*** empty log message ***

author: Yoann Vandoorselaere <yoann@mandriva.com> 1999-12-08 12:00:22 +0000
committer: Yoann Vandoorselaere <yoann@mandriva.com> 1999-12-08 12:00:22 +0000
commit: 27d842aa9fa2e9fc83b49da73bb8cbaea89220e2 (patch)
tree: 66bc80fb5d10f8dd1024abbb99ec99984002d31c /cron-sh/file_check.sh
parent: b9b97333067488941954d9991d8dd47c9b2fb9d1 (diff)
download: msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar
msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.gz
msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.bz2
msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.xz
msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.zip
1 files changed, 0 insertions, 241 deletions
diff --git a/cron-sh/file_check.sh b/cron-sh/file_check.sh
deleted file mode 100755
index 9ff094f..0000000
--- a/cron-sh/file_check.sh
+++ /dev/null
@@ -1,241 +0,0 @@
-#!/bin/bash
-
-#
-# Basic security checking for suid files.
-# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
-#
-
-if [ -f /etc/security/msec/security.conf ]; then
-    . /etc/security/msec/security.conf
-else
-    exit 1
-fi
-
-if [ SECURITY_CHECK == "no" ]; then
-    exit 0
-fi
-
-# Modified filters coming from debian security scripts.
-CS_NFSAFS='(nfs|afs|xfs|coda)'
-CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')'
-CS_DEVS='^/dev/fd'
-CS_DIRS='on /mnt'
-FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS"
-DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3`
-###
-
-SUID_ROOT_TODAY="/var/log/security/suid_root.today"
-SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday"
-SUID_ROOT_DIFF="/var/log/security/suid_root.diff"
-SUID_GROUP_TODAY="/var/log/security/suid_group.today"
-SUID_GROUP_YESTERDAY="/var/log/security/suid_group.yesterday"
-SUID_GROUP_DIFF="/var/log/security/suid_group.diff"
-SUID_MD5_TODAY="/var/log/security/suid_md5.today"
-SUID_MD5_YESTERDAY="/var/log/security/suid_md5.yesterday"
-SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
-OPEN_PORT_TODAY="/var/log/security/open_port.today"
-OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
-OPEN_PORT_DIFF="/var/log/security/open_port.diff"
-WRITEABLE_TODAY="/var/log/security/writeable.today"
-WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday"
-WRITEABLE_DIFF="/var/log/security/writeable.diff"
-UNOWNED_TODAY="/var/log/security/unowned.today"
-UNOWNED_YESTERDAY="/var/log/security/unowned.yesterday"
-UNOWNED_DIFF="/var/log/security/unowned.diff"
-
-SECURITY_LOG="/var/log/security.log"
-TMP="/tmp/secure.tmp"
-
-if [ ! -d /var/log/security ]; then
-    mkdir /var/log/security
-fi
-
-chattr -a /var/log/security/ >& /dev/null
-chattr -a /var/log/security/* >& /dev/null
-
-rm -f ${TMP} ${SECURITY_TMP} >& /dev/null
-
-### Functions ###
-
-Syslog() {
-    if [ $SYS_LOG=="yes" ]; then
-	cat ${1} | while read line; do
-	    /sbin/initlog --string="${line}"
-	done
-    fi
-}
-
-Ttylog() {
-	if [ $TTY_LOG=="yes" ]; then
-		for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do
-			echo -e "$1" > /dev/$i
-		done
-	fi
-}
-
-##################
-
-
-### New Suid root files detection
-if [ ${CHECK_SUID_ROOT}=="yes" ]; then
-
-    if [ -f ${SUID_ROOT_TODAY} ]; then
-	mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY}
-    fi
-
-    find ${DIR} -xdev -type f -perm +04000 -user root \
-	-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_ROOT_TODAY}
-
-    if [ -f ${SUID_ROOT_YESTERDAY} ]; then
-	if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then
-	    printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${TMP}
-	    grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " |  sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Added suid root files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Removed suid root files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
-fi
-
-### New Suid group files detection
-if [ ${CHECK_SUID_GROUP} ]; then
-    if [ -f ${SUID_GROUP_TODAY} ]; then
-	mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY}
-    fi
-
-    find ${DIR} -xdev -type f -perm +02000 \
-	-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_GROUP_TODAY}
-
-    if [ -f ${SUID_GROUP_YESTERDAY} ]; then
-	if ! diff -u ${SUID_GROUP_YESTERDAY} ${SUID_GROUP_TODAY} > ${SUID_GROUP_DIFF}; then
-	    printf "\nSecurity Warning: Changes in Suid Group files found :\n" >> ${TMP}
-	    grep '^+' ${SUID_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Added suid group files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${SUID_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Removed suid group files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
-fi
-
-### Writable files detection
-if [ ${CHECK_WRITEABLE}=="yes" ]; then
-
-    if [ -f ${WRITEABLE_TODAY} ]; then
-	mv -f ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY}
-    fi
-
-    find ${DIR} -xdev -type f -perm -2 -ls -print | sort > ${WRITEABLE_TODAY}
-
-    if [ -f ${WRITEABLE_YESTERDAY} ]; then
-	if ! diff -u ${WRITEABLE_YESTERDAY} ${WRITEABLE_TODAY} > ${WRITEABLE_DIFF}; then
-	    printf "\nSecurity Warning: Change in World Writeable Files found :\n" >> ${TMP}
-	    grep '^+' ${WRITEABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Added writables files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${WRITEABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Removed writables files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
-fi
-
-### Search Non Owned files
-if [ ${CHECK_UNOWNED}=="yes" ]; then
-
-    if [ -f ${UNOWNED_TODAY} ]; then
-	mv -f ${UNOWNED_TODAY} ${UNOWNED_YESTERDAY}
-    fi
-
-    find ${DIR} -xdev -nouser -print -ls | sort > ${UNOWNED_TODAY}
-    
-    if [ -f ${UNOWNED_YESTERDAY} ]; then
-	if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then
-	    printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP}
-	    grep '^+' ${UNOWNED_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Added un-owned files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${UNOWNED_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Removed un-owned files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
- 
-    find ${DIR} -xdev -nogroup -print -ls | sort >> ${UNOWNED_TODAY}
-
-    if [ -f ${UNOWNED_YESTERDAY} ]; then
-	if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then
-	    printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${TMP}
-	    grep '^+' ${UNOWNED_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Added un-owned files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${UNOWNED_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Removed un-owned files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
-fi
-
-### Md5 check for SUID root file
-if [ ${CHECK_SUID_MD5}=="yes" ]; then 
-    if [ -f ${SUID_MD5_TODAY} ]; then
-	mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY}
-    fi
-
-    touch ${SUID_MD5_TODAY}
-    awk '{print $12}' ${SUID_ROOT_TODAY} |
-	while read line; do 
-	    md5sum ${line} >> ${SUID_MD5_TODAY}
-	done
-	
-    if [ -f ${SUID_MD5_YESTERDAY} ]; then
-	if ! diff -u ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} > ${SUID_MD5_DIFF}; then
-	    printf "\nSecurity Warning: the md5 checksum for one of your SUID files has changed,\n" >> ${TMP}
-	    printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${TMP}
-	    grep '^+' ${SUID_MD5_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $2}' | while read file; do
-		printf "\t\t- Changed ( added ) files : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${SUID_MD5_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $2}' | while read file; do
-		printf "\t\t- Changed ( removed ) files : ${file}.\n" >> ${TMP}
-	    done
-	fi
-    fi
-fi
-
-### Changed open port
-if [ ${CHECK_OPEN_PORT}=="yes" ]; then
-    if [ -f ${OPEN_PORT_TODAY} ]; then
-	mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
-    fi
-
-    netstat -pvlA inet > ${OPEN_PORT_TODAY};
-    
-    if [ -f ${OPEN_PORT_YESTERDAY} ]; then
-	if ! diff -u ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}; then
-	    printf "\nSecurity Warning: There is a new port listening on your machine :\n" >> ${TMP}
-	    grep '^+' ${OPEN_PORT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t-  Opened ports : ${file}.\n" >> ${TMP}
-	    done
-	    grep '^-' ${OPEN_PORT_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
-		printf "\t\t- Closed ports  : ${file}.\n" >> ${TMP}
-	    done
-        fi
-    fi
-fi
-
-######## Report ######
-if [ -s ${TMP} ]; then
-    Syslog ${TMP}
-    Ttylog ${TMP}
-    cat ${TMP} >> ${SECURITY_LOG}
-    rm -f ${TMP}
-fi
-
-
-# We launch our other report engine :)
-/etc/security/msec/cron-sh/security_check.sh
-
-
author	Yoann Vandoorselaere <yoann@mandriva.com>	1999-12-08 12:00:22 +0000
committer	Yoann Vandoorselaere <yoann@mandriva.com>	1999-12-08 12:00:22 +0000
commit	27d842aa9fa2e9fc83b49da73bb8cbaea89220e2 (patch)
tree	66bc80fb5d10f8dd1024abbb99ec99984002d31c /cron-sh/file_check.sh
parent	b9b97333067488941954d9991d8dd47c9b2fb9d1 (diff)
download	msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.gz msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.bz2 msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.tar.xz msec-27d842aa9fa2e9fc83b49da73bb8cbaea89220e2.zip