=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/etc/Attic/security,v retrieving revision 1.39 retrieving revision 1.40 diff -c -r1.39 -r1.40 *** src/etc/Attic/security 2000/10/06 17:35:30 1.39 --- src/etc/Attic/security 2000/10/18 16:45:27 1.40 *************** *** 1,6 **** #!/bin/sh - # ! # $OpenBSD: security,v 1.39 2000/10/06 17:35:30 aaron Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # --- 1,6 ---- #!/bin/sh - # ! # $OpenBSD: security,v 1.40 2000/10/18 16:45:27 hugh Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # *************** *** 48,54 **** if (system("test -s /etc/skeykeys && grep -q \"^"$1" \" /etc/skeykeys") == 0) printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); if (system("test -d "$9" -a ! -r "$9"") == 0) ! printf("Login %s if off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); } --- 48,54 ---- if (system("test -s /etc/skeykeys && grep -q \"^"$1" \" /etc/skeykeys") == 0) printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); if (system("test -d "$9" -a ! -r "$9"") == 0) ! printf("Login %s is off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); } *************** *** 60,79 **** printf("Login %s has a negative group ID.\n", $1); }' < $MP > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\nChecking the $MP file:\n" cat $OUTPUT fi awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\n$MP has duplicate user names.\n" column $OUTPUT fi awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 if [ -s $TMP2 ] ; then ! printf "\n$MP has duplicate user ID's.\n" while read uid; do grep -w $uid $TMP1 done < $TMP2 | column --- 60,79 ---- printf("Login %s has a negative group ID.\n", $1); }' < $MP > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\nChecking the %s file:\n" "$MP" cat $OUTPUT fi awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\n%s has duplicate user names.\n" "$MP" column $OUTPUT fi awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 if [ -s $TMP2 ] ; then ! printf "\n%s has duplicate user ID's.\n" "$MP" while read uid; do grep -w $uid $TMP1 done < $TMP2 | column *************** *** 120,132 **** printf("Login %s has a negative group ID.\n", $1); }' < $GRP > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\nChecking the $GRP file:\n" cat $OUTPUT fi awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\n$GRP has duplicate group names.\n" column $OUTPUT fi --- 120,132 ---- printf("Login %s has a negative group ID.\n", $1); }' < $GRP > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\nChecking the %s file:\n" "$GRP" cat $OUTPUT fi awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "\n%s has duplicate group names.\n" "$GRP" column $OUTPUT fi *************** *** 173,179 **** fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then ! printf "\nChecking root csh paths, umask values:\n$list\n" if [ -s $OUTPUT ] ; then cat $OUTPUT fi --- 173,179 ---- fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then ! printf "\nChecking root csh paths, umask values:\n%s\n" "$list" if [ -s $OUTPUT ] ; then cat $OUTPUT fi *************** *** 227,233 **** fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then ! printf "\nChecking root sh paths, umask values:\n$list\n" if [ -s $OUTPUT ] ; then cat $OUTPUT fi --- 227,233 ---- fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then ! printf "\nChecking root sh paths, umask values:\n%s\n" "$list" if [ -s $OUTPUT ] ; then cat $OUTPUT fi *************** *** 279,285 **** done ) if [ -s $OUTPUT ] ; then ! printf "\nChecking root ksh paths, umask values:\n$list\n" cat $OUTPUT fi --- 279,285 ---- done ) if [ -s $OUTPUT ] ; then ! printf "\nChecking root ksh paths, umask values:\n%s\n" "$list" cat $OUTPUT fi *************** *** 324,330 **** # Root owned .rhosts/.shosts files are ok. if [ -s ${homedir}/$j -a ! -O ${homedir}/$j ] ; then rhost=`ls -ldgT ${homedir}/$j` ! printf "$uid: $rhost\n" fi done done > $OUTPUT --- 324,330 ---- # Root owned .rhosts/.shosts files are ok. if [ -s ${homedir}/$j -a ! -O ${homedir}/$j ] ; then rhost=`ls -ldgT ${homedir}/$j` ! printf "%s: %s\n" "$uid" "$rhost" fi done done > $OUTPUT *************** *** 358,364 **** while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`ls -ldgT ${homedir}` ! printf "$uid $file\n" fi done | awk '$1 != $4 && $4 != "root" \ --- 358,364 ---- while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`ls -ldgT ${homedir}` ! printf "%s %s\n" "$uid" "$file" fi done | awk '$1 != $4 && $4 != "root" \ *************** *** 379,385 **** for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then ! printf "$uid $f `ls -ldgT $file`\n" fi done done | --- 379,385 ---- for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then ! printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" fi done done | *************** *** 405,411 **** for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then ! printf "$uid $f `ls -ldgT $file`\n" fi done done | --- 405,411 ---- for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then ! printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" fi done done | *************** *** 464,470 **** # Display any errors that occurred during system file walk. if [ -s $OUTPUT ] ; then ! printf "${pending}Setuid/device find errors:\n" pending= cat $OUTPUT printf "\n" --- 464,470 ---- # Display any errors that occurred during system file walk. if [ -s $OUTPUT ] ; then ! printf "%sSetuid/device find errors:\n" "$pending" pending= cat $OUTPUT printf "\n" *************** *** 475,481 **** if [ -s $TMP1 ] ; then # Check to make sure uudecode isn't setuid. if grep -w uudecode $TMP1 > /dev/null ; then ! printf "${pending}\nUudecode is setuid.\n" pending= fi --- 475,481 ---- if [ -s $TMP1 ] ; then # Check to make sure uudecode isn't setuid. if grep -w uudecode $TMP1 > /dev/null ; then ! printf "%s\nUudecode is setuid.\n" "$pending" pending= fi *************** *** 489,495 **** > $TMP2 join -110 -210 -v2 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "${pending}Setuid additions:\n" pending= tee -a $TMP2 < $OUTPUT printf "\n" --- 489,495 ---- > $TMP2 join -110 -210 -v2 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "%sSetuid additions:\n" "$pending" pending= tee -a $TMP2 < $OUTPUT printf "\n" *************** *** 497,503 **** join -110 -210 -v1 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "${pending}Setuid deletions:\n" pending= tee -a $TMP2 < $OUTPUT printf "\n" --- 497,503 ---- join -110 -210 -v1 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "%sSetuid deletions:\n" "$pending" pending= tee -a $TMP2 < $OUTPUT printf "\n" *************** *** 506,512 **** sort +9 $TMP2 $CUR $TMP1 | \ sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "${pending}Setuid changes:\n" pending= column -t $OUTPUT printf "\n" --- 506,512 ---- sort +9 $TMP2 $CUR $TMP1 | \ sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT if [ -s $OUTPUT ] ; then ! printf "%sSetuid changes:\n" "$pending" pending= column -t $OUTPUT printf "\n" *************** *** 516,522 **** cp $TMP1 $CUR fi else ! printf "${pending}Setuid additions:\n" pending= column -t $TMP1 printf "\n" --- 516,522 ---- cp $TMP1 $CUR fi else ! printf "%sSetuid additions:\n" "$pending" pending= column -t $TMP1 printf "\n" *************** *** 620,626 **** tree=`sed -n -e '3s/.* //p' -e 3q $file` mtree -f $file -p $tree > $TMP1 if [ -s $TMP1 ] ; then ! printf "\nChecking $tree:\n" >> $OUTPUT cat $TMP1 >> $OUTPUT fi done --- 620,626 ---- tree=`sed -n -e '3s/.* //p' -e 3q $file` mtree -f $file -p $tree > $TMP1 if [ -s $TMP1 ] ; then ! printf "\nChecking %s:\n" "$tree" >> $OUTPUT cat $TMP1 >> $OUTPUT fi done