security revision 1.4
1#!/bin/sh - 2# 3# @(#)security 5.3 (Berkeley) 5/28/91 4# 5PATH=/sbin:/bin:/usr/bin 6 7host=`hostname -s` 8echo "Subject: $host security check output" 9 10LOG=/var/log 11TMP=/tmp/_secure.$$ 12 13umask 027 14 15echo "checking setuid files and devices:" 16 17# don't have ncheck, but this does the equivalent of the commented out block. 18# note that one of the original problem, the possibility of overrunning 19# the args to ls, is still here... 20 21MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $3 }'` 22set $MP 23ls -lgT `while test $# -ge 1; do 24 mount=$1 25 shift 26 find $mount -xdev -perm -u+s -or -perm -g+s | sort 27done` > $TMP 28 29#MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $1 " " $3 }'` 30#set $MP 31#ls -lgT `while test $# -ge 2; do 32# device=$1 33# shift 34# mount=$1 35# shift 36# ncheck -s $device | sed -e "/:$/d" -e "/\/dev\//d" \ 37# -e "s;[^/]*;$mount;" -e "s;//;/;g" | sort 38#done` > $TMP 39 40if cmp $LOG/setuid.today $TMP >/dev/null; then :; else 41 echo "$host setuid/device diffs:" 42 diff $LOG/setuid.today $TMP 43 mv $LOG/setuid.today $LOG/setuid.yesterday 44 mv $TMP $LOG/setuid.today 45fi 46rm -f $TMP 47 48echo "" 49echo "" 50echo "checking for uids of 0:" 51awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd 52