sscs: comparison security.d/chk

--1:000000000000
+:fe3130d22800
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+umask 077
+TZ=UTC; export TZ
+MP=/etc/passwd
+LANG=C; export LANG
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+if ! cd "$SECUREDIR"; then
+echo "Can not cd to $SECUREDIR".
+exit 1
+fi
+MPBYPATH=secure1.$$
+OUTPUT=secure2.$$
+# These are used several times.
+#
+awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH
+# Check home directories.  Directories should not be owned by someone else
+# or writeable.
+#
+while read uid homedir; do
+if [ -d ${homedir}/ ] ; then
+	file=`/bin/ls -ld ${homedir}`
+	printf -- "$uid $file\n"
+fi
+done < $MPBYPATH |
+awk '$1 != $4 && $4 != "root" { printf "\tuser %s home directory is owned by %s.\n", $1, $4 }
+$2 ~ /^.....w/ { printf "\tuser %s home directory %s is group writeable.\n", $1, $10 }
+$2 ~ /^........w/ { printf "\tuser %s home directory %s is other writeable.\n", $1, $10 }' \
+> $OUTPUT
+if [ -s $OUTPUT ] ; then
+printf "\nChecking home directories.\n"
+cat $OUTPUT
+fi
+# Files that should not be owned by someone else or readable.
+list=".Xauthority .netrc .ssh/id_dsa .ssh/id_rsa .ssh/identity"
+while read uid homedir; do
+for f in $list ; do
+	file=${homedir}/${f}
+	if [ -f $file ] ; then
+	    printf -- "$uid $f `/bin/ls -ld $file`\n"
+	fi
+done
+done < $MPBYPATH |
+awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 }
+$3 ~ /^....r/ { printf "\tuser %s %s file is group readable.\n", $1, $2 }
+$3 ~ /^.......r/ { printf "\tuser %s %s file is other readable.\n", $1, $2 }
+$3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 }
+$3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \
+> $OUTPUT
+# Files that should not be owned by someone else or writeable.
+list=".bash_history .bash_login .bash_logout .bash_profile .bashrc \
+.cshrc .emacs .exrc .forward .history .klogin .login .logout \
+.profile .qmail .rc_history .rhosts .shosts ssh .tcshrc .twmrc \
+.xinitrc .xsession .ssh/authorized_keys .ssh/authorized_keys2 \
+.ssh/config .ssh/id_dsa.pub .ssh/id_rsa.pub .ssh/identity.pub \
+.ssh/known_hosts .ssh/known_hosts2"
+while read uid homedir; do
+for f in $list ; do
+	file=${homedir}/${f}
+	if [ -f $file ] ; then
+	    printf -- "$uid $f `/bin/ls -ld $file`\n"
+	fi
+done
+done < $MPBYPATH |
+awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 }
+$3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 }
+$3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \
+>> $OUTPUT
+if [ -s $OUTPUT ] ; then
+printf "\nChecking dot files.\n"
+cat $OUTPUT
+fi

comparison: security.d/chk_homedirs

security.d/chk_homedirs

Mercurial > sscs / file comparison

comparison: security.d/chk_homedirs

security.d/chk_homedirs