diff options
| author | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-12-06 18:11:39 +0000 |
|---|---|---|
| committer | Yoann Vandoorselaere <yoann@mandriva.com> | 1999-12-06 18:11:39 +0000 |
| commit | 74055382de3e44e81bf084d08883e7a9e5b90b04 (patch) | |
| tree | 506dc12e505459cc3e1b79c0bf965e77b14f81db /cron-sh/file_check.sh | |
| parent | 81fd9c016d08d9f26cb784dff1049a967b209a01 (diff) | |
| download | msec-74055382de3e44e81bf084d08883e7a9e5b90b04.tar msec-74055382de3e44e81bf084d08883e7a9e5b90b04.tar.gz msec-74055382de3e44e81bf084d08883e7a9e5b90b04.tar.bz2 msec-74055382de3e44e81bf084d08883e7a9e5b90b04.tar.xz msec-74055382de3e44e81bf084d08883e7a9e5b90b04.zip | |
*** empty log message ***
Diffstat (limited to 'cron-sh/file_check.sh')
| -rwxr-xr-x | cron-sh/file_check.sh | 416 |
1 files changed, 130 insertions, 286 deletions
diff --git a/cron-sh/file_check.sh b/cron-sh/file_check.sh index f91dce3..60a87e5 100755 --- a/cron-sh/file_check.sh +++ b/cron-sh/file_check.sh @@ -15,8 +15,6 @@ if [ SECURITY_CHECK == "no" ]; then exit 0 fi -OUT=./blah - # Modified filters coming from debian security scripts. CS_NFSAFS='(nfs|afs|xfs|coda)' CS_TYPES=' type (devpts|auto|proc|msdos|fat|vfat|iso9660|ncpfs|smbfs|'$CS_NFSAFS')' @@ -26,47 +24,45 @@ FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS" DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3` ### -SUID_ROOT_TODAY=/var/log/security/suid_root.today -SUID_ROOT_YESTERDAY=/var/log/security/suid_root.yesterday -SUID_ROOT_DIFF=/var/log/security/suid_root.diff -SUID_GROUP_TODAY=/var/log/security/suid_group.today -SUID_GROUP_YESTERDAY=/var/log/security/suid_group.yesterday -SUID_GROUP_DIFF=/var/log/security/suid_group.diff -WRITABLE_TODAY=/var/log/security/writable.today -WRITABLE_YESTERDAY=/var/log/security/writable.yesterday -WRITABLE_DIFF=/var/log/security/writable.diff -UNOWNED_TODAY=/var/log/security/unowned.today -UNOWNED_YESTERDAY=/var/log/security/unowned.yesterday -UNOWNED_DIFF=/var/log/security/unowned.diff -PASSWD_TODAY=/var/log/security/passwd.today -PASSWD_YESTERDAY=/var/log/security/passwd.yesterday -PASSWD_DIFF=/var/log/security/passwd.diff -SHADOW_TODAY=/var/log/security/shadow.today -SHADOW_YESTERDAY=/var/log/security/shadow.yesterday -SHADOW_DIFF=/var/log/security/shadow.diff -HOST_TODAY=/var/log/security/hosts.today -HOST_YESTERDAY=/var/log/security/hosts.yesterday -HOST_DIFF=/var/log/security/hosts.diff -SUID_MD5_TODAY=/var/log/security/suid_md5.today -SUID_MD5_YESTERDAY=/var/log/security/suid_md5.yesterday -SUID_MD5_DIFF=/var/log/security/suid_md5.diff -OPEN_PORT_TODAY=/var/log/security/open_port.today -OPEN_PORT_YESTERDAY=/var/log/security/open_port.yesterday -OPEN_PORT_DIFF=/var/log/security/open_port.diff +SUID_ROOT_TODAY="/var/log/security/suid_root.today" +SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" +SUID_ROOT_DIFF="/var/log/security/suid_root.diff" +SUID_GROUP_TODAY="/var/log/security/suid_group.today" +SUID_GROUP_YESTERDAY="/var/log/security/suid_group.yesterday" +SUID_GROUP_DIFF="/var/log/security/suid_group.diff" +SUID_MD5_TODAY="/var/log/security/suid_md5.today" +SUID_MD5_YESTERDAY="/var/log/security/suid_md5.yesterday" +SUID_MD5_DIFF="/var/log/security/suid_md5.diff" +OPEN_PORT_TODAY="/var/log/security/open_port.today" +OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday" +OPEN_PORT_DIFF="/var/log/security/open_port.diff" +WRITEABLE_TODAY="/var/log/security/writeable.today" +WRITEABLE_YESTERDAY="/var/log/security/writeable.yesterday" +WRITEABLE_DIFF="/var/log/security/writeable.diff" +UNOWNED_TODAY="/var/log/security/unowned.today" +UNOWNED_YESTERDAY="/var/log/security/unowned.yesterday" +UNOWNED_DIFF="/var/log/security/unowned.diff" + +SECURITY_LOG="/var/log/security.log" +TMP="/tmp/secure.tmp" if [ ! -d /var/log/security ]; then mkdir /var/log/security fi -chattr -a /var/log/security/ -chattr -a /var/log/security/* +chattr -a /var/log/security/ >& /dev/null +chattr -a /var/log/security/* >& /dev/null + +rm -f ${TMP} ${SECURITY_TMP} >& /dev/null ### Functions ### Syslog() { - if [ $SYS_LOG=="yes" ]; then - /sbin/initlog --string="$1" - fi + if [ $SYS_LOG=="yes" ]; then + cat ${1} | while read line; do + /sbin/initlog --string="${line}" + done + fi } Ttylog() { @@ -80,84 +76,110 @@ Ttylog() { ################## -### New Suid root file detection ### -if [ $CHECK_SUID_ROOT=="yes" ]; then - if [ -f $SUID_ROOT_TODAY ]; then - mv $SUID_ROOT_TODAY $SUID_ROOT_YESTERDAY +### New Suid root files detection +if [ ${CHECK_SUID_ROOT}=="yes" ]; then + + if [ -f ${SUID_ROOT_TODAY} ]; then + mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} fi - find $DIR -xdev -type f -perm +04000 -user root \ - -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_ROOT_TODAY + find ${DIR} -xdev -type f -perm +04000 -user root \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_ROOT_TODAY} - if [ -f $SUID_ROOT_YESTERDAY ]; then - if ! diff $SUID_ROOT_YESTERDAY $SUID_ROOT_TODAY > $SUID_ROOT_DIFF; then - Syslog "Change in Suid Root file found, please consult $SUID_ROOT_DIFF" - Ttylog "\\033[1;31mChange in Suid Root file found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $SUID_ROOT_DIFF\\033[0;39m" + if [ -f ${SUID_ROOT_YESTERDAY} ]; then + if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then + printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${TMP} + grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Added suid root files : ${file}.\n" >> ${TMP} + done + grep '^-' ${SUID_ROOT_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Removed suid root files : ${file}.\n" >> ${TMP} + done fi fi fi -############################# - -### New Suid group file detection ### -if [ $CHECK_SUID_GROUP ]; then - if [ -f $SUID_GROUP_TODAY ]; then - mv $SUID_GROUP_TODAY $SUID_GROUP_YESTERDAY +### New Suid group files detection +if [ ${CHECK_SUID_GROUP} ]; then + if [ -f ${SUID_GROUP_TODAY} ]; then + mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY} fi - find $DIR -xdev -type f -perm +02000 \ - -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_GROUP_TODAY + find ${DIR} -xdev -type f -perm +02000 \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_GROUP_TODAY} - if [ -f $SUID_GROUP_YESTERDAY ]; then - if ! diff $SUID_GROUP_YESTERDAY $SUID_GROUP_TODAY > $SUID_GROUP_DIFF; then - Syslog "Change in Suid Group file found, please consult $SUID_GROUP_DIFF" - Ttylog "\\033[1;31mChange in Suid Group file found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $SUID_GROUP_DIFF\\033[0;39m" + if [ -f ${SUID_GROUP_YESTERDAY} ]; then + if ! diff -u ${SUID_GROUP_YESTERDAY} ${SUID_GROUP_TODAY} > ${SUID_GROUP_DIFF}; then + printf "\nSecurity Warning: Changes in Suid Group files found :\n" >> ${TMP} + grep '^+' ${SUID_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Added suid group files : ${file}.\n" >> ${TMP} + done + grep '^-' ${SUID_GROUP_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Removed suid group files : ${file}.\n" >> ${TMP} + done fi fi fi -############################# -### Writable file detection ### +### Writable files detection +if [ ${CHECK_WRITEABLE}=="yes" ]; then -if [ $CHECK_WRITABLE=="yes" ]; then - if [ -f $WRITABLE_TODAY ]; then - mv $WRITABLE_TODAY $WRITABLE_YESTERDAY + if [ -f ${WRITEABLE_TODAY} ]; then + mv -f ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY} fi - find $DIR -xdev -type f -perm -2 \ - -ls -print | sort > $WRITABLE_TODAY + find ${DIR} -xdev -type f -perm -2 -ls -print | sort > ${WRITEABLE_TODAY} - if [ -f $WRITABLE_YESTERDAY ]; then - if ! diff $WRITABLE_YESTERDAY $WRITABLE_TODAY > $WRITABLE_DIFF; then - Syslog "Change in World Writable File found, please consult $WRITABLE_DIFF" - Ttylog "\\033[1;31mChange in World Writable File found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $WRITABLE_DIFF\\033[0;39m" + if [ -f ${WRITEABLE_YESTERDAY} ]; then + if ! diff -u ${WRITEABLE_YESTERDAY} ${WRITEABLE_TODAY} > ${WRITEABLE_DIFF}; then + printf "\nSecurity Warning: Change in World Writeable Files found :\n" >> ${TMP} + grep '^+' ${WRITEABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Added writables files : ${file}.\n" >> ${TMP} + done + grep '^-' ${WRITEABLE_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Removed writables files : ${file}.\n" >> ${TMP} + done fi fi fi -################################# -### Search Un Owned file ### -if [ $CHECK_UNOWNED=="yes" ]; then - if [ -f $UNOWNED_TODAY ]; then - mv $UNOWNED_TODAY $UNOWNED_YESTERDAY +### Search Non Owned files +if [ ${CHECK_UNOWNED}=="yes" ]; then + + if [ -f ${UNOWNED_TODAY} ]; then + mv -f ${UNOWNED_TODAY} ${UNOWNED_YESTERDAY} fi - find $DIR -xdev -nouser -o -nogroup -print \ - -ls | sort > $UNOWNED_TODAY + find ${DIR} -xdev -nouser -print -ls | sort > ${UNOWNED_TODAY} + + if [ -f ${UNOWNED_YESTERDAY} ]; then + if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then + printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP} + grep '^+' ${UNOWNED_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Added un-owned files : ${file}.\n" >> ${TMP} + done + grep '^-' ${UNOWNED_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Removed un-owned files : ${file}.\n" >> ${TMP} + done + fi + fi + + find ${DIR} -xdev -nogroup -print -ls | sort >> ${UNOWNED_TODAY} - if [ -f $UNOWNED_YESTERDAY ]; then - if ! diff $UNOWNED_YESTERDAY $UNOWNED_TODAY; then - Syslog "Change in Un-Owned file user/group, please consult $UNOWNED_DIFF" - Ttylog "\\033[1;31mChange in Un-Owned file user/group found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $UNOWNED_DIFF\\033[0;39m" + if [ -f ${UNOWNED_YESTERDAY} ]; then + if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then + printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${TMP} + grep '^+' ${UNOWNED_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Added un-owned files : ${file}.\n" >> ${TMP} + done + grep '^-' ${UNOWNED_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Removed un-owned files : ${file}.\n" >> ${TMP} + done fi fi fi -########## Md5 check for SUID root file ######### +### Md5 check for SUID root file if [ ${CHECK_SUID_MD5}=="yes" ]; then if [ -f ${SUID_MD5_TODAY} ]; then mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} @@ -170,87 +192,20 @@ if [ ${CHECK_SUID_MD5}=="yes" ]; then done if [ -f ${SUID_MD5_YESTERDAY} ]; then - if ! diff ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} 1> ${SUID_MD5_DIFF}; then - Syslog "Warning, the md5 checksum for one of your SUID files has changed..." - Syslog "Maybe an intruder modified one of these suid binary in order to put in a backdoor..." - Syslog "Please consult ${SUID_MD5_DIFF}." - Ttylog "Warning, the md5 checksum for one of your SUID files has changed..." - Ttylog "Maybe an intruder modified one of these suid binary in order to put in a backdoor..." - Ttylog "Please consult ${SUID_MD5_DIFF}." - fi - fi -fi -################################################## - -#### Passwd check #### -if [ ${CHECK_PASSWD}=="yes" ]; then - if [ -f ${PASSWD_TODAY} ]; then - mv ${PASSWD_TODAY} ${PASSWD_YESTERDAY}; - fi - - awk -F: '{ - if ( $2 == "" ) - printf("/etc/passwd:%d: User \"%s\" has no password !\n", FNR, $1); - else if ($2 !~ /^[x*!]+$/) - printf("/etc/passwd:%d: User \"%s\" has a real password (it is not shadowed).\n", FNR, $1); - }' < /etc/passwd > ${PASSWD_TODAY} - - if [ -f ${PASSWD_YESTERDAY} ]; then - if ! diff ${PASSWD_YESTERDAY} ${PASSWD_TODAY} 1> ${PASSWD_DIFF}; then - Syslog `cat ${PASSWD_DIFF}` - Ttylog `cat ${PASSWD_DIFF}` - fi - fi -fi -###################### - -#### Shadow Check #### -if [ ${CHECK_SHADOW}=="yes" ]; then - if [ -f ${SHADOW_TODAY} ]; then - mv -f ${SHADOW_TODAY} ${SHADOW_YESTERDAY}; - fi - - awk -F: '{ - if ( $2 == "" ) - printf("/etc/shadow:%d: User \"%s\" has no password !\n", FNR, $1); - }' < /etc/shadow > ${SHADOW_TODAY} - - if [ -f ${SHADOW_YESTERDAY} ]; then - if ! diff ${SHADOW_YESTERDAY} ${SHADOW_TODAY} 1> ${SHADOW_DIFF}; then - Syslog `cat ${SHADOW_DIFF}` - Ttylog `cat ${SHADOW_DIFF}` - fi - fi -fi - -#### .[sr]hosts check #### -if [ ${CHECK_RHOST}=="yes" ]; then - if [ -f ${HOST_TODAY} ]; then - mv -f ${HOST_TODAY} ${HOST_YESTERDAY}; - fi - - awk -F: '{print $1" "$6}' /etc/passwd | - while read username homedir; do - for file in .rhosts .shosts; do - if [ -s ${homedir}/${file} ] ; then - rhost=`ls -lcdg ${homedir}/${file}` - printf "${username}: ${rhost}\n" - if grep "+" ${homedir}/${file} > /dev/null ; then - printf "\tThere is a (+) character in ${file} : this is a *big* security problem \!\n" - fi - fi + if ! diff -u ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} > ${SUID_MD5_DIFF}; then + printf "\nSecurity Warning: the md5 checksum for one of your SUID files has changed,\n" >> ${TMP} + printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${TMP} + grep '^+' ${SUID_MD5_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $2}' | while read file; do + printf "\t\t- Changed ( added ) files : ${file}.\n" >> ${TMP} + done + grep '^-' ${SUID_MD5_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $2}' | while read file; do + printf "\t\t- Changed ( removed ) files : ${file}.\n" >> ${TMP} done - done > ${HOST_TODAY} - - if [ -f ${HOST_YESTERDAY} ]; then - if ! diff ${HOST_YESTERDAY} ${HOST_TODAY} 1> ${HOST_DIFF}; then - Syslog `cat ${HOST_DIFF}` - Ttylog `cat ${HOST_DIFF}` fi fi fi -### Network check ### +### Changed open port if [ ${CHECK_OPEN_PORT}=="yes" ]; then if [ -f ${OPEN_PORT_TODAY} ]; then mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} @@ -259,139 +214,28 @@ if [ ${CHECK_OPEN_PORT}=="yes" ]; then netstat -pvlA inet > ${OPEN_PORT_TODAY}; if [ -f ${OPEN_PORT_YESTERDAY} ]; then - if ! diff ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}; then - Syslog "There is a new port listening on your machine..." - Syslog "Please consult ${OPEN_PORT_DIFF} for security purpose..." - Ttylog "There is a new port listening on your machine..." - Ttylog "Please consult ${OPEN_PORT_DIFF} for security purpose..." + if ! diff -u ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}; then + printf "\nSecurity Warning: There is a new port listening on your machine :\n" >> ${TMP} + grep '^+' ${OPEN_PORT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Opened ports : ${file}.\n" >> ${TMP} + done + grep '^-' ${OPEN_PORT_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do + printf "\t\t- Closed ports : ${file}.\n" >> ${TMP} + done fi fi fi -### /etc/exports check ### - -# File systems should not be globally exported. -if [ -s /etc/exports ] ; then - awk '{ - if (($1 ~ /^#/) || ($1 ~ /^$/)) next; - readonly = 0; - for (i = 2; i <= NF; ++i) { - if ($i ~ /^-ro$/) - readonly = 1; - else if ($i !~ /^-/) - next; - } - if (readonly) { - print "Warning : Nfs File system " $1 " globally exported, read-only."; - } else print "Warning : Nfs File system " $1 " globally exported, read-write."; - }' < /etc/exports > $OUT - if [ -s "$OUT" ] ; then - printf "\nChecking for globally exported file systems.\n" - cat "$OUT" - fi +######## Report ###### +if [ -s ${TMP} ]; then + Syslog ${TMP} + Ttylog ${TMP} + cat ${TMP} >> ${SECURITY_LOG} + rm -f ${TMP} fi -# nfs mounts with missing nosuid -/bin/mount | /bin/grep -v nosuid | /bin/grep ' nfs ' > $OUT -if [ -s "$OUT" ] ; then - printf "\nThe following NFS mounts haven't got the nosuid option set:\n" - cat "$OUT" -fi - -# Files that should not be owned by someone else or readable. -list=".netrc .rhosts .shosts .Xauthority .pgp/secring.pgp .ssh/identity .ssh/random_seed" -awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ -while read uid homedir; do - for f in $list ; do - file=${homedir}/${f} - if [ -f $file ] ; then - printf "$uid $f `ls -ldcg $file`\n" - fi - done -done | -awk '$1 != $5 && $5 != "root" \ - { print "user " $1 " " $2 " : file is owned by " $5 } - $3 ~ /^-...r/ \ - { print "user " $1 " " $2 " : file is group readable" } - $3 ~ /^-......r/ \ - { print "user " $1 " " $2 " : file is other readable" } - $3 ~ /^-....w/ \ - { print "user " $1 " " $2 " : file is group writeable" } - $3 ~ /^-.......w/ \ - { print "user " $1 " " $2 " : file is other writeable" }' > $OUT - - -# Files that should not be owned by someone else or writeable. -list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \ -.forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \ -.nexrc .screenrc .ssh .ssh/config .ssh/authorized_keys .ssh/environment \ -.ssh/known_hosts .ssh/rc .twmrc .xsession .xinitrc .Xdefaults" -awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ -while read uid homedir; do - for f in $list ; do - file=${homedir}/${f} - if [ -f $file ] ; then - printf "$uid $f `ls -ldcg $file`\n" - fi - done -done | -awk '$1 != $5 && $5 != "root" \ - { print "user " $1 " " $2 " : file is owned by " $5 } - $3 ~ /^-....w/ \ - { print "user " $1 " " $2 " : file is group writeable" } - $3 ~ /^-.......w/ \ - { print "user " $1 " " $2 " : file is other writeable" }' >> $OUT -if [ -s "$OUT" ] ; then - printf "\nChecking dot files.\n" - cat "$OUT" -fi - -# Check home directories. Directories should not be owned by someone else -# or writeable. -awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ -while read uid homedir; do - if [ -d ${homedir}/ ] ; then - file=`ls -ldg ${homedir}` - printf "$uid $file\n" - fi -done | -awk '$1 != $4 && $4 != "root" \ - { print "user " $1 " : home directory is owned by " $4 } - $2 ~ /^-....w/ \ - { print "user " $1 " : home directory is group writeable" } - $2 ~ /^-.......w/ \ - { print "user " $1 " : home directory is other writeable" }' > $OUT -if [ -s "$OUT" ] ; then - printf "\nChecking home directories.\n" - cat "$OUT" -fi - -# Files that should not have + signs. -list="/etc/hosts.equiv /etc/shosts.equiv /etc/hosts.lpd" -for f in $list ; do - if [ -s $f ] ; then - awk '{ - if ($0 ~ /^\+@.*$/) - next; - if ($0 ~ /^\+.*$/) - printf("\nPlus sign in the file %s\n", FILENAME); - }' $f - fi -done - - -# executables should not be in the /etc/aliases file. -if [ -s /etc/aliases ]; then - grep -v '^#' /etc/aliases | grep '|' > $OUT - if [ -s "$OUT" ] ; then - printf "\nThe following programs are executed in your mail via /etc/aliases (bad!):\n" - cat "$OUT" - fi -fi - - - - +# We launch our other report engine :) +/etc/security/msec/security_check.sh |