diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:16 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-06-26 19:20:16 +0000 |
commit | cf3dd6d78e400692f9d34bb3d5692db4d613906b (patch) | |
tree | 6b0fac0ce76cf02993bfc4bcc649540e39633f82 /cron-sh/promisc_check.sh | |
parent | 93d2eb4d210f30f02b7a9ffc10271e7a7ed099e5 (diff) | |
download | msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.gz msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.bz2 msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.xz msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.zip |
Updated promisc check.
Diffstat (limited to 'cron-sh/promisc_check.sh')
-rwxr-xr-x | cron-sh/promisc_check.sh | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh new file mode 100755 index 0000000..53cc168 --- /dev/null +++ b/cron-sh/promisc_check.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# msec: this checks if the network is in promiscuous mose + +. /usr/share/msec/functions.sh + +LogPromisc() { + date=`date` + Syslog "Security warning : $1 is in promiscuous mode." + Syslog " A sniffer is probably running on your system." + Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m" + Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m" + + # are we being run from security.sh script? + if [ ! -z "$SECURITY" ]; then + printf "\nSecurity Warning: $1 is in promiscuous mode!" >> ${SECURITY} + printf " A sniffer is probably running on your system." >> ${SECURITY} + fi +} + +if [[ -f /etc/security/msec/security.conf ]]; then + . /etc/security/msec/security.conf +else + echo "/etc/security/msec/security.conf don't exist." + return 1 +fi + +if tail /var/log/security.log | grep -q "promiscuous"; then + # Dont flood with warning. + return 0 +fi + +# Check if a network interface is in promiscuous mode... + +if [[ ${CHECK_PROMISC} == no ]]; then + return 0; +fi + +for INTERFACE in `/sbin/ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do + LogPromisc ${INTERFACE} +done + +# promisc_check.sh ends here |