[BACK]Return to security CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/etc/security between version 1.16 and 1.17

version 1.16, 1997/02/14 08:52:05 version 1.17, 1997/03/10 09:45:58
Line 38  MP=/etc/master.passwd
Line 38  MP=/etc/master.passwd
 awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 > $TMP1  awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 > $TMP1
   
 # Check the master password file syntax.  # Check the master password file syntax.
 if [ X"$check_passwd" = XYES ]; then  if [ "$check_passwd" = YES ]; then
         awk -F: '{          awk -F: '{
                 if ($0 ~ /^[     ]*$/) {                  if ($0 ~ /^[     ]*$/) {
                         printf("Line %d is a blank line.\n", NR);                          printf("Line %d is a blank line.\n", NR);
Line 100  else
Line 100  else
 fi  fi
   
 # Check the group file syntax.  # Check the group file syntax.
 if [ X"$check_group" = XYES ]; then  if [ "$check_group" = YES ]; then
         GRP=/etc/group          GRP=/etc/group
         awk -F: '{          awk -F: '{
                 if ($0 ~ /^[     ]*$/) {                  if ($0 ~ /^[     ]*$/) {
Line 132  fi
Line 132  fi
 # The check for the root paths is problematical -- it's likely to fail  # The check for the root paths is problematical -- it's likely to fail
 # in other environments.  Once the shells have been modified to warn  # in other environments.  Once the shells have been modified to warn
 # of '.' in the path, the path tests should go away.  # of '.' in the path, the path tests should go away.
 if [ X"$check_rootdotfiles" = XYES ]; then  if [ "$check_rootdotfiles" = YES ]; then
         cp /dev/null $OUTPUT          cp /dev/null $OUTPUT
         rhome=`csh -fc "echo ~root"`          rhome=`csh -fc "echo ~root"`
         umaskset=no          umaskset=no
Line 221  end-of-sh
Line 221  end-of-sh
 fi  fi
   
 # Root and uucp should both be in /etc/ftpusers.  # Root and uucp should both be in /etc/ftpusers.
 if [ X"$check_ftpusers" = XYES ]; then  if [ "$check_ftpusers" = YES ]; then
         if egrep root /etc/ftpusers > /dev/null ; then          if egrep root /etc/ftpusers > /dev/null ; then
                 :                  :
         else          else
Line 235  if [ X"$check_ftpusers" = XYES ]; then
Line 235  if [ X"$check_ftpusers" = XYES ]; then
 fi  fi
   
 # Uudecode should not be in the /etc/aliases file.  # Uudecode should not be in the /etc/aliases file.
 if [ X"$check_aliases" = XYES ]; then  if [ "$check_aliases" = YES ]; then
         if egrep 'uudecode|decode' /etc/aliases; then          if egrep 'uudecode|decode' /etc/aliases; then
                 printf "\nThere is an entry for uudecode in the /etc/aliases file.\n"                  printf "\nThere is an entry for uudecode in the /etc/aliases file.\n"
         fi          fi
 fi  fi
   
 # Files that should not have + signs.  # Files that should not have + signs.
 if [ X"$check_rhosts" = XYES ]; then  if [ "$check_rhosts" = YES ]; then
         list="/etc/hosts.equiv /etc/hosts.lpd"          list="/etc/hosts.equiv /etc/hosts.lpd"
         for f in $list ; do          for f in $list ; do
                 if [ -f $f ] && egrep '\+' $f > /dev/null ; then                  if [ -f $f ] && egrep '\+' $f > /dev/null ; then
Line 281  fi
Line 281  fi
   
 # Check home directories.  Directories should not be owned by someone else  # Check home directories.  Directories should not be owned by someone else
 # or writeable.  # or writeable.
 if [ X"$check_homes" = XYES ]; then  if [ "$check_homes" = YES ]; then
         awk -F: '{ print $1 " " $9 }' /etc/master.passwd | \          awk -F: '{ print $1 " " $9 }' /etc/master.passwd | \
         while read uid homedir; do          while read uid homedir; do
                 if [ -d ${homedir}/ ] ; then                  if [ -d ${homedir}/ ] ; then
Line 347  if [ X"$check_homes" = XYES ]; then
Line 347  if [ X"$check_homes" = XYES ]; then
 fi  fi
   
 # Mailboxes should be owned by user and unreadable.  # Mailboxes should be owned by user and unreadable.
 if [ X"$check_varmail" = XYES ]; then  if [ "$check_varmail" = YES ]; then
         ls -l /var/mail | sed 1d | \          ls -l /var/mail | sed 1d | \
         awk '$3 != $9 \          awk '$3 != $9 \
                 { print "user " $9 " mailbox is owned by " $3 }                  { print "user " $9 " mailbox is owned by " $3 }
Line 359  if [ X"$check_varmail" = XYES ]; then
Line 359  if [ X"$check_varmail" = XYES ]; then
         fi          fi
 fi  fi
   
 if [ X"$check_nfs" = XYES ]; then  if [ "$check_nfs" = YES ]; then
         if [ -f /etc/exports ]; then          if [ -f /etc/exports ]; then
             # File systems should not be globally exported.              # File systems should not be globally exported.
             awk '{              awk '{
Line 383  if [ X"$check_nfs" = XYES ]; then
Line 383  if [ X"$check_nfs" = XYES ]; then
 fi  fi
   
 # Display any changes in setuid files and devices.  # Display any changes in setuid files and devices.
 if [ X"$check_devices" = XYES ]; then  if [ "$check_devices" = YES ]; then
         printf "\nChecking setuid files and devices:\n"          printf "\nChecking setuid files and devices:\n"
         (find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \          (find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \
                         -o -fstype procfs \) -a -prune -o \                          -o -fstype procfs \) -a -prune -o \
Line 529  fi
Line 529  fi
 # the hacker can modify the tree specification to match the replaced binary.  # the hacker can modify the tree specification to match the replaced binary.
 # For details on really protecting yourself against modified binaries, see  # For details on really protecting yourself against modified binaries, see
 # the mtree(8) manual page.  # the mtree(8) manual page.
 if [ X"$check_mtree" = XYES ]; then  if [ "$check_mtree" = YES ]; then
         mtree -e -p / -f /etc/mtree/special > $OUTPUT          mtree -e -p / -f /etc/mtree/special > $OUTPUT
         if [ -s $OUTPUT ]; then          if [ -s $OUTPUT ]; then
                 printf "\nChecking special files and directories.\n"                  printf "\nChecking special files and directories.\n"
Line 555  fi
Line 555  fi
 # List of files that get backed up and checked for any modifications.  Each  # List of files that get backed up and checked for any modifications.  Each
 # file is expected to have two backups, /var/backups/file.{current,backup}.  # file is expected to have two backups, /var/backups/file.{current,backup}.
 # Any changes cause the files to rotate.  # Any changes cause the files to rotate.
 if [ X"$check_changelist" = XYES -a -s /etc/changelist ] ; then  if [ "$check_changelist" = YES ] && [ -s /etc/changelist ] ; then
         for file in `cat /etc/changelist`; do          for file in `cat /etc/changelist`; do
                 CUR=/var/backups/`basename $file`.current                  CUR=/var/backups/`basename $file`.current
                 BACK=/var/backups/`basename $file`.backup                  BACK=/var/backups/`basename $file`.backup
Legend:
Removed from v.1.16  
changed lines
  Added in v.1.17
CVSweb <webmaster@jp.NetBSD.org>