version 1.39, 2000/10/06 17:35:30 |
version 1.40, 2000/10/18 16:45:27 |
|
|
if (system("test -s /etc/skeykeys && grep -q \"^"$1" \" /etc/skeykeys") == 0) |
if (system("test -s /etc/skeykeys && grep -q \"^"$1" \" /etc/skeykeys") == 0) |
printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); |
printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); |
if (system("test -d "$9" -a ! -r "$9"") == 0) |
if (system("test -d "$9" -a ! -r "$9"") == 0) |
printf("Login %s if off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); |
printf("Login %s is off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); |
else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) |
else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) |
printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); |
printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); |
} |
} |
|
|
printf("Login %s has a negative group ID.\n", $1); |
printf("Login %s has a negative group ID.\n", $1); |
}' < $MP > $OUTPUT |
}' < $MP > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "\nChecking the $MP file:\n" |
printf "\nChecking the %s file:\n" "$MP" |
cat $OUTPUT |
cat $OUTPUT |
fi |
fi |
|
|
awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT |
awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "\n$MP has duplicate user names.\n" |
printf "\n%s has duplicate user names.\n" "$MP" |
column $OUTPUT |
column $OUTPUT |
fi |
fi |
|
|
awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | |
awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | |
uniq -d -f 1 | awk '{ print $2 }' > $TMP2 |
uniq -d -f 1 | awk '{ print $2 }' > $TMP2 |
if [ -s $TMP2 ] ; then |
if [ -s $TMP2 ] ; then |
printf "\n$MP has duplicate user ID's.\n" |
printf "\n%s has duplicate user ID's.\n" "$MP" |
while read uid; do |
while read uid; do |
grep -w $uid $TMP1 |
grep -w $uid $TMP1 |
done < $TMP2 | column |
done < $TMP2 | column |
|
|
printf("Login %s has a negative group ID.\n", $1); |
printf("Login %s has a negative group ID.\n", $1); |
}' < $GRP > $OUTPUT |
}' < $GRP > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "\nChecking the $GRP file:\n" |
printf "\nChecking the %s file:\n" "$GRP" |
cat $OUTPUT |
cat $OUTPUT |
fi |
fi |
|
|
awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT |
awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "\n$GRP has duplicate group names.\n" |
printf "\n%s has duplicate group names.\n" "$GRP" |
column $OUTPUT |
column $OUTPUT |
fi |
fi |
|
|
|
|
fi |
fi |
done |
done |
if [ $umaskset = "no" -o -s $OUTPUT ] ; then |
if [ $umaskset = "no" -o -s $OUTPUT ] ; then |
printf "\nChecking root csh paths, umask values:\n$list\n" |
printf "\nChecking root csh paths, umask values:\n%s\n" "$list" |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
cat $OUTPUT |
cat $OUTPUT |
fi |
fi |
|
|
fi |
fi |
done |
done |
if [ $umaskset = "no" -o -s $OUTPUT ] ; then |
if [ $umaskset = "no" -o -s $OUTPUT ] ; then |
printf "\nChecking root sh paths, umask values:\n$list\n" |
printf "\nChecking root sh paths, umask values:\n%s\n" "$list" |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
cat $OUTPUT |
cat $OUTPUT |
fi |
fi |
|
|
done |
done |
) |
) |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "\nChecking root ksh paths, umask values:\n$list\n" |
printf "\nChecking root ksh paths, umask values:\n%s\n" "$list" |
cat $OUTPUT |
cat $OUTPUT |
fi |
fi |
|
|
|
|
# Root owned .rhosts/.shosts files are ok. |
# Root owned .rhosts/.shosts files are ok. |
if [ -s ${homedir}/$j -a ! -O ${homedir}/$j ] ; then |
if [ -s ${homedir}/$j -a ! -O ${homedir}/$j ] ; then |
rhost=`ls -ldgT ${homedir}/$j` |
rhost=`ls -ldgT ${homedir}/$j` |
printf "$uid: $rhost\n" |
printf "%s: %s\n" "$uid" "$rhost" |
fi |
fi |
done |
done |
done > $OUTPUT |
done > $OUTPUT |
|
|
while read uid homedir; do |
while read uid homedir; do |
if [ -d ${homedir}/ ] ; then |
if [ -d ${homedir}/ ] ; then |
file=`ls -ldgT ${homedir}` |
file=`ls -ldgT ${homedir}` |
printf "$uid $file\n" |
printf "%s %s\n" "$uid" "$file" |
fi |
fi |
done | |
done | |
awk '$1 != $4 && $4 != "root" \ |
awk '$1 != $4 && $4 != "root" \ |
|
|
for f in $list ; do |
for f in $list ; do |
file=${homedir}/${f} |
file=${homedir}/${f} |
if [ -f $file ] ; then |
if [ -f $file ] ; then |
printf "$uid $f `ls -ldgT $file`\n" |
printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" |
fi |
fi |
done |
done |
done | |
done | |
|
|
for f in $list ; do |
for f in $list ; do |
file=${homedir}/${f} |
file=${homedir}/${f} |
if [ -f $file ] ; then |
if [ -f $file ] ; then |
printf "$uid $f `ls -ldgT $file`\n" |
printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" |
fi |
fi |
done |
done |
done | |
done | |
|
|
|
|
# Display any errors that occurred during system file walk. |
# Display any errors that occurred during system file walk. |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "${pending}Setuid/device find errors:\n" |
printf "%sSetuid/device find errors:\n" "$pending" |
pending= |
pending= |
cat $OUTPUT |
cat $OUTPUT |
printf "\n" |
printf "\n" |
|
|
if [ -s $TMP1 ] ; then |
if [ -s $TMP1 ] ; then |
# Check to make sure uudecode isn't setuid. |
# Check to make sure uudecode isn't setuid. |
if grep -w uudecode $TMP1 > /dev/null ; then |
if grep -w uudecode $TMP1 > /dev/null ; then |
printf "${pending}\nUudecode is setuid.\n" |
printf "%s\nUudecode is setuid.\n" "$pending" |
pending= |
pending= |
fi |
fi |
|
|
|
|
> $TMP2 |
> $TMP2 |
join -110 -210 -v2 $CUR $TMP1 > $OUTPUT |
join -110 -210 -v2 $CUR $TMP1 > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "${pending}Setuid additions:\n" |
printf "%sSetuid additions:\n" "$pending" |
pending= |
pending= |
tee -a $TMP2 < $OUTPUT |
tee -a $TMP2 < $OUTPUT |
printf "\n" |
printf "\n" |
|
|
|
|
join -110 -210 -v1 $CUR $TMP1 > $OUTPUT |
join -110 -210 -v1 $CUR $TMP1 > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "${pending}Setuid deletions:\n" |
printf "%sSetuid deletions:\n" "$pending" |
pending= |
pending= |
tee -a $TMP2 < $OUTPUT |
tee -a $TMP2 < $OUTPUT |
printf "\n" |
printf "\n" |
|
|
sort +9 $TMP2 $CUR $TMP1 | \ |
sort +9 $TMP2 $CUR $TMP1 | \ |
sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT |
sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT |
if [ -s $OUTPUT ] ; then |
if [ -s $OUTPUT ] ; then |
printf "${pending}Setuid changes:\n" |
printf "%sSetuid changes:\n" "$pending" |
pending= |
pending= |
column -t $OUTPUT |
column -t $OUTPUT |
printf "\n" |
printf "\n" |
|
|
cp $TMP1 $CUR |
cp $TMP1 $CUR |
fi |
fi |
else |
else |
printf "${pending}Setuid additions:\n" |
printf "%sSetuid additions:\n" "$pending" |
pending= |
pending= |
column -t $TMP1 |
column -t $TMP1 |
printf "\n" |
printf "\n" |
|
|
tree=`sed -n -e '3s/.* //p' -e 3q $file` |
tree=`sed -n -e '3s/.* //p' -e 3q $file` |
mtree -f $file -p $tree > $TMP1 |
mtree -f $file -p $tree > $TMP1 |
if [ -s $TMP1 ] ; then |
if [ -s $TMP1 ] ; then |
printf "\nChecking $tree:\n" >> $OUTPUT |
printf "\nChecking %s:\n" "$tree" >> $OUTPUT |
cat $TMP1 >> $OUTPUT |
cat $TMP1 >> $OUTPUT |
fi |
fi |
done |
done |