1#!/bin/sh - 2# 3# @(#)security 5.12 (Berkeley) 02/27/92 4# 5PATH=/sbin:/usr/sbin:/bin:/usr/bin 6 7host=`hostname` 8umask 22 9 10DONE=/tmp/_secure1.$$ 11LIST=/tmp/_secure2.$$ 12TMP=/tmp/_secure3.$$ 13 14trap 'rm -f $DONE $LIST $TMP' 0 15 16echo "" 17echo "Checking for uids of 0:" 18awk -F: "\$3==\"0\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd 19 20echo "" 21echo "Checking for uids without passwords:" 22awk -F: "\$2==\"\" {print \"user: \" \$1 \", uid: \" \$3 }" /etc/master.passwd 23 24echo "" 25echo "Checking setuid files and devices:" 26(find / \( ! -fstype local \) -a -prune -o \ 27 \( -perm -u+s -o -perm -g+s -o ! -type d -a ! -type f -a ! -type l \) | \ 28 sort | sed -e 's/^/ls -lgT /' | sh >$LIST) 2>$TMP 29 30if [ -s $TMP ] ; then 31 echo "$host setuid/device find errors:" 32 cat $TMP 33 echo "" 34fi 35 36if [ -s $LIST ] ; then 37 SETCUR=/var/log/setuid.current 38 SETBACK=/var/log/setuid.backup 39 40 if [ -s $SETCUR ] ; then 41 if cmp -s $SETCUR $LIST ; then 42 : 43 else 44 :> $DONE 45 join -110 -210 -v2 $SETCUR $LIST >$TMP 46 if [ -s $TMP ] ; then 47 echo "$host setuid/device additions:" 48 tee -a $DONE < $TMP 49 echo "" 50 fi 51 52 join -110 -210 -v1 $SETCUR $LIST >$TMP 53 if [ -s $TMP ] ; then 54 echo "$host setuid/device deletions:" 55 tee -a $DONE < $TMP 56 echo "" 57 fi 58 59 sort +9 $DONE $SETCUR $LIST | uniq -u >$TMP 60 if [ -s $TMP ] ; then 61 echo "$host setuid/device changes:" 62 cat $TMP 63 echo "" 64 fi 65 66 mv $SETCUR $SETBACK 67 mv $LIST $SETCUR 68 fi 69 else 70 echo "$host setuid/device additions:" 71 cat $LIST 72 echo "" 73 mv $LIST $SETCUR 74 fi 75fi 76 77# Check the system binaries. 78# Create the mtree tree specifications using: 79# 80# mtree -cx -pDIR -kcksum,gid,mode,nlink,size,link,time,uid > DIR.secure 81# chown bin.bin DIR.SECURE 82# chmod 444 DIR.SECURE 83# 84# Note, this is not complete protection against Trojan horsed binaries, as 85# the hacker can modify the tree specification to match the replaced binary. 86# For details on really protecting yourself against modified binaries, see 87# the mtree(8) manual page. 88 89if cd /etc/mtree; then 90 echo "" 91 echo "Checking system binaries:" 92 for file in *.secure; do 93 tree=`sed -n -e '3s/.* //p' -e 3q $file` 94 echo "" 95 echo "Checking $tree:" 96 mtree -f $file -p $tree 97 done 98fi 99