Tue, 15 Apr 2014 14:45:38 +0200
Fixed permission errors on .gvfs virtual filesystems. Bumped to version 0.21
#!/bin/bash # ############################################################################# # Copyright (C) 2005-2013 # # Michiel Broek <mbse at mbse.eu> # # This file is part of SlackSecCheckScripts. # # This package is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2, or (at your option) any # later version. # # SlackSecCheckScripts is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MBSE BBS; see the file COPYING. If not, write to the Free # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. ############################################################################# PATH=/sbin:/usr/sbin:/bin:/usr/bin umask 077 TZ=UTC; export TZ MP=/etc/passwd LANG=C; export LANG SECUREDIR=`mktemp -d /tmp/_securedir.XXXXXX` || exit 1 trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE if ! cd "$SECUREDIR"; then echo "Can not cd to $SECUREDIR". exit 1 fi MPBYPATH=secure1.$$ OUTPUT=secure2.$$ # These are used several times. # awk -F: '{ print $1 " " $6 }' $MP | sort -k2 > $MPBYPATH # Check home directories. Directories should not be owned by someone else # or writeable. # while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`/bin/ls -ld ${homedir}/` printf -- "$uid $file\n" fi done < $MPBYPATH | awk '$1 != $4 && $4 != "root" { printf "\tuser %s home directory is owned by %s.\n", $1, $4 } $2 ~ /^.....w/ { printf "\tuser %s home directory %s is group writeable.\n", $1, $10 } $2 ~ /^........w/ { printf "\tuser %s home directory %s is other writeable.\n", $1, $10 }' \ > $OUTPUT if [ -s $OUTPUT ] ; then printf "\nChecking home directories.\n" cat $OUTPUT fi # Files that should not be owned by someone else or readable. list=".Xauthority .netrc .ssh/id_dsa .ssh/id_rsa .ssh/identity" while read uid homedir; do for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then printf -- "$uid $f `/bin/ls -ld $file`\n" fi done done < $MPBYPATH | awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } $3 ~ /^....r/ { printf "\tuser %s %s file is group readable.\n", $1, $2 } $3 ~ /^.......r/ { printf "\tuser %s %s file is other readable.\n", $1, $2 } $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ > $OUTPUT # Files that should not be owned by someone else or writeable. list=".bash_history .bash_login .bash_logout .bash_profile .bashrc \ .cshrc .emacs .exrc .forward .history .klogin .login .logout \ .profile .qmail .rc_history .rhosts .shosts ssh .tcshrc .twmrc \ .xinitrc .xsession .ssh/authorized_keys .ssh/authorized_keys2 \ .ssh/config .ssh/id_dsa.pub .ssh/id_rsa.pub .ssh/identity.pub \ .ssh/known_hosts .ssh/known_hosts2" while read uid homedir; do for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then printf -- "$uid $f `/bin/ls -ld $file`\n" fi done done < $MPBYPATH | awk '$1 != $5 && $5 != "root" { printf "\tuser %s %s file is owned by %s.\n", $1, $2, $5 } $3 ~ /^.....w/ { printf "\tuser %s %s file is group writeable.\n", $1, $2 } $3 ~ /^........w/ { printf "\tuser %s %s file is other writeable.\n", $1, $2 }' \ >> $OUTPUT if [ -s $OUTPUT ] ; then printf "\nChecking dot files.\n" cat $OUTPUT fi