aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh
diff options
context:
space:
mode:
Diffstat (limited to 'cron-sh')
-rwxr-xr-xcron-sh/diff_check.sh43
-rwxr-xr-xcron-sh/promisc_check.sh4
-rwxr-xr-xcron-sh/security_check.sh50
3 files changed, 50 insertions, 47 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 3c08858..048525d 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -3,14 +3,14 @@
# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
exit 1
fi
-if [ "${CHECK_SECURITY}" == "no" ]; then
+if [[ ${CHECK_SECURITY} == no ]; then
exit 0
fi
@@ -45,7 +45,7 @@ UNOWNED_DIFF="/var/log/security/unowned.diff"
SECURITY_LOG="/var/log/security.log"
TMP="/tmp/secure.tmp"
-if [ ! -d /var/log/security ]; then
+if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
@@ -78,14 +78,14 @@ Ttylog() {
### New Suid root files detection
if [[ ${CHECK_SUID_ROOT} == yes ]]; then
- if [ -f ${SUID_ROOT_TODAY} ]; then
+ if [[ -f ${SUID_ROOT_TODAY} ]]; then
mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY}
fi
find ${DIR} -xdev -type f -perm +04000 -user root \
-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_ROOT_TODAY}
- if [ -f ${SUID_ROOT_YESTERDAY} ]; then
+ if [[ -f ${SUID_ROOT_YESTERDAY} ]]; then
if ! diff -u ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_TODAY} > ${SUID_ROOT_DIFF}; then
printf "\nSecurity Warning: Change in Suid Root files found :\n" >> ${TMP}
grep '^+' ${SUID_ROOT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -99,15 +99,16 @@ if [[ ${CHECK_SUID_ROOT} == yes ]]; then
fi
### New Suid group files detection
-if [ ${CHECK_SUID_GROUP} ]; then
- if [ -f ${SUID_GROUP_TODAY} ]; then
+if [[ ${CHECK_SUID_GROUP} == yes ]]; then
+
+ if [[ -f ${SUID_GROUP_TODAY} ]]; then
mv ${SUID_GROUP_TODAY} ${SUID_GROUP_YESTERDAY}
fi
find ${DIR} -xdev -type f -perm +02000 \
-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > ${SUID_GROUP_TODAY}
- if [ -f ${SUID_GROUP_YESTERDAY} ]; then
+ if [[ -f ${SUID_GROUP_YESTERDAY} ]]; then
if ! diff -u ${SUID_GROUP_YESTERDAY} ${SUID_GROUP_TODAY} > ${SUID_GROUP_DIFF}; then
printf "\nSecurity Warning: Changes in Suid Group files found :\n" >> ${TMP}
grep '^+' ${SUID_GROUP_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -123,13 +124,13 @@ fi
### Writable files detection
if [[ ${CHECK_WRITEABLE} == yes ]]; then
- if [ -f ${WRITEABLE_TODAY} ]; then
+ if [[ -f ${WRITEABLE_TODAY} ]]; then
mv -f ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY}
fi
find ${DIR} -xdev -type f -perm -2 -ls -print | sort > ${WRITEABLE_TODAY}
- if [ -f ${WRITEABLE_YESTERDAY} ]; then
+ if [[ -f ${WRITEABLE_YESTERDAY} ]]; then
if ! diff -u ${WRITEABLE_YESTERDAY} ${WRITEABLE_TODAY} > ${WRITEABLE_DIFF}; then
printf "\nSecurity Warning: Change in World Writeable Files found :\n" >> ${TMP}
grep '^+' ${WRITEABLE_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -145,13 +146,13 @@ fi
### Search Non Owned files
if [[ ${CHECK_UNOWNED} == yes ]]; then
- if [ -f ${UNOWNED_TODAY} ]; then
+ if [[ -f ${UNOWNED_TODAY} ]]; then
mv -f ${UNOWNED_TODAY} ${UNOWNED_YESTERDAY}
fi
find ${DIR} -xdev -nouser -print -ls | sort > ${UNOWNED_TODAY}
- if [ -f ${UNOWNED_YESTERDAY} ]; then
+ if [[ -f ${UNOWNED_YESTERDAY} ]]; then
if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then
printf "\nSecurity Warning: the following files aren't owned by an user :\n" >> ${TMP}
grep '^+' ${UNOWNED_DIFF} | grep -vw "^--- " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -165,7 +166,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
find ${DIR} -xdev -nogroup -print -ls | sort >> ${UNOWNED_TODAY}
- if [ -f ${UNOWNED_YESTERDAY} ]; then
+ if [[ -f ${UNOWNED_YESTERDAY} ]]; then
if ! diff -u ${UNOWNED_YESTERDAY} ${UNOWNED_TODAY} > ${UNOWNED_DIFF}; then
printf "\nSecurity Warning: the following files aren't owned by a group :\n" >> ${TMP}
grep '^+' ${UNOWNED_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -179,8 +180,9 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
fi
### Md5 check for SUID root file
-if [[ ${CHECK_SUID_MD5} == yes ]]; then
- if [ -f ${SUID_MD5_TODAY} ]; then
+if [[ ${CHECK_SUID_MD5} == yes ]]; then
+
+ if [[ -f ${SUID_MD5_TODAY} ]]; then
mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY}
fi
@@ -190,7 +192,7 @@ if [[ ${CHECK_SUID_MD5} == yes ]]; then
md5sum ${line} >> ${SUID_MD5_TODAY}
done
- if [ -f ${SUID_MD5_YESTERDAY} ]; then
+ if [[ -f ${SUID_MD5_YESTERDAY} ]]; then
if ! diff -u ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} > ${SUID_MD5_DIFF}; then
printf "\nSecurity Warning: the md5 checksum for one of your SUID files has changed,\n" >> ${TMP}
printf "\tmaybe an intruder modified one of these suid binary in order to put in a backdoor...\n" >> ${TMP}
@@ -206,13 +208,14 @@ fi
### Changed open port
if [[ ${CHECK_OPEN_PORT} == yes ]]; then
- if [ -f ${OPEN_PORT_TODAY} ]; then
+
+ if [[ -f ${OPEN_PORT_TODAY} ]]; then
mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
fi
netstat -pvlA inet > ${OPEN_PORT_TODAY};
- if [ -f ${OPEN_PORT_YESTERDAY} ]; then
+ if [[ -f ${OPEN_PORT_YESTERDAY} ]]; then
if ! diff -u ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}; then
printf "\nSecurity Warning: There is a new port listening on your machine :\n" >> ${TMP}
grep '^+' ${OPEN_PORT_DIFF} | grep -vw "^+++ " | sed 's|^.||' | awk '{print $12}' | while read file; do
@@ -226,7 +229,7 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
fi
######## Report ######
-if [ -s ${TMP} ]; then
+if [[ -s ${TMP} ]]; then
Syslog ${TMP}
Ttylog ${TMP}
date=`date`
@@ -234,6 +237,6 @@ if [ -s ${TMP} ]; then
cat ${TMP} >> ${SECURITY_LOG}
fi
-if [ -f ${TMP} ]; then
+if [[ -f ${TMP} ]]; then
rm -f ${TMP}
fi
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
index a2bdaa4..cabf0a8 100755
--- a/cron-sh/promisc_check.sh
+++ b/cron-sh/promisc_check.sh
@@ -3,7 +3,7 @@
# Writen by Vandoorselaere Yoann,
# <yoann@mandrakesoft.com>
-if [ -f /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
@@ -46,7 +46,7 @@ LogPromisc() {
}
-if [ -f /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
exit 1
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 844cd9d..6686dd3 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -4,7 +4,7 @@
# Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
#
-if [ -f /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
. /etc/security/msec/security.conf
else
echo "/etc/security/msec/security.conf don't exist."
@@ -19,7 +19,7 @@ SECURITY="/tmp/secure.log"
SECURITY_LOG="/var/log/security.log"
TMP="/tmp/secure.tmp"
-if [ ! -d /var/log/security ]; then
+if [[ ! -d /var/log/security ]]; then
mkdir /var/log/security
fi
@@ -49,7 +49,7 @@ Ttylog() {
if [[ ${CHECK_WRITEABLE} == yes ]]; then
find ${DIR} -xdev -type f -perm -2 -ls -print | awk '{print $11}' | sort > ${TMP}
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: World Writeable Files found :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -58,7 +58,7 @@ fi
### Search Un Owned file
if [[ ${CHECK_UNOWNED} == yes ]]; then
find ${DIR} -xdev -nouser -print -ls | awk '{print $11}' | sort > ${TMP}
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning : the following file aren't owned by any user :\n" >> ${SECURITY}
printf "\ttheses files now have user \"nobody\" as their owner." >> ${SECURE_LOG}
cat ${TMP} >> ${SECURITY}
@@ -66,7 +66,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
fi
find $DIR -xdev -nogroup -print -ls | awk '{print $11}' | sort > ${TMP}
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning : the following file aren't owned by any group :\n" >> ${SECURITY}
printf "\ttheses files now have group \"nogroup\" as their group owner." >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
@@ -81,7 +81,7 @@ awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd |
while read username uid homedir; do
for f in ${list} ; do
file="${homedir}/${f}"
- if [ -f ${file} ] ; then
+ if [[ -f ${file} ]] ; then
printf "${uid} ${username} ${file} `ls -ldcgn ${file}`\n"
fi
done
@@ -96,7 +96,7 @@ done | awk '$1 != $6 && $6 != "0" \
$4 ~ /^-.......w/ \
{ print "\t\t- " $3 " : file is other writeable." }' > ${TMP}
-if [ -s ${TMP} ]; then
+if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: these files shouldn't be owned by someone else or readable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -110,7 +110,7 @@ awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | \
while read username uid homedir; do
for f in ${list} ; do
file=${homedir}/${f}
- if [ -f ${file} ] ; then
+ if [[ -f ${file} ]] ; then
printf "${uid} ${username} ${file} `ls -ldcgn ${file}`\n"
fi
done
@@ -121,7 +121,7 @@ done | awk '$1 != $6 && $6 != "0" \
$4 ~ /^-.......w/ \
{ print "\t\t- " $3 " : file is other writeable." }' > ${TMP}
-if [ -s ${TMP} ]; then
+if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: theses files should not be owned by someone else or writeable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -129,7 +129,7 @@ fi
### Check home directories. Directories should not be owned by someone else or writeable.
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do
- if [ -d ${homedir}/ ] ; then
+ if [[ -d ${homedir} ]] ; then
file=`ls -ldg ${homedir}`
printf "$uid $file\n"
fi
@@ -140,7 +140,7 @@ done | awk '$1 != $4 && $4 != "root" \
$2 ~ /^-.......w/ \
{ print "user=" $1 " : home directory is other writeable." }' > ${TMP}
-if [ -s $TMP ] ; then
+if [[ -s $TMP ]] ; then
printf "\nSecurity Warning: these home directory should not be owned by someone else or writeable :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -155,7 +155,7 @@ if [[ ${CHECK_PASSWD} == yes ]]; then
printf("\t\t- /etc/passwd:%d: User \"%s\" has a real password (it is not shadowed).\n", FNR, $1);
}' < /etc/passwd > ${TMP}
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: /etc/passwd check :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -168,14 +168,14 @@ if [[ ${CHECK_SHADOW} == yes ]]; then
printf("\t\t- /etc/shadow:%d: User \"%s\" has no password !\n", FNR, $1);
}' < /etc/shadow > ${TMP}
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: /etc/shadow check :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
fi
### File systems should not be globally exported.
-if [ -s /etc/exports ] ; then
+if [[ -s /etc/exports ]] ; then
awk '{
if (($1 ~ /^#/) || ($1 ~ /^$/)) next;
readonly = 0;
@@ -190,7 +190,7 @@ if [ -s /etc/exports ] ; then
} else print "\t\t- Nfs File system " $1 " globally exported, read-write.";
}' < /etc/exports > ${TMP}
- if [ -s ${TMP} ] ; then
+ if [[ -s ${TMP} ]] ; then
printf "\nSecurity Warning: Some NFS filesystem are exported globally :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -198,7 +198,7 @@ fi
### nfs mounts with missing nosuid
/bin/mount | /bin/grep -v nosuid | /bin/grep ' nfs ' > ${TMP}
-if [ -s ${TMP} ] ; then
+if [[ -s ${TMP} ]] ; then
printf "\nSecurity Warning: The following NFS mounts haven't got the nosuid option set :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
@@ -206,7 +206,7 @@ fi
### Files that should not have + signs.
list="/etc/hosts.equiv /etc/shosts.equiv /etc/hosts.lpd"
for file in $list ; do
- if [ -s ${file} ] ; then
+ if [[ -s ${file} ]] ; then
awk '{
if ($0 ~ /^\+@.*$/)
next;
@@ -219,7 +219,7 @@ done > ${TMP}
awk -F: '{print $1" "$6}' /etc/passwd |
while read username homedir; do
for file in .rhosts .shosts; do
- if [ -s ${homedir}/${file} ] ; then
+ if [[ -s ${homedir}/${file} ]] ; then
awk '{
if ($0 ~ /^\+@.*$/)
next;
@@ -230,7 +230,7 @@ awk -F: '{print $1" "$6}' /etc/passwd |
done >> ${TMP}
done
-if [ -s ${TMP} ]; then
+if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: '+' character found in hosts trusting files,\n" >> ${SECURITY}
printf "\tthis probably mean that you trust certains users/domain\n" >> ${SECURITY}
printf "\tto connect on this host without proper authentication :\n" >> ${SECURITY}
@@ -240,13 +240,13 @@ fi
### executables should not be in the aliases file.
list="/etc/aliases /etc/postfix/aliases"
for file in ${list}; do
- if [ -s ${file} ]; then
+ if [[ -s ${file} ]]; then
grep -v '^#' /etc/aliases | grep '|' | while read line; do
printf "\t\t- ${line}\n"
done > ${TMP}
fi
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nSecurity Warning: The following programs are executed in your mail\n" >> ${SECURITY}
printf "\tvia ${file} files, this could lead to security problems :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
@@ -257,14 +257,14 @@ done
if [[ ${CHECK_OPEN_PORT} == yes ]]; then
netstat -pvlA inet > ${TMP};
- if [ -s ${TMP} ]; then
+ if [[ -s ${TMP} ]]; then
printf "\nThese are the ports listening on your machine :\n" >> ${SECURITY}
cat ${TMP} >> ${SECURITY}
fi
fi
### Report
-if [ -s ${SECURITY} ]; then
+if [[ -s ${SECURITY} ]]; then
Syslog ${SECURITY}
Ttylog ${SECURITY}
date=`date`
@@ -272,11 +272,11 @@ if [ -s ${SECURITY} ]; then
cat ${SECURITY} >> ${SECURITY_LOG}
fi
-if [ -f ${SECURITY} ]; then
+if [[ -f ${SECURITY} ]]; then
rm -f ${SECURITY}
fi
-if [ -f ${TMP} ]; then
+if [[ -f ${TMP} ]]; then
rm -f ${TMP}
fi