aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2002-02-14 00:53:31 +0000
committerFrederic Lepied <flepied@mandriva.com>2002-02-14 00:53:31 +0000
commit243db9ef7ae3fc061fc841c51b8c6f20490b3df7 (patch)
tree25bbd8e9c6381837ec45326ec1487306c8f89547
parentf5f8da18b3aeca5175bbf09f66938190c1ee67fc (diff)
downloadmsec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar
msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.gz
msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.bz2
msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.tar.xz
msec-243db9ef7ae3fc061fc841c51b8c6f20490b3df7.zip
use ip to detect promiscuous mode with 2.4 kernels.
-rwxr-xr-xcron-sh/promisc_check.sh52
1 files changed, 20 insertions, 32 deletions
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
index ec0526d..9a6c3dd 100755
--- a/cron-sh/promisc_check.sh
+++ b/cron-sh/promisc_check.sh
@@ -3,18 +3,6 @@
# Writen by Vandoorselaere Yoann,
# <yoann@mandrakesoft.com>
-if [[ -f /etc/security/msec/security.conf ]]; then
- . /etc/security/msec/security.conf
-else
- echo "/etc/security/msec/security.conf doesn't exist."
- exit 1
-fi
-
-if tail /var/log/security.log | grep -q "promiscuous"; then
- # Dont flood with warning.
- exit 0
-fi
-
Syslog() {
if [[ ${SYSLOG_WARN} == yes ]]; then
/sbin/initlog --string="${1}"
@@ -23,15 +11,12 @@ Syslog() {
Ttylog() {
if [[ ${TTYLOG_WARN} == yes ]]; then
- w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do
+ w | grep -v "load\|TTY" | grep '^root' | awk '{print $2}' | while read line; do
echo -e "${1}" > /dev/$i
done
fi
}
-# Check if a network interface is in promiscuous mode...
-PROMISC="/usr/bin/promisc_check -q"
-
LogPromisc() {
date=`date`
Syslog "Security warning : $1 is in promiscuous mode."
@@ -42,30 +27,33 @@ LogPromisc() {
echo " A sniffer is probably running on your system." >> /var/log/security.log
}
+
+if [[ -f /etc/security/msec/security.conf ]]; then
+ . /etc/security/msec/security.conf
+else
+ echo "/etc/security/msec/security.conf doesn't exist."
+ exit 1
+fi
+
+if tail /var/log/security.log | grep -q "promiscuous"; then
+ # Dont flood with warning.
+ exit 0
+fi
+
+# Check if a network interface is in promiscuous mode...
if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
- exit 1
+ exit 1
fi
if [[ ${CHECK_PROMISC} == no ]]; then
- exit 0;
+ exit 0;
fi
-for INTERFACE in `${PROMISC}`; do
- LogPromisc ${INTERFACE}
+for INTERFACE in `ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do
+ LogPromisc ${INTERFACE}
done
-
-
-
-
-
-
-
-
-
-
-
-
+# promisc_check.sh ends here