Sat, 18 Jul 2020 15:55:11 +0200
Version 0.23 some fixes for newer awk versions.
#!/bin/bash # ############################################################################# # Copyright (C) 2005-2020 # # Michiel Broek <mbse at mbse.eu> # # This file is part of SlackSecCheckScripts. # # This package is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2, or (at your option) any # later version. # # SlackSecCheckScripts is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MBSE BBS; see the file COPYING. If not, write to the Free # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. ############################################################################# PATH=/sbin:/usr/sbin:/bin:/usr/bin umask 077 TZ=UTC; export TZ LANG=C; export LANG SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE if ! cd "$SECUREDIR"; then echo "Can not cd to $SECUREDIR". exit 1 fi OUTPUT=secure1.$$ # NFS exports shouldn't be globally exported # if [ -f /etc/exports ]; then cat /etc/exports | awk '{ # ignore comments and blank lines if ($0 ~ /^#/ || $0 ~ /^$/ ) next; readwrite = 0; global = 0; for (i = 2; i <= NF; ++i) { if ($i ~ /*/) global = 1; if ($i ~ /rw/) readwrite = 1; } if (global) { if (readwrite) printf "\tFile system %s globally exported, read-write.\n", $1 else printf "\tFile system %s globally exported, read-only.\n", $1 } }' > $OUTPUT if [ -s $OUTPUT ] ; then printf "\nChecking for globally exported file nfs systems.\n" cat $OUTPUT fi fi