito
1999-12-16 Yoann Vandoorselaere <yoann@mandrakesoft.com>
* Don't use msec parsing routine to hack inittab.
diff --git a/Makefile b/Makefile
index ce48997..b042803 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ rpm_install: all
cp init-sh/grpuser.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp init-sh/custom.sh $(RPM_BUILD_ROOT)/etc/security/msec/init-sh
cp cron-sh/*.sh $(RPM_BUILD_ROOT)/etc/security/msec/cron-sh
- touch $(RPM_BUILD_ROOT)/etc/security/msec/security.conf
+ cp init-sh/security.conf $(RPM_BUILD_ROOT)/etc/security/msec/security.conf
install -s src/promisc_check/promisc_check $(RPM_BUILD_ROOT)/usr/bin
echo "Install complete"
@@ -48,7 +48,7 @@ install:
(cp init-sh/*.[0-5] /etc/security/msec/init-sh/)
(cp init-sh/custom.sh /etc/security/msec/init-sh);
(cp init-sh/server.* /etc/security/msec/init-sh)
- (touch /etc/security/msec/security.conf)
+ (cp init-sh/security.conf /etc/security/msec/security.conf)
(cd src/promisc_check; make install)
(cd cron-sh; make install)
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 6c22184..603edf6 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -14,15 +14,6 @@ if [[ ${CHECK_SECURITY} == no ]]; then
exit 0
fi
-# Modified filters coming from debian security scripts.
-CS_NFSAFS='(nfs|afs|xfs|coda)'
-CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')'
-CS_DEVS='^/dev/fd'
-CS_DIRS='on /mnt'
-FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS"
-DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3`
-###
-
SUID_ROOT_TODAY="/var/log/security/suid_root.today"
SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday"
SUID_ROOT_DIFF="/var/log/security/suid_root.diff"
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 87c7043..d7d6ff3 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -7,7 +7,7 @@
if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
- echo "/etc/security/msec/security.conf don't exist."
+ echo "/etc/security/msec/security.conf don't exist."
exit 1
fi
@@ -43,30 +43,35 @@ Ttylog() {
### Writeable file detection
if [[ ${CHECK_WRITEABLE} == yes ]]; then
- find ${DIR} -xdev -type f -perm -2 -ls -print | awk '{print $11}' | sort > ${TMP}
+ find ${DIR} -xdev -type f -perm -2 -print | sort > ${TMP}
if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: World Writeable Files found :\n" >> ${SECURITY}
- cat ${TMP} >> ${SECURITY}
+ cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY}
fi
fi
### Search Un Owned file
if [[ ${CHECK_UNOWNED} == yes ]]; then
- find ${DIR} -xdev -nouser -print -ls | awk '{print $11}' | sort > ${TMP}
+ find ${DIR} -xdev -nouser -print | sort > ${TMP}
+
if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning : the following file aren't owned by any user :\n" >> ${SECURITY}
- printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURE_LOG}
- cat ${TMP} >> ${SECURITY}
- cat ${TMP} | while read line; do chown nobody ${line}; done
+ printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURITY_LOG}
+ cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY}
+ cat ${TMP} | while read line; do
+ chown nobody ${line};
+ done
fi
- find $DIR -xdev -nogroup -print -ls | awk '{print $11}' | sort > ${TMP}
+ find $DIR -xdev -nogroup -print | sort > ${TMP}
if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning : the following file aren't owned by any group :\n" >> ${SECURITY}
printf "\ttheses files now have group \"nogroup\" as their group owner." >> ${SECURITY}
- cat ${TMP} >> ${SECURITY}
- cat ${TMP} | while read line; do chgrp nogroup ${line}; done
+ cat ${TMP} | awk '{print "\t\t- " $0}' >> ${SECURITY}
+ cat ${TMP} | while read line; do
+ chgrp nogroup ${line};
+ done
fi
fi
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index 71af4c7..e8798c7 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -85,7 +85,7 @@ CleanRules() {
fi
echo -en "\t- Cleaning msec appended line in ${file} : "
-
+
tmpfile=`mktemp /tmp/secure.XXXXXX`
cp ${file} ${tmpfile}
@@ -196,7 +196,7 @@ CommentUserRules /etc/hosts.allow
CleanRules /etc/securetty
CommentUserRules /etc/securetty
CleanRules /etc/security/msec/security.conf
-CommentUserRules /etc/security/msec/security.conf
+#CommentUserRules /etc/security/msec/security.conf
CleanRules /etc/profile
CleanRules /etc/lilo.conf
CleanRules /etc/rc.d/rc.firewall
@@ -260,6 +260,3 @@ echo
-
-
-