aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh/security_check.sh
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2004-06-17 23:52:06 +0000
committerFrederic Lepied <flepied@mandriva.com>2004-06-17 23:52:06 +0000
commit23b6730fd3064cea10b4d992df37c2446c3d891f (patch)
tree5e0a691b671d90696f21c7ea576ea655c683b7ea /cron-sh/security_check.sh
parent15d154523804c56c9289ea2ad5f8004441e41e16 (diff)
downloadmsec-23b6730fd3064cea10b4d992df37c2446c3d891f.tar
msec-23b6730fd3064cea10b4d992df37c2446c3d891f.tar.gz
msec-23b6730fd3064cea10b4d992df37c2446c3d891f.tar.bz2
msec-23b6730fd3064cea10b4d992df37c2446c3d891f.tar.xz
msec-23b6730fd3064cea10b4d992df37c2446c3d891f.zip
use getent
Diffstat (limited to 'cron-sh/security_check.sh')
-rwxr-xr-xcron-sh/security_check.sh12
1 files changed, 6 insertions, 6 deletions
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index dbac4f4..b97b551 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -61,7 +61,7 @@ if [[ ${CHECK_PERMS} == yes ]]; then
# Files that should not be owned by someone else or readable.
list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \
.pgp/secring.pgp .ssh/identity .ssh/id_dsa .ssh/id_rsa .ssh/random_seed"
-awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd |
+getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' |
while read username uid homedir; do
for f in ${list} ; do
file="${homedir}/${f}"
@@ -90,7 +90,7 @@ list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \
.forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \
.nexrc .screenrc .ssh .ssh/config .ssh/authorized_keys .ssh/environment \
.ssh/known_hosts .ssh/rc .twmrc .xsession .xinitrc .Xdefaults"
-awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | \
+getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' | \
while read username uid homedir; do
for f in ${list} ; do
file=${homedir}/${f}
@@ -111,7 +111,7 @@ if [[ -s ${TMP} ]]; then
fi
### Check home directories. Directories should not be owned by someone else or writable.
-awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | \
+getent passwd | awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' | \
while read username uid homedir; do
if [[ -d ${homedir} ]] ; then
realuid=`ls -LldGn ${homedir}| awk '{ print $3 }'`
@@ -134,14 +134,14 @@ fi # End of check perms
### Passwd file check
if [[ ${CHECK_PASSWD} == yes ]]; then
- awk -F: '{
+ getent passwd | awk -F: '{
if ( $2 == "" )
printf("\t\t- /etc/passwd:%d: User \"%s\" has no password !\n", FNR, $1);
else if ($2 !~ /^[x*!]+$/)
printf("\t\t- /etc/passwd:%d: User \"%s\" has a real password (it is not shadowed).\n", FNR, $1);
else if ( $3 == 0 && $1 != "root" )
printf("\t\t- /etc/passwd:%d: User \"%s\" has id 0 !\n", FNR, $1);
- }' < /etc/passwd > ${TMP}
+ }' > ${TMP}
if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: /etc/passwd check :\n" >> ${SECURITY}
@@ -204,7 +204,7 @@ for file in $list ; do
fi
done > ${TMP}
-awk -F: '{print $1" "$6}' /etc/passwd |
+getent passwd | awk -F: '{print $1" "$6}' |
while read username homedir; do
for file in .rhosts .shosts; do
if [[ -s ${homedir}/${file} ]] ; then