Initial revision

Sat, 31 Mar 2007 13:32:06 +0200

author
mbse
date
Sat, 31 Mar 2007 13:32:06 +0200
changeset 0
8ba6a0e2d2ca
child 1
f9abaff2e026
child 2
52cf4d58816d

Initial revision

cron.daily/security file | annotate | diff | comparison | revisions
security.d/chk_aliases file | annotate | diff | comparison | revisions
security.d/chk_dev file | annotate | diff | comparison | revisions
security.d/chk_exports file | annotate | diff | comparison | revisions
security.d/chk_group file | annotate | diff | comparison | revisions
security.d/chk_homedirs file | annotate | diff | comparison | revisions
security.d/chk_homespace file | annotate | diff | comparison | revisions
security.d/chk_logs file | annotate | diff | comparison | revisions
security.d/chk_mailbox file | annotate | diff | comparison | revisions
security.d/chk_mailqueue file | annotate | diff | comparison | revisions
security.d/chk_passwd file | annotate | diff | comparison | revisions
security.d/chk_pkgs file | annotate | diff | comparison | revisions
security.d/chk_plussigns file | annotate | diff | comparison | revisions
security.d/chk_rootdotfiles file | annotate | diff | comparison | revisions
security.d/chk_setid file | annotate | diff | comparison | revisions
security.d/chk_smart file | annotate | diff | comparison | revisions
security.d/chk_uptime file | annotate | diff | comparison | revisions
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cron.daily/security	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,74 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+umask 077
+LANG=C; export LANG
+
+fqdn=`hostname -f`
+date=`date`
+
+if [ "${MAILTO}" = "" ]; then
+    MAILTO=root@$fqdn
+fi
+
+DAILYDIR=`mktemp -d /tmp/_daily.XXXXXX` || exit 1
+SECOUT="$DAILYDIR/secout"
+TMP1="$DAILYDIR/tmp1"
+
+trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
+
+if ! cd "$DAILYDIR"; then
+    echo "Can not cd to $DAILYDIR".
+    exit 1
+fi
+
+
+# Check chk_* scripts in /etc/security.d which are executable
+# and run them. Any script output is appended to the report
+#
+for f in `/bin/ls /etc/security.d/chk_*`
+do
+    if [ -x $f ]; then
+	rm -f $TMP1
+	$f > $TMP1
+	if [ -s $TMP1 ]; then
+	    cat $TMP1 >> $SECOUT
+	    echo "" >> $SECOUT
+	    echo "------------------------------------------------------------------------------" >> $SECOUT
+	fi
+    fi
+done
+
+
+if [ ! -s "$SECOUT" ]; then
+    echo "Nothing to report on $date" > $SECOUT
+fi
+env MAILRC=/dev/null mail -s "$fqdn daily insecurity output for $date" $MAILTO < $SECOUT
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_aliases	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+OUTPUT=secure1.$$
+
+
+# Uudecode should not be in the /etc/mail/aliases file.
+#
+for f in /etc/mail/aliases /etc/aliases /etc/postfix/aliases; do
+    if [ -f $f ]; then
+	egrep '^[^#]*(uudecode)' $f >> $OUTPUT
+    fi
+done
+if [ -s $OUTPUT ] ; then
+    printf "\nUnwanted entries in the aliases file:\n"
+    cat $OUTPUT
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_dev	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,87 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2006-2007
+#   
+# Michiel Broek               <mbse@mbse.eu>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+backup_dir=/var/cache/sscs
+mkdir -p "$backup_dir"
+
+CURR=${backup_dir}/dev.current
+BACK=${backup_dir}/dev.backup
+TMP1=$SECUREDIR/tmp1
+TMP2=$SECUREDIR/tmp2
+TMP3=$SECUREDIR/tmp3
+
+if [ ! -f $CURR ]; then
+    # No database, install new database
+    find / \( -type b -o -type c \) -print0 2>/dev/null | xargs -0 /bin/ls -ldq --full-time | sort -k10 | egrep -v ptmx > $CURR
+    exit
+fi
+
+# Database is present, create temp database
+#
+find / \( -type b -o -type c \) -print0 2>/dev/null | xargs -0 /bin/ls -ldq --full-time | sort -k10 | egrep -v ptmx > $TMP1
+changed=0
+
+diff -b $TMP1 $CURR > $TMP2
+if [ -s $TMP2 ]; then
+    egrep '>' $TMP2 > $TMP3
+    if [ -s $TMP3 ]; then
+	printf "\nOld or updated device files:\n"
+	cat $TMP3 | tr '>' ' '
+    fi
+    egrep '<' $TMP2 > $TMP3
+    if [ -s $TMP3 ]; then
+	printf "\nNew or updated device files:\n"
+	cat $TMP3 | tr '<' ' '
+    fi
+    changed=1
+fi
+
+
+# If changes were seen, update the database
+#
+if [ "$changed" == "1" ]; then
+    cat $CURR > $BACK
+    cat $TMP1 > $CURR
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_exports	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,77 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+OUTPUT=secure1.$$
+
+# NFS exports shouldn't be globally exported
+#
+if [ -f /etc/exports ]; then
+    cat /etc/exports | awk '{
+	# ignore comments and blank lines
+	if ($0 ~ /^\#/ || $0 ~ /^$/ )
+	    next;
+	readwrite = 0;
+	global = 0;
+	for (i = 2; i <= NF; ++i) {
+	    if ($i ~ /*/)
+		global = 1;
+	    if ($i ~ /rw/)
+		readwrite = 1;
+	}
+	if (global) {
+	    if (readwrite)
+		printf "\tFile system %s globally exported, read-write.\n", $1
+	    else
+		printf "\tFile system %s globally exported, read-only.\n", $1
+	}
+    }'  > $OUTPUT
+    
+    if [ -s $OUTPUT ] ; then
+	printf "\nChecking for globally exported file nfs systems.\n"
+	cat $OUTPUT
+    fi
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_group	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,81 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+max_grouplen=${max_grouplen:-16}
+OUTPUT=secure1.$$
+
+# Check group file
+#
+GRP=/etc/group
+awk -F: -v "len=$max_grouplen" '{
+    if ($0 ~ /^[     ]*$/) {
+	printf "\tLine %d is a blank line.\n", NR;
+	next;
+    }
+    if (NF != 4 && ($1 != "+" || NF != 1))
+	printf "\tLine %d has the wrong number of fields.\n", NR;
+    if ($1 == "+" )  {
+	next;
+    }
+    if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])*$/)
+	printf "\tGroup %s has non-alphanumeric characters.\n",
+	$1;
+    if (length($1) > len)
+	printf "\tGroup %s has more than "len" characters.\n", $1;
+    if ($3 !~ /[0-9]*/)
+	printf "\tLogin %s has a negative group id.\n", $1;
+}' < $GRP > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking the $GRP file:\n"
+    cat $OUTPUT
+fi
+
+awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\n\t$GRP has duplicate group names.\n"
+    column $OUTPUT
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_homedirs	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,114 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+MP=/etc/passwd
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+MPBYPATH=secure1.$$
+OUTPUT=secure2.$$
+
+
+# These are used several times.
+#
+awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH
+
+
+# Check home directories.  Directories should not be owned by someone else
+# or writeable.
+#
+while read uid homedir; do
+    if [ -d ${homedir}/ ] ; then
+	file=`/bin/ls -ld ${homedir}`
+	printf -- "$uid $file\n"
+    fi
+done < $MPBYPATH |
+awk '$1 != $4 && $4 != "root" { printf "\tuser %s home directory is owned by %s.\n", $1, $4 }
+     $2 ~ /^.....w/ { printf "\tuser %s home directory %s is group writeable.\n", $1, $10 }
+     $2 ~ /^........w/ { printf "\tuser %s home directory %s is other writeable.\n", $1, $10 }' \
+> $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking home directories.\n"
+    cat $OUTPUT
+fi
+
+# Files that should not be owned by someone else or readable.
+list=".Xauthority .netrc .ssh/id_dsa .ssh/id_rsa .ssh/identity"
+while read uid homedir; do
+    for f in $list ; do
+	file=${homedir}/${f}
+	if [ -f $file ] ; then
+	    printf -- "$uid $f `/bin/ls -ld $file`\n"
+	fi
+    done
+done < $MPBYPATH |
+awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 }
+     $3 ~ /^....r/ { printf "\tuser %s %s file is group readable.\n", $1, $2 }
+     $3 ~ /^.......r/ { printf "\tuser %s %s file is other readable.\n", $1, $2 }
+     $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 }
+     $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \
+    > $OUTPUT
+# Files that should not be owned by someone else or writeable.
+list=".bash_history .bash_login .bash_logout .bash_profile .bashrc \
+    .cshrc .emacs .exrc .forward .history .klogin .login .logout \
+    .profile .qmail .rc_history .rhosts .shosts ssh .tcshrc .twmrc \
+    .xinitrc .xsession .ssh/authorized_keys .ssh/authorized_keys2 \
+    .ssh/config .ssh/id_dsa.pub .ssh/id_rsa.pub .ssh/identity.pub \
+    .ssh/known_hosts .ssh/known_hosts2"
+while read uid homedir; do
+    for f in $list ; do
+	file=${homedir}/${f}
+	if [ -f $file ] ; then
+	    printf -- "$uid $f `/bin/ls -ld $file`\n"
+	fi
+    done
+done < $MPBYPATH |
+awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 }
+     $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 }
+     $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \
+    >> $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking dot files.\n"
+    cat $OUTPUT
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_homespace	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,69 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+MP=/etc/passwd
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+MPBYPATH=secure1.$$
+OUTPUT=secure2.$$
+
+
+# These are used several times.
+#
+awk -F: '{ print $1 " " $3 " " $6 }' $MP > $MPBYPATH
+
+
+while read name uid  homedir; do
+    if [ -d ${homedir}/ ] && [ "`expr $uid \>= 1000`" == "1" ]; then
+	USAGE=`du -s --block-size=1048576 -h $homedir | cut -f 1`
+	SPACE=`df -khTP $homedir | tail -n 1 | awk '{ print $3 }'`
+	printf -- "%-16s  %6s  %6s  $homedir\n" $name $USAGE $SPACE
+    fi
+done < $MPBYPATH > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf -- "\n        Diskspace used by users.\n\n"
+    printf -- "Username            used    size  homedirectory\n"
+    printf -- "----------------  ------  ------  -------------\n"
+    cat $OUTPUT
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_logs	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+TMP2=secure1.$$
+OUTPUT=secure4.$$
+
+egrep ' useradd\[' /var/log/secure > $TMP2
+egrep ' userdel\[' /var/log/secure >> $TMP2
+egrep ' usermod\[' /var/log/secure >> $TMP2
+egrep ' groupadd\[' /var/log/secure >> $TMP2
+egrep ' groupdel\[' /var/log/secure >> $TMP2
+egrep ' groupmod\[' /var/log/secure >> $TMP2
+egrep ' passwd\[' /var/log/secure >> $TMP2
+egrep ' sudo:' /var/log/messages >> $TMP2
+
+cat $TMP2 | sort > $OUTPUT
+
+if [ -s $OUTPUT ] ; then
+    printf "\nImportant logfile entries:\n"
+    column $OUTPUT
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_mailbox	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,64 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005-2007
+#   
+# Michiel Broek               <mbse@mbse.eu>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+OUTPUT=secure1.$$
+
+
+# Mailboxes should be owned by user and unreadable.
+#
+/bin/ls -l /var/spool/mail | \
+awk '   NR == 1 { next; }
+    $3 != $9 {
+	printf "\tUser %s mailbox is owned by %s.\n", $9, $3
+    }
+    $1 != "-rw-rw----" || $4 != "mail" {
+	printf "\tUser %s mailbox is %s, group %s.\n", $9, $1, $4
+    }' > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking mailbox ownership.\n"
+    cat $OUTPUT
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_mailqueue	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,55 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+TMP=$SECUREDIR/tmp
+
+# Check mailqueue
+#
+mailq > $TMP
+if ! grep -q "queue is empty$" $TMP; then
+    echo ""
+    echo "mail:"
+    cat $TMP
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_passwd	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,138 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+max_loginlen=${max_loginlen:-32}
+
+MP=/etc/passwd
+SP=/etc/shadow
+
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+TMP2=secure1.$$
+MPBYUID=secure2.$$
+COMBINED=secure3.$$
+OUTPUT=secure4.$$
+
+# Combine passwd and shadow files.
+#
+join -t : -j 1 $MP $SP > $COMBINED
+
+
+# These are used several times.
+#
+awk -F: '!/^+/ { print $1 " " $3 }' $MP | sort -k2n > $MPBYUID
+
+
+# Check the master password file syntax.
+# Usernames may have a $ character at the end for Samba
+# machine and trust accounts.
+#
+awk -v "len=$max_loginlen" '
+    BEGIN {
+	while ( getline < "/etc/shells" > 0 ) {
+	    if ($0 ~ /^\#/ || $0 ~ /^$/ )
+		continue;
+	    shells[$1]++;
+	}
+	FS=":";
+    }
+
+    {
+        if ($0 ~ /^[     ]*$/) {
+            printf "\tLine %d is a blank line.\n", NR;
+            next;
+        }
+        if (NF != 15 && ($1 != "+" || NF != 1))
+            printf "\tLine %d has the wrong number of fields.\n", NR;
+        if ($1 == "+" )  {
+            if (NF != 1 && $3 == 0)
+                printf "\tLine %d includes entries with uid 0.\n", NR;
+            next;
+        }
+        if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9\$])*$/)
+            printf "\tLogin %s has non-alphanumeric characters.\n", $1;
+        if (length($1) > len)
+            printf "\tLogin %s has more than "len" characters.\n", $1;
+	if ($7 == "" && $8 !~ /!/ && $8 != "*")
+	    printf "\tLogin %s does not have a shell\n", $1;
+        if ($7 != "" && ! shells[$7] && $8 !~ /!/ && $8 != "*")
+            printf "\tLogin %s does not have a valid shell (%s)\n", $1, $7;
+	if ($7 != "" && shells[$7] && ($8 ~ /!/ && $8 = "*"))
+	    printf "\tLogin %s account is locked.\n", $1;
+	if ($8 == "")
+	    printf "\tLogin %s has no password.\n", $1;
+	if ($9 == "0")
+	    printf "\tLogin %s password is expired.\n", $1;
+        if ($3 == 0 && $1 != "root" && $1 != "toor")
+            printf "\tLogin %s has a user id of 0.\n", $1;
+        if ($3 < 0)
+            printf "\tLogin %s has a negative user id.\n", $1;
+	if ($4 < 0)
+            printf "\tLogin %s has a negative group id.\n", $1;
+    }' < $COMBINED > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking the $MP and $SP files:\n"
+    cat $OUTPUT
+fi
+
+awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\n$MP has duplicate user names.\n"
+    column $OUTPUT
+fi
+
+# To not exclude 'toor', a standard duplicate root account, from the duplicate
+# account test, uncomment the line below (without egrep in it)and comment
+# out the line (with egrep in it) below it.
+#
+#< $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+< $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+if [ -s $TMP2 ] ; then
+    printf "\n$MP has duplicate user id's.\n"
+    while read uid; do
+        grep -w $uid $MPBYUID
+    done < $TMP2 | column
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_pkgs	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,91 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005-2007
+#   
+# Michiel Broek               <mbse@mbse.eu>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+backup_dir=/var/cache/sscs
+pkgdb_dir=/var/log/packages
+
+mkdir -p "$backup_dir"
+
+CURR=${backup_dir}/pkgs.current
+BACK=${backup_dir}/pkgs.backup
+TMP1=$SECUREDIR/tmp1
+TMP2=$SECUREDIR/tmp2
+
+if [ ! -f $CURR ]; then
+    # No database, install new database
+    ( cd $pkgdb_dir
+      /bin/ls -ld --full-time * | sort -k9 > $CURR
+    )
+    exit
+fi
+
+# Database is present, create temp database
+#
+( cd $pkgdb_dir
+  /bin/ls -ld --full-time * | sort -k9 > $TMP1
+)
+changed=0
+
+join -v 1 -j 9 $TMP1 $CURR > $TMP2
+if [ -s $TMP2 ]; then
+    printf "\nNew installed packages:\n"
+    cat $TMP2 | awk '{ printf "\t%s\n", $1 }'
+    changed=1
+fi
+
+join -v 1 -j 9 $CURR $TMP1 > $TMP2
+if [ -s $TMP2 ]; then
+    printf "\nRecent removed packages:\n"
+    cat $TMP2 | awk '{ printf "\t%s\n", $1 }'
+    changed=1
+fi
+
+
+# If changes were seen, update the database
+#
+if [ "$changed" == "1" ]; then
+    cat $CURR > $BACK
+    cat $TMP1 > $CURR
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_plussigns	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+MP=/etc/passwd
+SP=/etc/shadow
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+        echo "Can not cd to $SECUREDIR".
+        exit 1
+fi
+
+MPBYPATH=secure1.$$
+OUTPUT=secure2.$$
+
+# These are used several times.
+#
+awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH
+
+
+# Files that should not have + signs.
+#
+list="/etc/hosts.equiv /etc/hosts.lpd"
+for f in $list ; do
+    if [ -f $f ] && egrep '\+' $f > /dev/null ; then
+	printf "\nPlus sign in $f file.\n"
+    fi
+done
+
+# Check for special users with .rhosts files.  Only root and toor should
+# have .rhosts files.  Also, .rhosts files should not have plus signs.
+awk -F: '$1 != "root" && $1 != "toor" && ($3 < 100 || $1 == "ftp" || $1 == "uucp") \
+    { print $1 " " $6 }' $MP |
+    sort -k2 |
+    while read uid homedir; do
+	if [ -f ${homedir}/.rhosts ] ; then
+	    rhost=`/bin/ls -ldg ${homedir}/.rhosts`
+	    printf -- "$uid: $rhost\n"
+	fi
+    done > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking for special users with .rhosts files.\n"
+    cat $OUTPUT
+fi
+while read uid homedir; do
+    if [ -f ${homedir}/.rhosts -a -r ${homedir}/.rhosts ] && \
+	cat ${homedir}/.rhosts | egrep '\+' > /dev/null ; then
+	printf -- "$uid: + in .rhosts file.\n"
+    fi
+done < $MPBYPATH > $OUTPUT
+if [ -s $OUTPUT ] ; then
+    printf "\nChecking .rhosts files syntax.\n"
+    cat $OUTPUT
+fi
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_rootdotfiles	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,157 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+TMP1=secure1.$$
+OUTPUT=secure2.$$
+
+
+# Check for root paths, umask values in startup files.
+# The check for the root paths is problematical -- it's likely to fail
+# in other environments.  Once the shells have been modified to warn
+# of '.' in the path, the path tests should go away.
+#
+rhome=~root
+umaskset=no
+
+if [ -x /bin/tcsh ]; then
+    list="/etc/csh.cshrc /etc/csh.login ${rhome}/.cshrc ${rhome}/.login `/bin/ls /etc/profile.d/*.csh`"
+
+    for i in $list ; do
+	if [ -f $i ] ; then
+	    if egrep '^[^#]*(umask)' $i > /dev/null ;
+	    then
+		umaskset=yes
+	    fi
+	    # Double check the umask value itself; ensure that
+	    # both the group and other write bits are set.
+	    #
+	    egrep '^[^#]*(umask)' $i |
+		awk '{
+		    if ($2 ~ /^.$/ || $2 ~! /[^2367].$/) {
+			print "\tRoot umask is group writeable"
+		    }
+		    if ($2 ~ /[^2367]$/) {
+			print "\tRoot umask is other writeable"
+		    }
+		}' | sort -u
+	    SAVE_PATH=$PATH
+	    unset PATH
+	    /bin/csh -f -s << end-of-csh > /dev/null 2>&1
+	    source $i
+	    /bin/ls -ldgT \$path > $TMP1
+end-of-csh
+	    export PATH=$SAVE_PATH
+	    if [ -f $TMP1 ]; then
+		awk '{
+		    if ($10 ~ /^\.$/) {
+			print "\tThe root path includes .";
+			next;
+		    }
+		}
+		$1 ~ /^d....w/ \
+		    { print "\tRoot path directory " $10 " is group writeable." } \
+		$1 ~ /^d.......w/ \
+		    { print "\tRoot path directory " $10 " is other writeable." }' \
+		< $TMP1
+	    fi
+	fi
+    done > $OUTPUT
+
+    if [ $umaskset = "no" -o -s $OUTPUT ] ; then
+	printf "\nChecking root csh paths, umask values:\n$list\n\n"
+	if [ -s $OUTPUT ]; then
+	    cat $OUTPUT
+	fi
+	if [ $umaskset = "no" ] ; then
+	    printf "\tRoot csh startup files do not set the umask.\n"
+	fi
+    fi
+fi
+
+umaskset=no
+list="/etc/profile ${rhome}/.profile `/bin/ls /etc/profile.d/*.sh`"
+for i in $list; do
+    if [ -f $i ] ; then
+	if egrep '^[^#]*(umask)' $i > /dev/null ; then
+	    umaskset=yes
+	fi
+	egrep '^[^#]*(umask)' $i |
+	    awk '$2 ~ /^.$/ || $2 ~ /[^2367].$/ \
+		{ print "\tRoot umask is group writeable" } \
+		$2 ~ /[^2367]$/ \
+		{ print "\tRoot umask is other writeable" }'
+	SAVE_PATH=$PATH
+	unset PATH
+	/bin/sh << end-of-sh > /dev/null 2>&1
+	. $i
+	list=\`echo \$PATH | /usr/bin/sed -e \
+	's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g'\`
+	/bin/ls -ldgT \$list > $TMP1
+end-of-sh
+	export PATH=$SAVE_PATH
+	awk '{
+	    if ($10 ~ /^\.$/) {
+		print "\tThe root path includes .";
+		next;
+	    }
+	}
+	$1 ~ /^d....w/ \
+	    { print "\tRoot path directory " $10 " is group writeable." } \
+	$1 ~ /^d.......w/ \
+	    { print "\tRoot path directory " $10 " is other writeable." }' \
+	< $TMP1
+    fi
+done > $OUTPUT
+
+if [ $umaskset = "no" -o -s $OUTPUT ] ; then
+    printf "\nChecking root sh paths, umask values:\n$list\n"
+    if [ -s $OUTPUT ]; then
+	cat $OUTPUT
+    fi
+    if [ $umaskset = "no" ] ; then
+	printf "\tRoot sh startup files do not set the umask.\n"
+    fi
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_setid	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,91 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005-2007
+#   
+# Michiel Broek               <mbse@mbse.eu>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+backup_dir=/var/cache/sscs
+mkdir -p "$backup_dir"
+
+CURR=${backup_dir}/setid.current
+BACK=${backup_dir}/setid.backup
+TMP1=$SECUREDIR/tmp1
+TMP2=$SECUREDIR/tmp2
+TMP3=$SECUREDIR/tmp3
+FSS=`egrep ^\/dev\/ /etc/mtab | awk '{ print $2 }'`
+
+
+if [ ! -f $CURR ]; then
+    # No database, install new database
+    find $FSS \( -mount \( -perm -u+s -a ! -type d \) -o \( -perm -g+s -a ! -type d \) \) -print0 | \
+	xargs -0 /bin/ls -ld --full-time | sort -k9 > $CURR
+    exit
+fi
+
+# Database is present, create temp database
+#
+find $FSS \( -mount \( -perm -u+s -a ! -type d \) -o \( -perm -g+s -a ! -type d \) \) -print0 | \
+    xargs -0 /bin/ls -ld --full-time | sort -k9 > $TMP1
+changed=0
+
+diff $TMP1 $CURR > $TMP2
+if [ -s $TMP2 ]; then
+    egrep '>' $TMP2 > $TMP3
+    if [ -s $TMP3 ]; then
+	printf "\nOld or updated setuid or setgid files:\n"
+	cat $TMP3 | tr '>' ' '
+    fi
+    egrep '<' $TMP2 > $TMP3
+    if [ -s $TMP3 ]; then
+	printf "\nNew or updated setuid or setgid files:\n"
+	cat $TMP3 | tr '<' ' '
+    fi
+    changed=1
+fi
+
+
+# If changes were seen, update the database
+#
+if [ "$changed" == "1" ]; then
+    cat $CURR > $BACK
+    cat $TMP1 > $CURR
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_smart	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+TMP=$SECUREDIR/tmp
+
+if [ -x /usr/sbin/smartctl ] && [ -f /etc/smartd.conf ]; then
+    kill -0 `pidof /usr/sbin/smartd` 2>/dev/null
+    if [ "$?" != "0" ]; then
+	printf "\nWarning: smartd is not running.\n"
+    fi
+
+    DISKS=`egrep '^[^#]*(dev)' /etc/smartd.conf | awk '{ print $1 }'`
+    for f in $DISKS ; do
+	# /usr/sbin/smartctl -H -i -l error -l selftest $f
+	/usr/sbin/smartctl -q errorsonly -H -l error $f > $TMP
+	if [ -s $TMP ]; then
+	    printf "\nS.M.A.R.T. error information for disk %s\n\n" $f
+	    cat $TMP
+	fi
+    done
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.d/chk_uptime	Sat Mar 31 13:32:06 2007 +0200
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# $Id$
+#
+#############################################################################
+# Copyright (C) 2005
+#   
+# Michiel Broek               <mbse@mbse.dds.nl>
+# Beekmansbos 10
+# 1971 BV IJmuiden
+# the Netherlands
+#
+# This file is part of SlackSecCheckSripts.
+#
+# This package is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2, or (at your option) any
+# later version.
+#
+# SlackSecCheckSripts is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with MBSE BBS; see the file COPYING.  If not, write to the Free
+# Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+#############################################################################
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+umask 077
+TZ=UTC; export TZ
+LANG=C; export LANG
+
+SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1
+
+trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
+
+if ! cd "$SECUREDIR"; then
+    echo "Can not cd to $SECUREDIR".
+    exit 1
+fi
+
+printf "\nUptime: "
+uptime
+

mercurial