mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 08:52:42 +01:00
42 lines
990 B
Bash
42 lines
990 B
Bash
#!/bin/sh -
|
|
#
|
|
# @(#)security 5.3 (Berkeley) 5/28/91
|
|
# $Id: security,v 1.7 1995/01/14 13:23:50 ats Exp $
|
|
#
|
|
PATH=/sbin:/bin:/usr/bin
|
|
|
|
host=`hostname -s`
|
|
echo "Subject: $host security check output"
|
|
|
|
LOG=/var/log
|
|
TMP=/tmp/_secure.$$
|
|
|
|
umask 027
|
|
|
|
echo "checking setuid files and devices:"
|
|
|
|
# don't have ncheck, but this does the equivalent of the commented out block.
|
|
# note that one of the original problem, the possibility of overrunning
|
|
# the args to ls, is still here...
|
|
#
|
|
MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $3 }'`
|
|
set $MP
|
|
while test $# -ge 1; do
|
|
mount=$1
|
|
shift
|
|
find $mount -xdev \( -perm -u+s -or -perm -g+s \) | sort
|
|
done | xargs -n 20 ls -lgTd > $TMP
|
|
|
|
if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
|
|
echo "$host setuid/device diffs:"
|
|
diff -b $LOG/setuid.today $TMP
|
|
mv $LOG/setuid.today $LOG/setuid.yesterday
|
|
mv $TMP $LOG/setuid.today
|
|
fi
|
|
rm -f $TMP
|
|
|
|
echo ""
|
|
echo ""
|
|
echo "checking for uids of 0:"
|
|
awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
|