aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh/promisc_check.sh
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:16 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-06-26 19:20:16 +0000
commitcf3dd6d78e400692f9d34bb3d5692db4d613906b (patch)
tree6b0fac0ce76cf02993bfc4bcc649540e39633f82 /cron-sh/promisc_check.sh
parent93d2eb4d210f30f02b7a9ffc10271e7a7ed099e5 (diff)
downloadmsec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar
msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.gz
msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.bz2
msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.tar.xz
msec-cf3dd6d78e400692f9d34bb3d5692db4d613906b.zip
Updated promisc check.
Diffstat (limited to 'cron-sh/promisc_check.sh')
-rwxr-xr-xcron-sh/promisc_check.sh42
1 files changed, 42 insertions, 0 deletions
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
new file mode 100755
index 0000000..53cc168
--- /dev/null
+++ b/cron-sh/promisc_check.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# msec: this checks if the network is in promiscuous mose
+
+. /usr/share/msec/functions.sh
+
+LogPromisc() {
+ date=`date`
+ Syslog "Security warning : $1 is in promiscuous mode."
+ Syslog " A sniffer is probably running on your system."
+ Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m"
+ Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m"
+
+ # are we being run from security.sh script?
+ if [ ! -z "$SECURITY" ]; then
+ printf "\nSecurity Warning: $1 is in promiscuous mode!" >> ${SECURITY}
+ printf " A sniffer is probably running on your system." >> ${SECURITY}
+ fi
+}
+
+if [[ -f /etc/security/msec/security.conf ]]; then
+ . /etc/security/msec/security.conf
+else
+ echo "/etc/security/msec/security.conf don't exist."
+ return 1
+fi
+
+if tail /var/log/security.log | grep -q "promiscuous"; then
+ # Dont flood with warning.
+ return 0
+fi
+
+# Check if a network interface is in promiscuous mode...
+
+if [[ ${CHECK_PROMISC} == no ]]; then
+ return 0;
+fi
+
+for INTERFACE in `/sbin/ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do
+ LogPromisc ${INTERFACE}
+done
+
+# promisc_check.sh ends here