diff -r 000000000000 -r 8ba6a0e2d2ca security.d/chk_mailbox --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_mailbox Sat Mar 31 13:32:06 2007 +0200 @@ -0,0 +1,64 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +OUTPUT=secure1.$$ + + +# Mailboxes should be owned by user and unreadable. +# +/bin/ls -l /var/spool/mail | \ +awk ' NR == 1 { next; } + $3 != $9 { + printf "\tUser %s mailbox is owned by %s.\n", $9, $3 + } + $1 != "-rw-rw----" || $4 != "mail" { + printf "\tUser %s mailbox is %s, group %s.\n", $9, $1, $4 + }' > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking mailbox ownership.\n" + cat $OUTPUT +fi + +