Tue, 15 Apr 2014 14:45:38 +0200
Fixed permission errors on .gvfs virtual filesystems. Bumped to version 0.21
5 | 1 | #!/bin/bash |
2 | # | |
3 | ############################################################################# | |
17
65656789da08
Removed uptime script, changed passwd test, minimized sensors output, bumped to version 0.18
Michiel Broek <mbroek@mbse.eu>
parents:
14
diff
changeset
|
4 | # Copyright (C) 2005-2013 |
5 | 5 | # |
17
65656789da08
Removed uptime script, changed passwd test, minimized sensors output, bumped to version 0.18
Michiel Broek <mbroek@mbse.eu>
parents:
14
diff
changeset
|
6 | # Michiel Broek <mbse at mbse.eu> |
5 | 7 | # |
14
59e07bba67cc
Fixed spelling error, updated address
Michiel Broek <mbse@mbse.eu>
parents:
8
diff
changeset
|
8 | # This file is part of SlackSecCheckScripts. |
5 | 9 | # |
10 | # This package is free software; you can redistribute it and/or modify it | |
11 | # under the terms of the GNU General Public License as published by the | |
12 | # Free Software Foundation; either version 2, or (at your option) any | |
13 | # later version. | |
14 | # | |
14
59e07bba67cc
Fixed spelling error, updated address
Michiel Broek <mbse@mbse.eu>
parents:
8
diff
changeset
|
15 | # SlackSecCheckScripts is distributed in the hope that it will be useful, but |
5 | 16 | # WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | # General Public License for more details. | |
19 | # | |
20 | # You should have received a copy of the GNU General Public License | |
21 | # along with MBSE BBS; see the file COPYING. If not, write to the Free | |
22 | # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. | |
23 | ############################################################################# | |
24 | ||
25 | ||
26 | PATH=/sbin:/usr/sbin:/bin:/usr/bin | |
27 | ||
28 | umask 077 | |
29 | TZ=UTC; export TZ | |
30 | MP=/etc/passwd | |
31 | LANG=C; export LANG | |
32 | ||
33 | SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 | |
34 | ||
35 | trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE | |
36 | ||
37 | if ! cd "$SECUREDIR"; then | |
38 | echo "Can not cd to $SECUREDIR". | |
39 | exit 1 | |
40 | fi | |
41 | ||
42 | MPBYPATH=secure1.$$ | |
43 | OUTPUT=secure2.$$ | |
44 | ||
45 | ||
46 | # These are used several times. | |
47 | # | |
48 | awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH | |
49 | ||
50 | ||
51 | # Check home directories. Directories should not be owned by someone else | |
52 | # or writeable. | |
53 | # | |
54 | while read uid homedir; do | |
55 | if [ -d ${homedir}/ ] ; then | |
8
5209729bbbac
Fix for symliked home directories
Michiel Broek <mbroek@mbse.eu>
parents:
5
diff
changeset
|
56 | file=`/bin/ls -ld ${homedir}/` |
5 | 57 | printf -- "$uid $file\n" |
58 | fi | |
59 | done < $MPBYPATH | | |
60 | awk '$1 != $4 && $4 != "root" { printf "\tuser %s home directory is owned by %s.\n", $1, $4 } | |
61 | $2 ~ /^.....w/ { printf "\tuser %s home directory %s is group writeable.\n", $1, $10 } | |
62 | $2 ~ /^........w/ { printf "\tuser %s home directory %s is other writeable.\n", $1, $10 }' \ | |
63 | > $OUTPUT | |
64 | if [ -s $OUTPUT ] ; then | |
65 | printf "\nChecking home directories.\n" | |
66 | cat $OUTPUT | |
67 | fi | |
68 | ||
69 | # Files that should not be owned by someone else or readable. | |
70 | list=".Xauthority .netrc .ssh/id_dsa .ssh/id_rsa .ssh/identity" | |
71 | while read uid homedir; do | |
72 | for f in $list ; do | |
73 | file=${homedir}/${f} | |
74 | if [ -f $file ] ; then | |
75 | printf -- "$uid $f `/bin/ls -ld $file`\n" | |
76 | fi | |
77 | done | |
78 | done < $MPBYPATH | | |
79 | awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } | |
80 | $3 ~ /^....r/ { printf "\tuser %s %s file is group readable.\n", $1, $2 } | |
81 | $3 ~ /^.......r/ { printf "\tuser %s %s file is other readable.\n", $1, $2 } | |
82 | $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } | |
83 | $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ | |
84 | > $OUTPUT | |
85 | # Files that should not be owned by someone else or writeable. | |
86 | list=".bash_history .bash_login .bash_logout .bash_profile .bashrc \ | |
87 | .cshrc .emacs .exrc .forward .history .klogin .login .logout \ | |
88 | .profile .qmail .rc_history .rhosts .shosts ssh .tcshrc .twmrc \ | |
89 | .xinitrc .xsession .ssh/authorized_keys .ssh/authorized_keys2 \ | |
90 | .ssh/config .ssh/id_dsa.pub .ssh/id_rsa.pub .ssh/identity.pub \ | |
91 | .ssh/known_hosts .ssh/known_hosts2" | |
92 | while read uid homedir; do | |
93 | for f in $list ; do | |
94 | file=${homedir}/${f} | |
95 | if [ -f $file ] ; then | |
96 | printf -- "$uid $f `/bin/ls -ld $file`\n" | |
97 | fi | |
98 | done | |
99 | done < $MPBYPATH | | |
100 | awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } | |
101 | $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } | |
102 | $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ | |
103 | >> $OUTPUT | |
104 | if [ -s $OUTPUT ] ; then | |
105 | printf "\nChecking dot files.\n" | |
106 | cat $OUTPUT | |
107 | fi | |
108 | ||
109 |