diff options
Diffstat (limited to 'cron-sh')
-rwxr-xr-x | cron-sh/diff_check.sh | 14 | ||||
-rwxr-xr-x | cron-sh/promisc_check.sh | 9 | ||||
-rwxr-xr-x | cron-sh/security_check.sh | 20 |
3 files changed, 21 insertions, 22 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 2448481..3c08858 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -57,7 +57,7 @@ rm -f ${TMP} ${SECURITY_TMP} >& /dev/null ### Functions ### Syslog() { - if [ ${SYSLOG_WARN}=="yes" ]; then + if [[ ${SYSLOG_WARN} == yes ]]; then cat ${1} | while read line; do /sbin/initlog --string="${line}" done @@ -65,7 +65,7 @@ Syslog() { } Ttylog() { - if [ ${TTY_WARN}=="yes" ]; then + if [[ ${TTY_WARN} == yes ]]; then for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do echo -e "$1" > /dev/$i done @@ -76,7 +76,7 @@ Ttylog() { ### New Suid root files detection -if [ ${CHECK_SUID_ROOT}=="yes" ]; then +if [[ ${CHECK_SUID_ROOT} == yes ]]; then if [ -f ${SUID_ROOT_TODAY} ]; then mv ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} @@ -121,7 +121,7 @@ if [ ${CHECK_SUID_GROUP} ]; then fi ### Writable files detection -if [ ${CHECK_WRITEABLE}=="yes" ]; then +if [[ ${CHECK_WRITEABLE} == yes ]]; then if [ -f ${WRITEABLE_TODAY} ]; then mv -f ${WRITEABLE_TODAY} ${WRITEABLE_YESTERDAY} @@ -143,7 +143,7 @@ if [ ${CHECK_WRITEABLE}=="yes" ]; then fi ### Search Non Owned files -if [ ${CHECK_UNOWNED}=="yes" ]; then +if [[ ${CHECK_UNOWNED} == yes ]]; then if [ -f ${UNOWNED_TODAY} ]; then mv -f ${UNOWNED_TODAY} ${UNOWNED_YESTERDAY} @@ -179,7 +179,7 @@ if [ ${CHECK_UNOWNED}=="yes" ]; then fi ### Md5 check for SUID root file -if [ ${CHECK_SUID_MD5}=="yes" ]; then +if [[ ${CHECK_SUID_MD5} == yes ]]; then if [ -f ${SUID_MD5_TODAY} ]; then mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} fi @@ -205,7 +205,7 @@ if [ ${CHECK_SUID_MD5}=="yes" ]; then fi ### Changed open port -if [ ${CHECK_OPEN_PORT}=="yes" ]; then +if [[ ${CHECK_OPEN_PORT} == yes ]]; then if [ -f ${OPEN_PORT_TODAY} ]; then mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} fi diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh index 2297595..a2bdaa4 100755 --- a/cron-sh/promisc_check.sh +++ b/cron-sh/promisc_check.sh @@ -1,5 +1,8 @@ #!/bin/bash +# Writen by Vandoorselaere Yoann, +# <yoann@mandrakesoft.com> + if [ -f /etc/security/msec/security.conf ]; then . /etc/security/msec/security.conf else @@ -13,13 +16,13 @@ if tail /var/log/security.log | grep -q "promiscuous"; then fi Syslog() { - if [ "${SYSLOG_WARN}" == "yes" ]; then + if [[ ${SYSLOG_WARN} == yes ]]; then /sbin/initlog --string="${1}" fi } Ttylog() { - if [ "${TTYLOG_WARN}" == "yes" ]; then + if [[ ${TTYLOG_WARN} == yes ]]; then w | grep -v "load\|TTY" | awk '{print $2}' | while read line; do echo -e "${1}" > /dev/$i done @@ -49,7 +52,7 @@ else exit 1 fi -if [ ${CHECK_PROMISC}=="no" ]; then +if [[ ${CHECK_PROMISC} == no ]]; then exit 0; fi diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index 7289a43..844cd9d 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -79,12 +79,12 @@ if [[ ${CHECK_PERMS} == yes ]]; then list=".netrc .rhosts .shosts .Xauthority .pgp/secring.pgp .ssh/identity .ssh/random_seed" awk -F: '/^[^+-]/ { print $1 " " $3 " " $6 }' /etc/passwd | while read username uid homedir; do - for f in ${list} ; do - file="${homedir}/${f}" - if [ -f ${file} ] ; then - printf "${uid} ${username} ${file} `ls -ldcgn ${file}`\n" - fi - done + for f in ${list} ; do + file="${homedir}/${f}" + if [ -f ${file} ] ; then + printf "${uid} ${username} ${file} `ls -ldcgn ${file}`\n" + fi + done done | awk '$1 != $6 && $6 != "0" \ { print "\t\t- " $3 " : file is owned by uid " $6 "." } $4 ~ /^-...r/ \ @@ -101,7 +101,6 @@ if [ -s ${TMP} ]; then cat ${TMP} >> ${SECURITY} fi - ### Files that should not be owned by someone else or writeable. list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \ .forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \ @@ -145,12 +144,10 @@ if [ -s $TMP ] ; then printf "\nSecurity Warning: these home directory should not be owned by someone else or writeable :\n" >> ${SECURITY} cat ${TMP} >> ${SECURITY} fi -fi - +fi # End of check perms -if [ ${CHECK_SECURITY} == yes ]; then ### Passwd file check -if [ ${CHECK_PASSWD} == yes ]; then +if [[ ${CHECK_PASSWD} == yes ]]; then awk -F: '{ if ( $2 == "" ) printf("\t\t- /etc/passwd:%d: User \"%s\" has no password !\n", FNR, $1); @@ -265,7 +262,6 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then cat ${TMP} >> ${SECURITY} fi fi -fi # end of CHECK_SECURITY ### Report if [ -s ${SECURITY} ]; then |