diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-25 19:31:42 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-25 19:31:42 +0000 |
commit | 51edd0594c34949c7681e695e52961eb5f61ac4e (patch) | |
tree | fe01f3347899e6f206803c0850ef17622251bd9c /cron-sh/promisc_check.sh | |
parent | c0fe6aeecc246ef9a514fe34c1095d7fc6ef39a8 (diff) | |
download | msec-51edd0594c34949c7681e695e52961eb5f61ac4e.tar msec-51edd0594c34949c7681e695e52961eb5f61ac4e.tar.gz msec-51edd0594c34949c7681e695e52961eb5f61ac4e.tar.bz2 msec-51edd0594c34949c7681e695e52961eb5f61ac4e.tar.xz msec-51edd0594c34949c7681e695e52961eb5f61ac4e.zip |
Redesigned auditing code, added support for plugins and better logging.
Diffstat (limited to 'cron-sh/promisc_check.sh')
-rwxr-xr-x | cron-sh/promisc_check.sh | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh deleted file mode 100755 index 4df9c25..0000000 --- a/cron-sh/promisc_check.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -# Writen by Vandoorselaere Yoann - -Syslog() { - if [[ ${SYSLOG_WARN} == yes ]]; then - logger -t msec -- "${1}" - fi -} - -Ttylog() { - if [[ ${TTY_WARN} == yes ]]; then - w | grep -v "load\|TTY" | grep '^root' | awk '{print $2}' | while read line; do - echo -e "${1}" > /dev/$line - done - fi -} - -LogPromisc() { - date=`date` - Syslog "Security warning : $1 is in promiscuous mode." - Syslog " A sniffer is probably running on your system." - Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m" - Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m" - echo -e "\n${date} Security warning : $1 is in promiscuous mode." >> /var/log/security.log - echo " A sniffer is probably running on your system." >> /var/log/security.log - -} - -if [[ -f /etc/security/msec/security.conf ]]; then - . /etc/security/msec/security.conf -else - echo "/etc/security/msec/security.conf don't exist." - exit 1 -fi - -if tail /var/log/security.log | grep -q "promiscuous"; then - # Dont flood with warning. - exit 0 -fi - -# Check if a network interface is in promiscuous mode... - -if [[ ${CHECK_PROMISC} == no ]]; then - exit 0; -fi - -for INTERFACE in `/sbin/ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do - LogPromisc ${INTERFACE} -done - -# promisc_check.sh ends here |