# HG changeset patch # User Mercurial Repos # Date 1231963955 -3600 # Node ID fe3130d22800087f52e03216e32f3a198a95ce62 Conversion from CVS diff -r 000000000000 -r fe3130d22800 .hgtags --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgtags Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,1 @@ +f9abaff2e0268c05fe5a125d49d97b8567128b8f MAIN diff -r 000000000000 -r fe3130d22800 cron.daily/security --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cron.daily/security Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,74 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +export PATH=/bin:/usr/bin:/sbin:/usr/sbin +umask 077 +LANG=C; export LANG + +fqdn=`hostname -f` +date=`date` + +if [ "${MAILTO}" = "" ]; then + MAILTO=root@$fqdn +fi + +DAILYDIR=`mktemp -d /tmp/_daily.XXXXXX` || exit 1 +SECOUT="$DAILYDIR/secout" +TMP1="$DAILYDIR/tmp1" + +trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT + +if ! cd "$DAILYDIR"; then + echo "Can not cd to $DAILYDIR". + exit 1 +fi + + +# Check chk_* scripts in /etc/security.d which are executable +# and run them. Any script output is appended to the report +# +for f in `/bin/ls /etc/security.d/chk_*` +do + if [ -x $f ]; then + rm -f $TMP1 + $f > $TMP1 + if [ -s $TMP1 ]; then + cat $TMP1 >> $SECOUT + echo "" >> $SECOUT + echo "------------------------------------------------------------------------------" >> $SECOUT + fi + fi +done + + +if [ ! -s "$SECOUT" ]; then + echo "Nothing to report on $date" > $SECOUT +fi +env MAILRC=/dev/null mail -s "$fqdn daily insecurity output for $date" $MAILTO < $SECOUT + diff -r 000000000000 -r fe3130d22800 security.d/chk_aliases --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_aliases Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,59 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +OUTPUT=secure1.$$ + + +# Uudecode should not be in the /etc/mail/aliases file. +# +for f in /etc/mail/aliases /etc/aliases /etc/postfix/aliases; do + if [ -f $f ]; then + egrep '^[^#]*(uudecode)' $f >> $OUTPUT + fi +done +if [ -s $OUTPUT ] ; then + printf "\nUnwanted entries in the aliases file:\n" + cat $OUTPUT +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_clamav --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_clamav Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,59 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +OUTPUT=secure1.$$ + + +if [ -x /usr/bin/clamscan ]; then + echo "" |clamscan --quiet - >> $OUTPUT 2>&1 +fi + +if [ -s $OUTPUT ] ; then + printf "\nChecking: " + clamscan --version + cat $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_dev --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_dev Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,87 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2006-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +backup_dir=/var/cache/sscs +mkdir -p "$backup_dir" + +CURR=${backup_dir}/dev.current +BACK=${backup_dir}/dev.backup +TMP1=$SECUREDIR/tmp1 +TMP2=$SECUREDIR/tmp2 +TMP3=$SECUREDIR/tmp3 + +if [ ! -f $CURR ]; then + # No database, install new database + find / \( -type b -o -type c \) -print0 2>/dev/null | xargs -0 /bin/ls -ldq --full-time | sort -k10 | egrep -v ptmx > $CURR + exit +fi + +# Database is present, create temp database +# +find / \( -type b -o -type c \) -print0 2>/dev/null | xargs -0 /bin/ls -ldq --full-time | sort -k10 | egrep -v ptmx > $TMP1 +changed=0 + +diff -b $TMP1 $CURR > $TMP2 +if [ -s $TMP2 ]; then + egrep '>' $TMP2 > $TMP3 + if [ -s $TMP3 ]; then + printf "\nOld or updated device files:\n" + cat $TMP3 | tr '>' ' ' + fi + egrep '<' $TMP2 > $TMP3 + if [ -s $TMP3 ]; then + printf "\nNew or updated device files:\n" + cat $TMP3 | tr '<' ' ' + fi + changed=1 +fi + + +# If changes were seen, update the database +# +if [ "$changed" == "1" ]; then + cat $CURR > $BACK + cat $TMP1 > $CURR +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_exports --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_exports Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,77 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +OUTPUT=secure1.$$ + +# NFS exports shouldn't be globally exported +# +if [ -f /etc/exports ]; then + cat /etc/exports | awk '{ + # ignore comments and blank lines + if ($0 ~ /^\#/ || $0 ~ /^$/ ) + next; + readwrite = 0; + global = 0; + for (i = 2; i <= NF; ++i) { + if ($i ~ /*/) + global = 1; + if ($i ~ /rw/) + readwrite = 1; + } + if (global) { + if (readwrite) + printf "\tFile system %s globally exported, read-write.\n", $1 + else + printf "\tFile system %s globally exported, read-only.\n", $1 + } + }' > $OUTPUT + + if [ -s $OUTPUT ] ; then + printf "\nChecking for globally exported file nfs systems.\n" + cat $OUTPUT + fi +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_group --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_group Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,81 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +max_grouplen=${max_grouplen:-16} +OUTPUT=secure1.$$ + +# Check group file +# +GRP=/etc/group +awk -F: -v "len=$max_grouplen" '{ + if ($0 ~ /^[ ]*$/) { + printf "\tLine %d is a blank line.\n", NR; + next; + } + if (NF != 4 && ($1 != "+" || NF != 1)) + printf "\tLine %d has the wrong number of fields.\n", NR; + if ($1 == "+" ) { + next; + } + if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])*$/) + printf "\tGroup %s has non-alphanumeric characters.\n", + $1; + if (length($1) > len) + printf "\tGroup %s has more than "len" characters.\n", $1; + if ($3 !~ /[0-9]*/) + printf "\tLogin %s has a negative group id.\n", $1; +}' < $GRP > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking the $GRP file:\n" + cat $OUTPUT +fi + +awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\n\t$GRP has duplicate group names.\n" + column $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_homedirs --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_homedirs Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,114 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +MP=/etc/passwd +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +MPBYPATH=secure1.$$ +OUTPUT=secure2.$$ + + +# These are used several times. +# +awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH + + +# Check home directories. Directories should not be owned by someone else +# or writeable. +# +while read uid homedir; do + if [ -d ${homedir}/ ] ; then + file=`/bin/ls -ld ${homedir}` + printf -- "$uid $file\n" + fi +done < $MPBYPATH | +awk '$1 != $4 && $4 != "root" { printf "\tuser %s home directory is owned by %s.\n", $1, $4 } + $2 ~ /^.....w/ { printf "\tuser %s home directory %s is group writeable.\n", $1, $10 } + $2 ~ /^........w/ { printf "\tuser %s home directory %s is other writeable.\n", $1, $10 }' \ +> $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking home directories.\n" + cat $OUTPUT +fi + +# Files that should not be owned by someone else or readable. +list=".Xauthority .netrc .ssh/id_dsa .ssh/id_rsa .ssh/identity" +while read uid homedir; do + for f in $list ; do + file=${homedir}/${f} + if [ -f $file ] ; then + printf -- "$uid $f `/bin/ls -ld $file`\n" + fi + done +done < $MPBYPATH | +awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } + $3 ~ /^....r/ { printf "\tuser %s %s file is group readable.\n", $1, $2 } + $3 ~ /^.......r/ { printf "\tuser %s %s file is other readable.\n", $1, $2 } + $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } + $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ + > $OUTPUT +# Files that should not be owned by someone else or writeable. +list=".bash_history .bash_login .bash_logout .bash_profile .bashrc \ + .cshrc .emacs .exrc .forward .history .klogin .login .logout \ + .profile .qmail .rc_history .rhosts .shosts ssh .tcshrc .twmrc \ + .xinitrc .xsession .ssh/authorized_keys .ssh/authorized_keys2 \ + .ssh/config .ssh/id_dsa.pub .ssh/id_rsa.pub .ssh/identity.pub \ + .ssh/known_hosts .ssh/known_hosts2" +while read uid homedir; do + for f in $list ; do + file=${homedir}/${f} + if [ -f $file ] ; then + printf -- "$uid $f `/bin/ls -ld $file`\n" + fi + done +done < $MPBYPATH | +awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } + $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } + $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ + >> $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking dot files.\n" + cat $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_homespace --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_homespace Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,69 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +MP=/etc/passwd +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +MPBYPATH=secure1.$$ +OUTPUT=secure2.$$ + + +# These are used several times. +# +awk -F: '{ print $1 " " $3 " " $6 }' $MP > $MPBYPATH + + +while read name uid homedir; do + if [ -d ${homedir}/ ] && [ "`expr $uid \>= 1000`" == "1" ]; then + USAGE=`du -s --block-size=1048576 -h $homedir | cut -f 1` + SPACE=`df -khTP $homedir | tail -n 1 | awk '{ print $3 }'` + printf -- "%-16s %6s %6s $homedir\n" $name $USAGE $SPACE + fi +done < $MPBYPATH > $OUTPUT +if [ -s $OUTPUT ] ; then + printf -- "\n Diskspace used by users.\n\n" + printf -- "Username used size homedirectory\n" + printf -- "---------------- ------ ------ -------------\n" + cat $OUTPUT +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_logs --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_logs Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,65 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +TMP2=secure1.$$ +OUTPUT=secure4.$$ + +egrep ' useradd\[' /var/log/secure > $TMP2 +egrep ' userdel\[' /var/log/secure >> $TMP2 +egrep ' usermod\[' /var/log/secure >> $TMP2 +egrep ' groupadd\[' /var/log/secure >> $TMP2 +egrep ' groupdel\[' /var/log/secure >> $TMP2 +egrep ' groupmod\[' /var/log/secure >> $TMP2 +egrep ' passwd\[' /var/log/secure >> $TMP2 +egrep ' sudo:' /var/log/messages >> $TMP2 + +cat $TMP2 | sort > $OUTPUT + +if [ -s $OUTPUT ] ; then + printf "\nImportant logfile entries:\n" + column $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_mailbox --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_mailbox Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,64 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +OUTPUT=secure1.$$ + + +# Mailboxes should be owned by user and unreadable. +# +/bin/ls -l /var/spool/mail | \ +awk ' NR == 1 { next; } + $3 != $9 { + printf "\tUser %s mailbox is owned by %s.\n", $9, $3 + } + $1 != "-rw-rw----" || $4 != "mail" { + printf "\tUser %s mailbox is %s, group %s.\n", $9, $1, $4 + }' > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking mailbox ownership.\n" + cat $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_mailqueue --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_mailqueue Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,55 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +TMP=$SECUREDIR/tmp + +# Check mailqueue +# +mailq > $TMP +if ! grep -q "queue is empty$" $TMP; then + echo "" + echo "mail:" + cat $TMP +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_passwd --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_passwd Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,138 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +max_loginlen=${max_loginlen:-32} + +MP=/etc/passwd +SP=/etc/shadow + + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +TMP2=secure1.$$ +MPBYUID=secure2.$$ +COMBINED=secure3.$$ +OUTPUT=secure4.$$ + +# Combine passwd and shadow files. +# +join -t : -j 1 $MP $SP > $COMBINED + + +# These are used several times. +# +awk -F: '!/^+/ { print $1 " " $3 }' $MP | sort -k2n > $MPBYUID + + +# Check the master password file syntax. +# Usernames may have a $ character at the end for Samba +# machine and trust accounts. +# +awk -v "len=$max_loginlen" ' + BEGIN { + while ( getline < "/etc/shells" > 0 ) { + if ($0 ~ /^\#/ || $0 ~ /^$/ ) + continue; + shells[$1]++; + } + FS=":"; + } + + { + if ($0 ~ /^[ ]*$/) { + printf "\tLine %d is a blank line.\n", NR; + next; + } + if (NF != 15 && ($1 != "+" || NF != 1)) + printf "\tLine %d has the wrong number of fields.\n", NR; + if ($1 == "+" ) { + if (NF != 1 && $3 == 0) + printf "\tLine %d includes entries with uid 0.\n", NR; + next; + } + if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9\$])*$/) + printf "\tLogin %s has non-alphanumeric characters.\n", $1; + if (length($1) > len) + printf "\tLogin %s has more than "len" characters.\n", $1; + if ($7 == "" && $8 !~ /!/ && $8 != "*") + printf "\tLogin %s does not have a shell\n", $1; + if ($7 != "" && ! shells[$7] && $8 !~ /!/ && $8 != "*") + printf "\tLogin %s does not have a valid shell (%s)\n", $1, $7; + if ($7 != "" && shells[$7] && ($8 ~ /!/ && $8 = "*")) + printf "\tLogin %s account is locked.\n", $1; + if ($8 == "") + printf "\tLogin %s has no password.\n", $1; + if ($9 == "0") + printf "\tLogin %s password is expired.\n", $1; + if ($3 == 0 && $1 != "root" && $1 != "toor") + printf "\tLogin %s has a user id of 0.\n", $1; + if ($3 < 0) + printf "\tLogin %s has a negative user id.\n", $1; + if ($4 < 0) + printf "\tLogin %s has a negative group id.\n", $1; + }' < $COMBINED > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking the $MP and $SP files:\n" + cat $OUTPUT +fi + +awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\n$MP has duplicate user names.\n" + column $OUTPUT +fi + +# To not exclude 'toor', a standard duplicate root account, from the duplicate +# account test, uncomment the line below (without egrep in it)and comment +# out the line (with egrep in it) below it. +# +#< $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2 +< $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 +if [ -s $TMP2 ] ; then + printf "\n$MP has duplicate user id's.\n" + while read uid; do + grep -w $uid $MPBYUID + done < $TMP2 | column +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_pkgs --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_pkgs Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,91 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +backup_dir=/var/cache/sscs +pkgdb_dir=/var/log/packages + +mkdir -p "$backup_dir" + +CURR=${backup_dir}/pkgs.current +BACK=${backup_dir}/pkgs.backup +TMP1=$SECUREDIR/tmp1 +TMP2=$SECUREDIR/tmp2 + +if [ ! -f $CURR ]; then + # No database, install new database + ( cd $pkgdb_dir + /bin/ls -ld --full-time * | sort -k9 > $CURR + ) + exit +fi + +# Database is present, create temp database +# +( cd $pkgdb_dir + /bin/ls -ld --full-time * | sort -k9 > $TMP1 +) +changed=0 + +join -v 1 -j 9 $TMP1 $CURR > $TMP2 +if [ -s $TMP2 ]; then + printf "\nNew installed packages:\n" + cat $TMP2 | awk '{ printf "\t%s\n", $1 }' + changed=1 +fi + +join -v 1 -j 9 $CURR $TMP1 > $TMP2 +if [ -s $TMP2 ]; then + printf "\nRecent removed packages:\n" + cat $TMP2 | awk '{ printf "\t%s\n", $1 }' + changed=1 +fi + + +# If changes were seen, update the database +# +if [ "$changed" == "1" ]; then + cat $CURR > $BACK + cat $TMP1 > $CURR +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_plussigns --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_plussigns Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,92 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +MP=/etc/passwd +SP=/etc/shadow + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +MPBYPATH=secure1.$$ +OUTPUT=secure2.$$ + +# These are used several times. +# +awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH + + +# Files that should not have + signs. +# +list="/etc/hosts.equiv /etc/hosts.lpd" +for f in $list ; do + if [ -f $f ] && egrep '\+' $f > /dev/null ; then + printf "\nPlus sign in $f file.\n" + fi +done + +# Check for special users with .rhosts files. Only root and toor should +# have .rhosts files. Also, .rhosts files should not have plus signs. +awk -F: '$1 != "root" && $1 != "toor" && ($3 < 100 || $1 == "ftp" || $1 == "uucp") \ + { print $1 " " $6 }' $MP | + sort -k2 | + while read uid homedir; do + if [ -f ${homedir}/.rhosts ] ; then + rhost=`/bin/ls -ldg ${homedir}/.rhosts` + printf -- "$uid: $rhost\n" + fi + done > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking for special users with .rhosts files.\n" + cat $OUTPUT +fi +while read uid homedir; do + if [ -f ${homedir}/.rhosts -a -r ${homedir}/.rhosts ] && \ + cat ${homedir}/.rhosts | egrep '\+' > /dev/null ; then + printf -- "$uid: + in .rhosts file.\n" + fi +done < $MPBYPATH > $OUTPUT +if [ -s $OUTPUT ] ; then + printf "\nChecking .rhosts files syntax.\n" + cat $OUTPUT +fi + + diff -r 000000000000 -r fe3130d22800 security.d/chk_rootdotfiles --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_rootdotfiles Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,157 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +TMP1=secure1.$$ +OUTPUT=secure2.$$ + + +# Check for root paths, umask values in startup files. +# The check for the root paths is problematical -- it's likely to fail +# in other environments. Once the shells have been modified to warn +# of '.' in the path, the path tests should go away. +# +rhome=~root +umaskset=no + +if [ -x /bin/tcsh ]; then + list="/etc/csh.cshrc /etc/csh.login ${rhome}/.cshrc ${rhome}/.login `/bin/ls /etc/profile.d/*.csh`" + + for i in $list ; do + if [ -f $i ] ; then + if egrep '^[^#]*(umask)' $i > /dev/null ; + then + umaskset=yes + fi + # Double check the umask value itself; ensure that + # both the group and other write bits are set. + # + egrep '^[^#]*(umask)' $i | + awk '{ + if ($2 ~ /^.$/ || $2 ~! /[^2367].$/) { + print "\tRoot umask is group writeable" + } + if ($2 ~ /[^2367]$/) { + print "\tRoot umask is other writeable" + } + }' | sort -u + SAVE_PATH=$PATH + unset PATH + /bin/csh -f -s << end-of-csh > /dev/null 2>&1 + source $i + /bin/ls -ldgT \$path > $TMP1 +end-of-csh + export PATH=$SAVE_PATH + if [ -f $TMP1 ]; then + awk '{ + if ($10 ~ /^\.$/) { + print "\tThe root path includes ."; + next; + } + } + $1 ~ /^d....w/ \ + { print "\tRoot path directory " $10 " is group writeable." } \ + $1 ~ /^d.......w/ \ + { print "\tRoot path directory " $10 " is other writeable." }' \ + < $TMP1 + fi + fi + done > $OUTPUT + + if [ $umaskset = "no" -o -s $OUTPUT ] ; then + printf "\nChecking root csh paths, umask values:\n$list\n\n" + if [ -s $OUTPUT ]; then + cat $OUTPUT + fi + if [ $umaskset = "no" ] ; then + printf "\tRoot csh startup files do not set the umask.\n" + fi + fi +fi + +umaskset=no +list="/etc/profile ${rhome}/.profile `/bin/ls /etc/profile.d/*.sh`" +for i in $list; do + if [ -f $i ] ; then + if egrep '^[^#]*(umask)' $i > /dev/null ; then + umaskset=yes + fi + egrep '^[^#]*(umask)' $i | + awk '$2 ~ /^.$/ || $2 ~ /[^2367].$/ \ + { print "\tRoot umask is group writeable" } \ + $2 ~ /[^2367]$/ \ + { print "\tRoot umask is other writeable" }' + SAVE_PATH=$PATH + unset PATH + /bin/sh << end-of-sh > /dev/null 2>&1 + . $i + list=\`echo \$PATH | /usr/bin/sed -e \ + 's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g'\` + /bin/ls -ldgT \$list > $TMP1 +end-of-sh + export PATH=$SAVE_PATH + awk '{ + if ($10 ~ /^\.$/) { + print "\tThe root path includes ."; + next; + } + } + $1 ~ /^d....w/ \ + { print "\tRoot path directory " $10 " is group writeable." } \ + $1 ~ /^d.......w/ \ + { print "\tRoot path directory " $10 " is other writeable." }' \ + < $TMP1 + fi +done > $OUTPUT + +if [ $umaskset = "no" -o -s $OUTPUT ] ; then + printf "\nChecking root sh paths, umask values:\n$list\n" + if [ -s $OUTPUT ]; then + cat $OUTPUT + fi + if [ $umaskset = "no" ] ; then + printf "\tRoot sh startup files do not set the umask.\n" + fi +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_sensors --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_sensors Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,56 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +if [ -x /usr/bin/sensors ]; then + if [ ! -n "$(sensors -s 2>&1)" ]; then + result=`sensors 2>&1` + echo "$result" + if echo "$result" |grep -q "ALARM"; then + echo "" + echo "** WARNING: One or more sensors show ALARM! **" + fi + fi +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_setid --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_setid Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,91 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005-2007 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +backup_dir=/var/cache/sscs +mkdir -p "$backup_dir" + +CURR=${backup_dir}/setid.current +BACK=${backup_dir}/setid.backup +TMP1=$SECUREDIR/tmp1 +TMP2=$SECUREDIR/tmp2 +TMP3=$SECUREDIR/tmp3 +FSS=`egrep ^\/dev\/ /etc/mtab | awk '{ print $2 }'` + + +if [ ! -f $CURR ]; then + # No database, install new database + find $FSS \( -mount \( -perm -u+s -a ! -type d \) -o \( -perm -g+s -a ! -type d \) \) -print0 | \ + xargs -0 /bin/ls -ld --full-time | sort -k9 > $CURR + exit +fi + +# Database is present, create temp database +# +find $FSS \( -mount \( -perm -u+s -a ! -type d \) -o \( -perm -g+s -a ! -type d \) \) -print0 | \ + xargs -0 /bin/ls -ld --full-time | sort -k9 > $TMP1 +changed=0 + +diff $TMP1 $CURR > $TMP2 +if [ -s $TMP2 ]; then + egrep '>' $TMP2 > $TMP3 + if [ -s $TMP3 ]; then + printf "\nOld or updated setuid or setgid files:\n" + cat $TMP3 | tr '>' ' ' + fi + egrep '<' $TMP2 > $TMP3 + if [ -s $TMP3 ]; then + printf "\nNew or updated setuid or setgid files:\n" + cat $TMP3 | tr '<' ' ' + fi + changed=1 +fi + + +# If changes were seen, update the database +# +if [ "$changed" == "1" ]; then + cat $CURR > $BACK + cat $TMP1 > $CURR +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_smart --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_smart Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,63 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +TMP=$SECUREDIR/tmp + +if [ -x /usr/sbin/smartctl ] && [ -f /etc/smartd.conf ]; then + kill -0 `pidof /usr/sbin/smartd` 2>/dev/null + if [ "$?" != "0" ]; then + printf "\nWarning: smartd is not running.\n" + fi + + DISKS=`egrep '^[^#]*(dev)' /etc/smartd.conf | awk '{ print $1 }'` + for f in $DISKS ; do + # /usr/sbin/smartctl -H -i -l error -l selftest $f + /usr/sbin/smartctl -q errorsonly -H -l error $f > $TMP + if [ -s $TMP ]; then + printf "\nS.M.A.R.T. error information for disk %s\n\n" $f + cat $TMP + fi + done +fi + diff -r 000000000000 -r fe3130d22800 security.d/chk_uptime --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security.d/chk_uptime Wed Jan 14 21:12:35 2009 +0100 @@ -0,0 +1,47 @@ +#!/bin/bash +# +# $Id$ +# +############################################################################# +# Copyright (C) 2005 +# +# Michiel Broek +# Beekmansbos 10 +# 1971 BV IJmuiden +# the Netherlands +# +# This file is part of SlackSecCheckSripts. +# +# This package is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# SlackSecCheckSripts is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with MBSE BBS; see the file COPYING. If not, write to the Free +# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +############################################################################# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +umask 077 +TZ=UTC; export TZ +LANG=C; export LANG + +SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 + +trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE + +if ! cd "$SECUREDIR"; then + echo "Can not cd to $SECUREDIR". + exit 1 +fi + +printf "\nUptime: " +uptime +