version 1.16, 1997/02/14 08:52:05 |
version 1.17, 1997/03/10 09:45:58 |
Line 38 MP=/etc/master.passwd |
|
Line 38 MP=/etc/master.passwd |
|
awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 > $TMP1 |
awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 > $TMP1 |
|
|
# Check the master password file syntax. |
# Check the master password file syntax. |
if [ X"$check_passwd" = XYES ]; then |
if [ "$check_passwd" = YES ]; then |
awk -F: '{ |
awk -F: '{ |
if ($0 ~ /^[ ]*$/) { |
if ($0 ~ /^[ ]*$/) { |
printf("Line %d is a blank line.\n", NR); |
printf("Line %d is a blank line.\n", NR); |
|
|
fi |
fi |
|
|
# Check the group file syntax. |
# Check the group file syntax. |
if [ X"$check_group" = XYES ]; then |
if [ "$check_group" = YES ]; then |
GRP=/etc/group |
GRP=/etc/group |
awk -F: '{ |
awk -F: '{ |
if ($0 ~ /^[ ]*$/) { |
if ($0 ~ /^[ ]*$/) { |
|
|
# The check for the root paths is problematical -- it's likely to fail |
# The check for the root paths is problematical -- it's likely to fail |
# in other environments. Once the shells have been modified to warn |
# in other environments. Once the shells have been modified to warn |
# of '.' in the path, the path tests should go away. |
# of '.' in the path, the path tests should go away. |
if [ X"$check_rootdotfiles" = XYES ]; then |
if [ "$check_rootdotfiles" = YES ]; then |
cp /dev/null $OUTPUT |
cp /dev/null $OUTPUT |
rhome=`csh -fc "echo ~root"` |
rhome=`csh -fc "echo ~root"` |
umaskset=no |
umaskset=no |
|
|
fi |
fi |
|
|
# Root and uucp should both be in /etc/ftpusers. |
# Root and uucp should both be in /etc/ftpusers. |
if [ X"$check_ftpusers" = XYES ]; then |
if [ "$check_ftpusers" = YES ]; then |
if egrep root /etc/ftpusers > /dev/null ; then |
if egrep root /etc/ftpusers > /dev/null ; then |
: |
: |
else |
else |
Line 235 if [ X"$check_ftpusers" = XYES ]; then |
|
Line 235 if [ X"$check_ftpusers" = XYES ]; then |
|
fi |
fi |
|
|
# Uudecode should not be in the /etc/aliases file. |
# Uudecode should not be in the /etc/aliases file. |
if [ X"$check_aliases" = XYES ]; then |
if [ "$check_aliases" = YES ]; then |
if egrep 'uudecode|decode' /etc/aliases; then |
if egrep 'uudecode|decode' /etc/aliases; then |
printf "\nThere is an entry for uudecode in the /etc/aliases file.\n" |
printf "\nThere is an entry for uudecode in the /etc/aliases file.\n" |
fi |
fi |
fi |
fi |
|
|
# Files that should not have + signs. |
# Files that should not have + signs. |
if [ X"$check_rhosts" = XYES ]; then |
if [ "$check_rhosts" = YES ]; then |
list="/etc/hosts.equiv /etc/hosts.lpd" |
list="/etc/hosts.equiv /etc/hosts.lpd" |
for f in $list ; do |
for f in $list ; do |
if [ -f $f ] && egrep '\+' $f > /dev/null ; then |
if [ -f $f ] && egrep '\+' $f > /dev/null ; then |
|
|
|
|
# Check home directories. Directories should not be owned by someone else |
# Check home directories. Directories should not be owned by someone else |
# or writeable. |
# or writeable. |
if [ X"$check_homes" = XYES ]; then |
if [ "$check_homes" = YES ]; then |
awk -F: '{ print $1 " " $9 }' /etc/master.passwd | \ |
awk -F: '{ print $1 " " $9 }' /etc/master.passwd | \ |
while read uid homedir; do |
while read uid homedir; do |
if [ -d ${homedir}/ ] ; then |
if [ -d ${homedir}/ ] ; then |
Line 347 if [ X"$check_homes" = XYES ]; then |
|
Line 347 if [ X"$check_homes" = XYES ]; then |
|
fi |
fi |
|
|
# Mailboxes should be owned by user and unreadable. |
# Mailboxes should be owned by user and unreadable. |
if [ X"$check_varmail" = XYES ]; then |
if [ "$check_varmail" = YES ]; then |
ls -l /var/mail | sed 1d | \ |
ls -l /var/mail | sed 1d | \ |
awk '$3 != $9 \ |
awk '$3 != $9 \ |
{ print "user " $9 " mailbox is owned by " $3 } |
{ print "user " $9 " mailbox is owned by " $3 } |
Line 359 if [ X"$check_varmail" = XYES ]; then |
|
Line 359 if [ X"$check_varmail" = XYES ]; then |
|
fi |
fi |
fi |
fi |
|
|
if [ X"$check_nfs" = XYES ]; then |
if [ "$check_nfs" = YES ]; then |
if [ -f /etc/exports ]; then |
if [ -f /etc/exports ]; then |
# File systems should not be globally exported. |
# File systems should not be globally exported. |
awk '{ |
awk '{ |
Line 383 if [ X"$check_nfs" = XYES ]; then |
|
Line 383 if [ X"$check_nfs" = XYES ]; then |
|
fi |
fi |
|
|
# Display any changes in setuid files and devices. |
# Display any changes in setuid files and devices. |
if [ X"$check_devices" = XYES ]; then |
if [ "$check_devices" = YES ]; then |
printf "\nChecking setuid files and devices:\n" |
printf "\nChecking setuid files and devices:\n" |
(find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \ |
(find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \ |
-o -fstype procfs \) -a -prune -o \ |
-o -fstype procfs \) -a -prune -o \ |
|
|
# the hacker can modify the tree specification to match the replaced binary. |
# the hacker can modify the tree specification to match the replaced binary. |
# For details on really protecting yourself against modified binaries, see |
# For details on really protecting yourself against modified binaries, see |
# the mtree(8) manual page. |
# the mtree(8) manual page. |
if [ X"$check_mtree" = XYES ]; then |
if [ "$check_mtree" = YES ]; then |
mtree -e -p / -f /etc/mtree/special > $OUTPUT |
mtree -e -p / -f /etc/mtree/special > $OUTPUT |
if [ -s $OUTPUT ]; then |
if [ -s $OUTPUT ]; then |
printf "\nChecking special files and directories.\n" |
printf "\nChecking special files and directories.\n" |
|
|
# List of files that get backed up and checked for any modifications. Each |
# List of files that get backed up and checked for any modifications. Each |
# file is expected to have two backups, /var/backups/file.{current,backup}. |
# file is expected to have two backups, /var/backups/file.{current,backup}. |
# Any changes cause the files to rotate. |
# Any changes cause the files to rotate. |
if [ X"$check_changelist" = XYES -a -s /etc/changelist ] ; then |
if [ "$check_changelist" = YES ] && [ -s /etc/changelist ] ; then |
for file in `cat /etc/changelist`; do |
for file in `cat /etc/changelist`; do |
CUR=/var/backups/`basename $file`.current |
CUR=/var/backups/`basename $file`.current |
BACK=/var/backups/`basename $file`.backup |
BACK=/var/backups/`basename $file`.backup |