| version 1.10, 1996/09/20 20:35:37 |
version 1.11, 1996/10/22 07:58:30 |
|
|
| if [ -f /etc/exports ]; then |
if [ -f /etc/exports ]; then |
| # File systems should not be globally exported. |
# File systems should not be globally exported. |
| awk '{ |
awk '{ |
| |
if ($1 ~ /^#/) |
| |
next; |
| readonly = 0; |
readonly = 0; |
| for (i = 2; i <= NF; ++i) { |
for (i = 2; i <= NF; ++i) { |
| if ($i ~ /-ro/) |
if ($i ~ /-ro/) |
|
|
| pending="\nChecking setuid/setgid files and devices:\n" |
pending="\nChecking setuid/setgid files and devices:\n" |
| (find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \ |
(find / \( ! -fstype local -o -fstype fdesc -o -fstype kernfs \ |
| -o -fstype procfs \) -a -prune -o \ |
-o -fstype procfs \) -a -prune -o \ |
| -type f -a \( -perm -u+s -o -perm -g+s \) -print -o \ |
-type f -a \( -perm -u+s -o -perm -g+s \) -ls -o \ |
| ! -type d -a ! -type f -a ! -type l -a ! -type s -ls | \ |
! -type d -a ! -type f -a ! -type l -a ! -type s -ls | \ |
| sort > $LIST) 2> $OUTPUT |
sort > $LIST) 2> $OUTPUT |
| |
|
|
|
| fi |
fi |
| |
|
| # Display any changes in the setuid file list. |
# Display any changes in the setuid file list. |
| egrep -v '^[bc]' $LIST > $TMP1 |
egrep -v '^[0-9]+ +[0-9]+ +[bc]' $LIST > $TMP1 |
| if [ -s $TMP1 ] ; then |
if [ -s $TMP1 ] ; then |
| # Check to make sure uudecode isn't setuid. |
# Check to make sure uudecode isn't setuid. |
| if grep -w uudecode $TMP1 > /dev/null ; then |
if grep -w uudecode $TMP1 > /dev/null ; then |
|
|
| : |
: |
| else |
else |
| > $TMP2 |
> $TMP2 |
| join -110 -210 -v2 $CUR $TMP1 > $OUTPUT |
join -112 -212 -v2 $CUR $TMP1 > $OUTPUT |
| if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
| printf "${pending}Setuid additions:\n" |
printf "${pending}Setuid additions:\n" |
| pending= |
pending= |
|
|
| printf "\n" |
printf "\n" |
| fi |
fi |
| |
|
| join -110 -210 -v1 $CUR $TMP1 > $OUTPUT |
join -112 -212 -v1 $CUR $TMP1 > $OUTPUT |
| if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
| printf "${pending}Setuid deletions:\n" |
printf "${pending}Setuid deletions:\n" |
| pending= |
pending= |
|
|
| printf "\n" |
printf "\n" |
| fi |
fi |
| |
|
| sort +9 $TMP2 $CUR $TMP1 | \ |
sort +11 $TMP2 $CUR $TMP1 | \ |
| sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT |
sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT |
| if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
| printf "${pending}Setuid changes:\n" |
printf "${pending}Setuid changes:\n" |
|
|
| >$TMP1 |
>$TMP1 |
| DISKLIST="dk fd hd hk hp jb kra ra rb rd rl rx xd rz sd up wd vnd ccd" |
DISKLIST="dk fd hd hk hp jb kra ra rb rd rl rx xd rz sd up wd vnd ccd" |
| for i in $DISKLIST; do |
for i in $DISKLIST; do |
| egrep "^b.*/${i}[0-9][0-9]*[a-h]$" $LIST >> $TMP1 |
egrep "^b.*/${i}[0-9][0-9]*[a-p]$" $LIST >> $TMP1 |
| egrep "^c.*/r${i}[0-9][0-9]*[a-h]$" $LIST >> $TMP1 |
egrep "^c.*/r${i}[0-9][0-9]*[a-p]$" $LIST >> $TMP1 |
| done |
done |
| |
|
| awk '$3 != "root" || $4 != "operator" || $1 !~ /.rw-r-----/ \ |
awk '$3 != "root" || $4 != "operator" || $1 !~ /.rw-r-----/ \ |
![[BACK]](/icons/back.gif){kind=icon}
Return to security CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc