From cf3dd6d78e400692f9d34bb3d5692db4d613906b Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Fri, 26 Jun 2009 19:20:16 +0000 Subject: Updated promisc check. --- cron-sh/scripts/02_network.sh | 5 +++++ cron-sh/scripts/06_promisc.sh | 41 ----------------------------------------- 2 files changed, 5 insertions(+), 41 deletions(-) delete mode 100755 cron-sh/scripts/06_promisc.sh (limited to 'cron-sh/scripts') diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh index 621c7af..cdb477d 100755 --- a/cron-sh/scripts/02_network.sh +++ b/cron-sh/scripts/02_network.sh @@ -77,3 +77,8 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then fi fi +### Check if network is in promisc mode +if [[ ${CHECK_PROMISC} == yes ]]; then + # check_promisc handles this + . /usr/share/msec/promisc_check.sh +fi diff --git a/cron-sh/scripts/06_promisc.sh b/cron-sh/scripts/06_promisc.sh deleted file mode 100755 index af248f0..0000000 --- a/cron-sh/scripts/06_promisc.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# msec: this checks if the network is in promiscuous mose - -. /usr/share/msec/functions.sh - -LogPromisc() { - date=`date` - Syslog "Security warning : $1 is in promiscuous mode." - Syslog " A sniffer is probably running on your system." - Ttylog "\\033[1;31mSecurity warning : $1 is in promiscuous mode.\\033[0;39m" - Ttylog "\\033[1;31mA sniffer is probably running on your system.\\033[0;39m" - # are we being run from security.sh script? - if [ ! -z "$SECURITY" ]; then - printf "\nSecurity Warning: $1 is in promiscuous mode!" >> ${SECURITY} - printf " A sniffer is probably running on your system." >> ${SECURITY} - fi -} - -if [[ -f /etc/security/msec/security.conf ]]; then - . /etc/security/msec/security.conf -else - echo "/etc/security/msec/security.conf don't exist." - return 1 -fi - -if tail /var/log/security.log | grep -q "promiscuous"; then - # Dont flood with warning. - return 0 -fi - -# Check if a network interface is in promiscuous mode... - -if [[ ${CHECK_PROMISC} == no ]]; then - return 0; -fi - -for INTERFACE in `/sbin/ip link list | grep PROMISC | cut -f 2 -d ':';/usr/bin/promisc_check -q`; do - LogPromisc ${INTERFACE} -done - -# promisc_check.sh ends here -- cgit v1.2.1