From ff31c9236b1fd7465ea9687fc735e8af882e780e Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Tue, 6 Jan 2009 21:31:46 +0000
Subject: Updated to working version of new msec.

Conflicts:
	Makefile
	cron-sh/security_check.sh
	share/msec.py
---
 cron-sh/diff_check.sh     | 10 +++-----
 cron-sh/promisc_check.sh  | 10 +++-----
 cron-sh/security.sh       |  7 +++---
 cron-sh/security_check.sh | 61 +++++++++++++++++++++++++----------------------
 4 files changed, 42 insertions(+), 46 deletions(-)

(limited to 'cron-sh')

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 3c0fc27..b8991e1 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -3,15 +3,11 @@
 # Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
 #
 
-if [[ -f /var/lib/msec/security.conf ]]; then
-    . /var/lib/msec/security.conf
-else
-    echo "/var/lib/msec/security.conf don't exist."
-    exit 1
-fi
-
 if [[ -f /etc/security/msec/security.conf ]]; then
     . /etc/security/msec/security.conf
+else
+    echo "/etc/security/msec/security.conf don't exist."
+    exit 1
 fi
 
 if [[ ${CHECK_SECURITY} == no ]]; then
diff --git a/cron-sh/promisc_check.sh b/cron-sh/promisc_check.sh
index e573526..468a44a 100755
--- a/cron-sh/promisc_check.sh
+++ b/cron-sh/promisc_check.sh
@@ -28,15 +28,11 @@ LogPromisc() {
 
 }
     
-if [[ -f /var/lib/msec/security.conf ]]; then
-    . /var/lib/msec/security.conf
-else
-    echo "/var/lib/msec/security.conf doesn't exist."
-    exit 1
-fi
-
 if [[ -f /etc/security/msec/security.conf ]]; then
     . /etc/security/msec/security.conf
+else
+    echo "/etc/security/msec/security.conf don't exist."
+    exit 1
 fi
 
 if tail /var/log/security.log | grep -q "promiscuous"; then
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index c7ec008..4026c5f 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -24,10 +24,11 @@ if [[ ! -f /var/lib/msec/security.conf ]]; then
     exit 1
 fi
 
-. /var/lib/msec/security.conf
-
-if [ -r /etc/security/msec/security.conf ]; then
+if [[ -f /etc/security/msec/security.conf ]]; then
     . /etc/security/msec/security.conf
+else
+    echo "/etc/security/msec/security.conf don't exist."
+    exit 1
 fi
 
 if [ -r /etc/sysconfig/msec ]; then
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index e9121fe..2062902 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -4,15 +4,11 @@
 # Written by Vandoorselaere Yoann, <yoann@mandrakesoft.com>
 #
 
-if [[ -f /var/lib/msec/security.conf ]]; then
-    . /var/lib/msec/security.conf
-else
-    echo "/var/lib/msec/security.conf don't exist."
-    exit 1
-fi
-
 if [[ -f /etc/security/msec/security.conf ]]; then
     . /etc/security/msec/security.conf
+else
+    echo "/etc/security/msec/security.conf don't exist."
+    exit 1
 fi
 
 if [[ ${CHECK_SECURITY} != yes ]]; then
@@ -59,6 +55,10 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
 fi
 
 if [[ ${CHECK_PERMS} == yes ]]; then
+	# running msec_perms
+fi
+
+if [[ ${CHECK_USER_FILES} == yes ]]; then
 # Files that should not be owned by someone else or readable.
 list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \
 .pgp/secring.pgp .ssh/identity .ssh/id_dsa .ssh/id_rsa .ssh/random_seed"
@@ -139,7 +139,7 @@ if [[ -s $TMP ]] ; then
         printf "\nSecurity Warning: these home directory should not be owned by someone else or writable :\n" >> ${SECURITY}
         cat ${TMP} >> ${SECURITY}
 fi
-fi # End of check perms
+fi # End of CHECK_USER_FILES
 
 ### Passwd file check
 if [[ ${CHECK_PASSWD} == yes ]]; then    
@@ -213,28 +213,31 @@ for file in $list ; do
         fi
 done > ${TMP}
 
-# TODO: do not check on remote shares (#41709)
-getent passwd | awk -F: '{print $1" "$6}' |
-    while read username homedir; do
-	if ! expr "$homedir" : "$FILTER"  > /dev/null; then
-	    for file in .rhosts .shosts; do
-		if [[ -s ${homedir}/${file} ]] ; then
-		    awk '{
-			    if ($0 ~ /^\+@.*$/)
-				next;
-			    if ($0 ~ /^\+.*$/)
-				printf("\t\t- %s: %s\n", FILENAME, $0);
-		    }' ${homedir}/${file}
+### Passwd file check
+if [[ ${CHECK_SHOSTS} == yes ]]; then    
+	# TODO: do not check on remote shares (#41709)
+	getent passwd | awk -F: '{print $1" "$6}' |
+	while read username homedir; do
+		if ! expr "$homedir" : "$FILTER"  > /dev/null; then
+			for file in .rhosts .shosts; do
+				if [[ -s ${homedir}/${file} ]] ; then
+					awk '{
+					if ($0 ~ /^\+@.*$/)
+						next;
+						if ($0 ~ /^\+.*$/)
+							printf("\t\t- %s: %s\n", FILENAME, $0);
+						}' ${homedir}/${file}
+					fi
+				done >> ${TMP}
+			fi
+		done
+
+		if [[ -s ${TMP} ]]; then
+			printf "\nSecurity Warning: '+' character found in hosts trusting files,\n" >> ${SECURITY}
+			printf "\tthis probably mean that you trust certains users/domain\n" >> ${SECURITY}
+			printf "\tto connect on this host without proper authentication :\n" >> ${SECURITY}
+			cat ${TMP} >> ${SECURITY}
 		fi
-	    done >> ${TMP}
-	fi
-    done
-	
-if [[ -s ${TMP} ]]; then
-    printf "\nSecurity Warning: '+' character found in hosts trusting files,\n" >> ${SECURITY}
-    printf "\tthis probably mean that you trust certains users/domain\n" >> ${SECURITY}
-    printf "\tto connect on this host without proper authentication :\n" >> ${SECURITY}
-    cat ${TMP} >> ${SECURITY}
 fi
 
 ### executables should not be in the aliases file.
-- 
cgit v1.2.1