HardenedBSD/etc/security
Rodney W. Grimes 352c89cfb5 Reworked the search for suid sgid programs to be more like the original and
only to run find on local file systems.  It now works and no longer gets
the error from sort
1993-10-25 20:13:16 +00:00

53 lines
1.2 KiB
Bash

#!/bin/sh -
#
# @(#)security 5.3 (Berkeley) 5/28/91
# $Id: security,v 1.3 1993/09/06 23:12:04 rgrimes Exp $
#
PATH=/sbin:/bin:/usr/bin
host=`hostname -s`
echo "Subject: $host security check output"
LOG=/var/log
TMP=/tmp/_secure.$$
umask 027
echo "checking setuid files and devices:"
# don't have ncheck, but this does the equivalent of the commented out block.
# note that one of the original problem, the possibility of overrunning
# the args to ls, is still here...
#
MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $3 }'`
set $MP
ls -lgT `while test $# -ge 1; do
mount=$1
shift
find $mount -xdev -perm -u+s -or -perm -g+s | sort
done` > $TMP
#MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $1 " " $3 }'`
#set $MP
#ls -lgT `while test $# -ge 2; do
# device=$1
# shift
# mount=$1
# shift
# ncheck -s $device | sed -e "/:$/d" -e "/\/dev\//d" \
# -e "s;[^/]*;$mount;" -e "s;//;/;g" | sort
#done` > $TMP
if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
echo "$host setuid/device diffs:"
diff $LOG/setuid.today $TMP
mv $LOG/setuid.today $LOG/setuid.yesterday
mv $TMP $LOG/setuid.today
fi
rm -f $TMP
echo ""
echo ""
echo "checking for uids of 0:"
awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd