aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-10 14:32:29 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-10 14:32:29 +0000
commit808c8c9ee57499a1f4a4af480df3eddce1725f9f (patch)
tree02702a4b64c73188f7783afdd732f6f094f55d1c /cron-sh
parentbdcb84e88f1877d173d48438c14c9042f2d1744e (diff)
downloadmsec-808c8c9ee57499a1f4a4af480df3eddce1725f9f.tar
msec-808c8c9ee57499a1f4a4af480df3eddce1725f9f.tar.gz
msec-808c8c9ee57499a1f4a4af480df3eddce1725f9f.tar.bz2
msec-808c8c9ee57499a1f4a4af480df3eddce1725f9f.tar.xz
msec-808c8c9ee57499a1f4a4af480df3eddce1725f9f.zip
Properly log execution results for different check periods
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/scripts/01_files.sh38
-rwxr-xr-xcron-sh/scripts/02_network.sh14
-rwxr-xr-xcron-sh/scripts/03_rpm.sh20
-rwxr-xr-xcron-sh/scripts/04_rootkit.sh8
-rwxr-xr-xcron-sh/scripts/05_access.sh14
-rwxr-xr-xcron-sh/scripts/06_sectool.sh8
-rwxr-xr-xcron-sh/security.sh3
7 files changed, 54 insertions, 51 deletions
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index f3853ad..64d82e7 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -2,31 +2,31 @@
# msec: security check for suid_root binaries
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
return 1
fi
-export SUID_ROOT_TODAY="/var/log/security/suid_root.today"
-SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday"
-SUID_ROOT_DIFF="/var/log/security/suid_root.diff"
-export SGID_TODAY="/var/log/security/sgid.today"
-SGID_YESTERDAY="/var/log/security/sgid.yesterday"
-SGID_DIFF="/var/log/security/sgid.diff"
-export SUID_MD5_TODAY="/var/log/security/suid_md5.today"
-SUID_MD5_YESTERDAY="/var/log/security/suid_md5.yesterday"
-SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
-export WRITABLE_TODAY="/var/log/security/writable.today"
-WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
-WRITABLE_DIFF="/var/log/security/writable.diff"
-export UNOWNED_USER_TODAY="/var/log/security/unowned_user.today"
-UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.yesterday"
-UNOWNED_USER_DIFF="/var/log/security/unowned_user.diff"
-export UNOWNED_GROUP_TODAY="/var/log/security/unowned_group.today"
-UNOWNED_GROUP_YESTERDAY="/var/log/security/unowned_group.yesterday"
-UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.diff"
+export SUID_ROOT_TODAY="/var/log/security/suid_root.${CURRENT_CHECK_TYPE}.today"
+SUID_ROOT_YESTERDAY="/var/log/security/suid_root.${CURRENT_CHECK_TYPE}.yesterday"
+SUID_ROOT_DIFF="/var/log/security/suid_root.${CURRENT_CHECK_TYPE}.diff"
+export SGID_TODAY="/var/log/security/sgid.${CURRENT_CHECK_TYPE}.today"
+SGID_YESTERDAY="/var/log/security/sgid.${CURRENT_CHECK_TYPE}.yesterday"
+SGID_DIFF="/var/log/security/sgid.${CURRENT_CHECK_TYPE}.diff"
+export SUID_MD5_TODAY="/var/log/security/suid_md5.${CURRENT_CHECK_TYPE}.today"
+SUID_MD5_YESTERDAY="/var/log/security/suid_md5.${CURRENT_CHECK_TYPE}.yesterday"
+SUID_MD5_DIFF="/var/log/security/suid_md5.${CURRENT_CHECK_TYPE}.diff"
+export WRITABLE_TODAY="/var/log/security/writable.${CURRENT_CHECK_TYPE}.today"
+WRITABLE_YESTERDAY="/var/log/security/writable.${CURRENT_CHECK_TYPE}.yesterday"
+WRITABLE_DIFF="/var/log/security/writable.${CURRENT_CHECK_TYPE}.diff"
+export UNOWNED_USER_TODAY="/var/log/security/unowned_user.${CURRENT_CHECK_TYPE}.today"
+UNOWNED_USER_YESTERDAY="/var/log/security/unowned_user.${CURRENT_CHECK_TYPE}.yesterday"
+UNOWNED_USER_DIFF="/var/log/security/unowned_user.${CURRENT_CHECK_TYPE}.diff"
+export UNOWNED_GROUP_TODAY="/var/log/security/unowned_group.${CURRENT_CHECK_TYPE}.today"
+UNOWNED_GROUP_YESTERDAY="/var/log/security/unowned_group.${CURRENT_CHECK_TYPE}.yesterday"
+UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${SUID_ROOT_TODAY} ]]; then
mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY};
diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index 7e41d48..f0519ae 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -2,19 +2,19 @@
# msec: network security checks
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
return 1
fi
-export OPEN_PORT_TODAY="/var/log/security/open_port.today"
-OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
-OPEN_PORT_DIFF="/var/log/security/open_port.diff"
-export FIREWALL_TODAY="/var/log/security/firewall.today"
-FIREWALL_YESTERDAY="/var/log/security/firewall.yesterday"
-FIREWALL_DIFF="/var/log/security/firewall.diff"
+export OPEN_PORT_TODAY="/var/log/security/open_port.${CURRENT_CHECK_TYPE}.today"
+OPEN_PORT_YESTERDAY="/var/log/security/open_port.${CURRENT_CHECK_TYPE}.yesterday"
+OPEN_PORT_DIFF="/var/log/security/open_port.${CURRENT_CHECK_TYPE}.diff"
+export FIREWALL_TODAY="/var/log/security/firewall.${CURRENT_CHECK_TYPE}.today"
+FIREWALL_YESTERDAY="/var/log/security/firewall.${CURRENT_CHECK_TYPE}.yesterday"
+FIREWALL_DIFF="/var/log/security/firewall.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${OPEN_PORT_TODAY} ]]; then
mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index cc6beea..f303ee2 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -2,22 +2,22 @@
# msec: rpm security check
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
return 1
fi
-export RPM_VA_TODAY="/var/log/security/rpm-va.today"
-RPM_VA_YESTERDAY="/var/log/security/rpm-va.yesterday"
-RPM_VA_DIFF="/var/log/security/rpm-va.diff"
-export RPM_VA_CONFIG_TODAY="/var/log/security/rpm-va-config.today"
-RPM_VA_CONFIG_YESTERDAY="/var/log/security/rpm-va-config.yesterday"
-RPM_VA_CONFIG_DIFF="/var/log/security/rpm-va-config.diff"
-export RPM_QA_TODAY="/var/log/security/rpm-qa.today"
-RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
-RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
+export RPM_VA_TODAY="/var/log/security/rpm-va.${CURRENT_CHECK_TYPE}.today"
+RPM_VA_YESTERDAY="/var/log/security/rpm-va.${CURRENT_CHECK_TYPE}.yesterday"
+RPM_VA_DIFF="/var/log/security/rpm-va.${CURRENT_CHECK_TYPE}.diff"
+export RPM_VA_CONFIG_TODAY="/var/log/security/rpm-va-config.${CURRENT_CHECK_TYPE}.today"
+RPM_VA_CONFIG_YESTERDAY="/var/log/security/rpm-va-config.${CURRENT_CHECK_TYPE}.yesterday"
+RPM_VA_CONFIG_DIFF="/var/log/security/rpm-va-config.${CURRENT_CHECK_TYPE}.diff"
+export RPM_QA_TODAY="/var/log/security/rpm-qa.${CURRENT_CHECK_TYPE}.today"
+RPM_QA_YESTERDAY="/var/log/security/rpm-qa.${CURRENT_CHECK_TYPE}.yesterday"
+RPM_QA_DIFF="/var/log/security/rpm-qa.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${RPM_VA_TODAY} ]]; then
mv -f ${RPM_VA_TODAY} ${RPM_VA_YESTERDAY}
diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh
index b8f598a..aca690d 100755
--- a/cron-sh/scripts/04_rootkit.sh
+++ b/cron-sh/scripts/04_rootkit.sh
@@ -2,16 +2,16 @@
# msec: rootkit security check
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
return 1
fi
-export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today"
-CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
-CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff"
+export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.${CURRENT_CHECK_TYPE}.today"
+CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.${CURRENT_CHECK_TYPE}.yesterday"
+CHKROOTKIT_DIFF="/var/log/security/chkrootkit.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${CHKROOTKIT_TODAY} ]]; then
mv ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY};
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh
index 4fe5d82..f256b7d 100755
--- a/cron-sh/scripts/05_access.sh
+++ b/cron-sh/scripts/05_access.sh
@@ -2,7 +2,7 @@
# msec: system access
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
@@ -10,9 +10,9 @@ if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECUR
fi
# check for changes in users
-USERS_LIST_TODAY="/var/log/security/users_list.today"
-USERS_LIST_YESTERDAY="/var/log/security/users_list.yesterday"
-USERS_LIST_DIFF="/var/log/security/users_list.diff"
+USERS_LIST_TODAY="/var/log/security/users_list.${CURRENT_CHECK_TYPE}.today"
+USERS_LIST_YESTERDAY="/var/log/security/users_list.${CURRENT_CHECK_TYPE}.yesterday"
+USERS_LIST_DIFF="/var/log/security/users_list.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${USERS_LIST_TODAY} ]]; then
mv ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY};
@@ -27,9 +27,9 @@ if check_is_enabled "${CHECK_USERS}" ; then
fi
# check for changes in groups
-GROUPS_LIST_TODAY="/var/log/security/groups_list.today"
-GROUPS_LIST_YESTERDAY="/var/log/security/groups_list.yesterday"
-GROUPS_LIST_DIFF="/var/log/security/groups_list.diff"
+GROUPS_LIST_TODAY="/var/log/security/groups_list.${CURRENT_CHECK_TYPE}.today"
+GROUPS_LIST_YESTERDAY="/var/log/security/groups_list.${CURRENT_CHECK_TYPE}.yesterday"
+GROUPS_LIST_DIFF="/var/log/security/groups_list.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${GROUPS_LIST_TODAY} ]]; then
mv ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY};
diff --git a/cron-sh/scripts/06_sectool.sh b/cron-sh/scripts/06_sectool.sh
index 6888e17..ef9fe6d 100755
--- a/cron-sh/scripts/06_sectool.sh
+++ b/cron-sh/scripts/06_sectool.sh
@@ -2,7 +2,7 @@
# msec: sectool check
# check if we are run from main script
-if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" ]; then
+if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
@@ -10,9 +10,9 @@ if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECUR
fi
# check for changes in users
-SECTOOL_TODAY="/var/log/security/sectool.today"
-SECTOOL_YESTERDAY="/var/log/security/sectool.yesterday"
-SECTOOL_DIFF="/var/log/security/sectool.diff"
+SECTOOL_TODAY="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.today"
+SECTOOL_YESTERDAY="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.yesterday"
+SECTOOL_DIFF="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${SECTOOL_TODAY} ]]; then
mv ${SECTOOL_TODAY} ${SECTOOL_YESTERDAY};
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 14f3f01..f879a28 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -35,6 +35,9 @@ fi
. /usr/share/msec/functions.sh
+# discover current check type
+CURRENT_CHECK_TYPE=$(current_check_type)
+
# variables
LCK=/var/run/msec-security.pid
SECURITY_LOG="/var/log/security.log"