security.d/chk_mailbox

Sat, 18 Jul 2020 15:55:11 +0200

author
Michiel Broek <mbroek@mbse.eu>
date
Sat, 18 Jul 2020 15:55:11 +0200
changeset 23
b66522a5726e
parent 17
65656789da08
permissions
-rw-r--r--

Version 0.23 some fixes for newer awk versions.

#!/bin/bash
#
#############################################################################
# Copyright (C) 2005-2013
#   
# Michiel Broek               <mbse at mbse.eu>
#
# This file is part of SlackSecCheckScripts.
#
# This package is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2, or (at your option) any
# later version.
#
# SlackSecCheckScripts is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with MBSE BBS; see the file COPYING.  If not, write to the Free
# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
#############################################################################


PATH=/sbin:/usr/sbin:/bin:/usr/bin

umask 077
TZ=UTC; export TZ
LANG=C; export LANG

SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1

trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE

if ! cd "$SECUREDIR"; then
        echo "Can not cd to $SECUREDIR".
        exit 1
fi

OUTPUT=secure1.$$


# Mailboxes should be owned by user and unreadable.
#
/bin/ls -l /var/spool/mail | grep -v ^d | \
awk '   NR == 1 { next; }
    $3 != $9 {
	printf "\tUser %s mailbox is owned by %s.\n", $9, $3
    }
    $1 != "-rw-rw----" || $4 != "mail" {
	printf "\tUser %s mailbox is %s, group %s.\n", $9, $1, $4
    }' > $OUTPUT
if [ -s $OUTPUT ] ; then
    printf "\nChecking mailbox ownership.\n"
    cat $OUTPUT
fi

mercurial