blob: ef9fe6d120feb4a3b305542c3c1a8129269d96e2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/bin/bash
# msec: sectool check
# check if we are run from main script
if [ -z "$MSEC_TMP" -o -z "$INFOS" -o -z "$SECURITY" -o -z "$DIFF" -o -z "$SECURITY_LOG" -o -z "${CURRENT_CHECK_TYPE}" ]; then
# variables are set in security.sh and propagated to the subscripts
echo "Error: this check should be run by the main msec security check!"
echo " do not run it directly unless you know what you are doing."
return 1
fi
# check for changes in users
SECTOOL_TODAY="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.today"
SECTOOL_YESTERDAY="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.yesterday"
SECTOOL_DIFF="/var/log/security/sectool.${CURRENT_CHECK_TYPE}.diff"
if [[ -f ${SECTOOL_TODAY} ]]; then
mv ${SECTOOL_TODAY} ${SECTOOL_YESTERDAY};
fi
# check for changes in sectool results
if check_is_enabled "${CHECK_SECTOOL}" ; then
if [ -x /usr/sbin/sectool ]; then
if [ ! -z "$CHECK_SECTOOL_LEVEL" ]; then
sectool_params="-L ${CHECK_SECTOOL_LEVEL}"
else
sectool_params="-a"
fi
sectool $sectool_params > ${SECTOOL_TODAY}
Filter ${SECTOOL_TODAY} CHECK_SECTOOL
if [[ -s ${SECTOOL_TODAY} ]]; then
printf "\nSectool report:\n" >> ${SECURITY}
cat ${SECTOOL_TODAY} >> ${SECURITY}
fi
Diffcheck ${SECTOOL_TODAY} ${SECTOOL_YESTERDAY} ${SECTOOL_DIFF} "sectool results"
else
printf "\nSectool check skipped: sectool not found" >> ${SECURITY}
echo "Sectool check: skipped (sectool not found)" >> ${INFOS}
fi
fi
|