diff options
author | Brian Somers <brian@FreeBSD.org> | 2000-06-23 01:16:49 +0000 |
---|---|---|
committer | Brian Somers <brian@FreeBSD.org> | 2000-06-23 01:16:49 +0000 |
commit | 32ee60d7b865fd8b10a81a24f1a570261af2562a (patch) | |
tree | 2e44f5bea353aa1259da901dcf032aaba03b118b /etc | |
parent | c1a4ed010b80e8941dec6f4e9380b1afc189ac32 (diff) | |
download | src-32ee60d7b865fd8b10a81a24f1a570261af2562a.tar.gz src-32ee60d7b865fd8b10a81a24f1a570261af2562a.zip |
Add -s -a and -m flags for supressing the subject line, ignoring amd
mounts and ignoring mfs mounts.
Default functionality stays the same.
Notes
Notes:
svn path=/head/; revision=61980
Diffstat (limited to 'etc')
-rw-r--r-- | etc/security | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/etc/security b/etc/security index f6adcd742aff..7305feddd61a 100644 --- a/etc/security +++ b/etc/security @@ -11,10 +11,20 @@ separator () { echo '' } +sflag=FALSE ignore= +while getopts ams c +do + case "$c" in + a) ignore="$ignore|^amd:";; + m) ignore="$ignore|^mfs:";; + s) sflag=TRUE;; + esac +done + yesterday=`date -v-1d "+%b %e "` host=`hostname` -echo "Subject: ${host} security check output" +[ $sflag = FALSE ] && echo "Subject: ${host} security check output" LOG=/var/log TMP=/var/run/_secure.$$ @@ -43,7 +53,7 @@ if [ ! -f ${LOG}/setuid.today ]; then cp ${TMP} ${LOG}/setuid.today fi -if cmp ${LOG}/setuid.today ${TMP} >/dev/null; then :; else +if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then separator echo "${host} setuid diffs:" diff -b ${LOG}/setuid.today ${TMP} @@ -53,13 +63,14 @@ fi # Show changes in the way filesystems are mounted # -if mount -p > $TMP; then +[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat +if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then separator echo "no $LOG/mount.today" cp $TMP $LOG/mount.today fi - if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else + if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP @@ -85,7 +96,7 @@ if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then cp ${TMP} ${LOG}/ipfw.today fi - if cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then :; else + if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" @@ -116,7 +127,7 @@ if dmesg 2>/dev/null > ${TMP}; then cp ${TMP} ${LOG}/dmesg.today fi - if cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then :; else + if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" |