=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/etc/Attic/security,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/etc/Attic/security 1996/11/30 17:50:58 1.13 --- src/etc/Attic/security 1996/12/06 17:17:13 1.14 *************** *** 1,6 **** #!/bin/sh - # ! # $OpenBSD: security,v 1.13 1996/11/30 17:50:58 millert Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # --- 1,6 ---- #!/bin/sh - # ! # $OpenBSD: security,v 1.14 1996/12/06 17:17:13 millert Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # *************** *** 246,257 **** # Check for special users with .rhosts/.shosts files. Only root # should have .rhosts/.shosts files. Also, .rhosts/.shosts # files should not have plus signs. ! awk -F: '$1 != "root" && $1 !~ /^[+-].*$/ && \ ($3 < 100 || $1 == "ftp" || $1 == "uucp") \ { print $1 " " $6 }' /etc/passwd | while read uid homedir; do for j in .rhosts .shosts; do ! if [ -f ${homedir}/$j ] ; then rhost=`ls -ldgT ${homedir}/$j` printf "$uid: $rhost\n" fi --- 246,258 ---- # Check for special users with .rhosts/.shosts files. Only root # should have .rhosts/.shosts files. Also, .rhosts/.shosts # files should not have plus signs. ! awk -F: '$1 != "root" && $1 !~ /^[+-]/ && \ ($3 < 100 || $1 == "ftp" || $1 == "uucp") \ { print $1 " " $6 }' /etc/passwd | while read uid homedir; do for j in .rhosts .shosts; do ! # Root owned .rhosts/.shosts files are ok. ! if [ -f ${homedir}/$j -a ! -O ${homedir}/$j ] ; then rhost=`ls -ldgT ${homedir}/$j` printf "$uid: $rhost\n" fi *************** *** 262,268 **** cat $OUTPUT fi ! awk -F: '{ print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for j in .rhosts .shosts; do if [ -s ${homedir}/$j ] ; then --- 263,269 ---- cat $OUTPUT fi ! awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for j in .rhosts .shosts; do if [ -s ${homedir}/$j ] ; then *************** *** 283,289 **** # Check home directories. Directories should not be owned by someone else # or writeable. ! awk -F: '{ if ($1 !~ /^[+-].*$/) print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`ls -ldgT ${homedir}` --- 284,290 ---- # Check home directories. Directories should not be owned by someone else # or writeable. ! awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`ls -ldgT ${homedir}` *************** *** 303,309 **** # Files that should not be owned by someone else or readable. list=".netrc .rhosts .shosts" ! awk -F: '{ print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for f in $list ; do file=${homedir}/${f} --- 304,310 ---- # Files that should not be owned by someone else or readable. list=".netrc .rhosts .shosts" ! awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for f in $list ; do file=${homedir}/${f} *************** *** 326,332 **** # Files that should not be owned by someone else or writeable. list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \ .profile .tcshrc" ! awk -F: '{ print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for f in $list ; do file=${homedir}/${f} --- 327,333 ---- # Files that should not be owned by someone else or writeable. list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \ .profile .tcshrc" ! awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do for f in $list ; do file=${homedir}/${f}