Sat, 18 Jul 2020 15:55:11 +0200
Version 0.23 some fixes for newer awk versions.
5 | 1 | #!/bin/bash |
2 | # | |
3 | ############################################################################# | |
17
65656789da08
Removed uptime script, changed passwd test, minimized sensors output, bumped to version 0.18
Michiel Broek <mbroek@mbse.eu>
parents:
14
diff
changeset
|
4 | # Copyright (C) 2005-2013 |
5 | 5 | # |
17
65656789da08
Removed uptime script, changed passwd test, minimized sensors output, bumped to version 0.18
Michiel Broek <mbroek@mbse.eu>
parents:
14
diff
changeset
|
6 | # Michiel Broek <mbse at mbse.eu> |
5 | 7 | # |
14
59e07bba67cc
Fixed spelling error, updated address
Michiel Broek <mbse@mbse.eu>
parents:
5
diff
changeset
|
8 | # This file is part of SlackSecCheckScripts. |
5 | 9 | # |
10 | # This package is free software; you can redistribute it and/or modify it | |
11 | # under the terms of the GNU General Public License as published by the | |
12 | # Free Software Foundation; either version 2, or (at your option) any | |
13 | # later version. | |
14 | # | |
14
59e07bba67cc
Fixed spelling error, updated address
Michiel Broek <mbse@mbse.eu>
parents:
5
diff
changeset
|
15 | # SlackSecCheckScripts is distributed in the hope that it will be useful, but |
5 | 16 | # WITHOUT ANY WARRANTY; without even the implied warranty of |
17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | # General Public License for more details. | |
19 | # | |
20 | # You should have received a copy of the GNU General Public License | |
21 | # along with MBSE BBS; see the file COPYING. If not, write to the Free | |
22 | # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. | |
23 | ############################################################################# | |
24 | ||
25 | ||
26 | PATH=/sbin:/usr/sbin:/bin:/usr/bin | |
27 | ||
28 | umask 077 | |
29 | TZ=UTC; export TZ | |
30 | LANG=C; export LANG | |
31 | ||
32 | MP=/etc/passwd | |
33 | SP=/etc/shadow | |
34 | ||
35 | SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 | |
36 | ||
37 | trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE | |
38 | ||
39 | if ! cd "$SECUREDIR"; then | |
40 | echo "Can not cd to $SECUREDIR". | |
41 | exit 1 | |
42 | fi | |
43 | ||
44 | MPBYPATH=secure1.$$ | |
45 | OUTPUT=secure2.$$ | |
46 | ||
47 | # These are used several times. | |
48 | # | |
49 | awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH | |
50 | ||
51 | ||
52 | # Files that should not have + signs. | |
53 | # | |
54 | list="/etc/hosts.equiv /etc/hosts.lpd" | |
55 | for f in $list ; do | |
56 | if [ -f $f ] && egrep '\+' $f > /dev/null ; then | |
57 | printf "\nPlus sign in $f file.\n" | |
58 | fi | |
59 | done | |
60 | ||
61 | # Check for special users with .rhosts files. Only root and toor should | |
62 | # have .rhosts files. Also, .rhosts files should not have plus signs. | |
63 | awk -F: '$1 != "root" && $1 != "toor" && ($3 < 100 || $1 == "ftp" || $1 == "uucp") \ | |
64 | { print $1 " " $6 }' $MP | | |
65 | sort -k2 | | |
66 | while read uid homedir; do | |
67 | if [ -f ${homedir}/.rhosts ] ; then | |
68 | rhost=`/bin/ls -ldg ${homedir}/.rhosts` | |
69 | printf -- "$uid: $rhost\n" | |
70 | fi | |
71 | done > $OUTPUT | |
72 | if [ -s $OUTPUT ] ; then | |
73 | printf "\nChecking for special users with .rhosts files.\n" | |
74 | cat $OUTPUT | |
75 | fi | |
76 | while read uid homedir; do | |
77 | if [ -f ${homedir}/.rhosts -a -r ${homedir}/.rhosts ] && \ | |
78 | cat ${homedir}/.rhosts | egrep '\+' > /dev/null ; then | |
79 | printf -- "$uid: + in .rhosts file.\n" | |
80 | fi | |
81 | done < $MPBYPATH > $OUTPUT | |
82 | if [ -s $OUTPUT ] ; then | |
83 | printf "\nChecking .rhosts files syntax.\n" | |
84 | cat $OUTPUT | |
85 | fi | |
86 | ||
87 |