diff options
Diffstat (limited to 'etc/security')
-rw-r--r-- | etc/security | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/etc/security b/etc/security index f3bb0c492d69..15e32fa93d72 100644 --- a/etc/security +++ b/etc/security @@ -1,7 +1,7 @@ #!/bin/sh - # # @(#)security 5.3 (Berkeley) 5/28/91 -# $Id: security,v 1.29 1999/01/10 11:18:59 danny Exp $ +# $Id: security,v 1.30 1999/06/23 14:23:54 sheldonh Exp $ # PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL @@ -12,7 +12,7 @@ separator () { } host=`hostname` -echo "Subject: $host security check output" +echo "Subject: ${host} security check output" LOG=/var/log TMP=/var/run/_secure.$$ @@ -26,26 +26,26 @@ echo "checking setuid files and devices:" # the args to ls, is still here... # MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'` -set $MP +set ${MP} while test $# -ge 1; do mount=$1 shift find $mount -xdev -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \) -print0 -done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP +done | xargs -0 -n 20 ls -lTd | sort +9 > ${TMP} -if [ ! -f $LOG/setuid.today ] ; then +if [ ! -f ${LOG}/setuid.today ] ; then separator - echo "no $LOG/setuid.today" - cp $TMP $LOG/setuid.today + echo "no ${LOG}/setuid.today" + cp ${TMP} ${LOG}/setuid.today fi -if cmp $LOG/setuid.today $TMP >/dev/null; then :; else +if cmp ${LOG}/setuid.today ${TMP} >/dev/null; then :; else separator - echo "$host setuid diffs:" - diff -b $LOG/setuid.today $TMP - mv $LOG/setuid.today $LOG/setuid.yesterday - mv $TMP $LOG/setuid.today + echo "${host} setuid diffs:" + diff -b ${LOG}/setuid.today ${TMP} + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday + mv ${TMP} ${LOG}/setuid.today fi separator @@ -57,57 +57,57 @@ echo "checking for passwordless accounts:" awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd # show denied packets -if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then - if [ ! -f $LOG/ipfw.today ] ; then +if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then + if [ ! -f ${LOG}/ipfw.today ] ; then separator - echo "no $LOG/ipfw.today" - cp $TMP $LOG/ipfw.today + echo "no ${LOG}/ipfw.today" + cp ${TMP} ${LOG}/ipfw.today fi - if cmp $LOG/ipfw.today $TMP >/dev/null; then :; else + if cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then :; else separator - echo "$host denied packets:" - diff -b $LOG/ipfw.today $TMP | egrep "^>" - mv $LOG/ipfw.today $LOG/ipfw.yesterday - mv $TMP $LOG/ipfw.today + echo "${host} denied packets:" + diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday + mv ${TMP} ${LOG}/ipfw.today fi fi # show ipfw rules which have reached the log limit IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` -if [ $? -eq 0 ] && [ $IPFW_LOG_LIMIT -ne 0 ]; then +if [ $? -eq 0 ] && [ ${IPFW_LOG_LIMIT} -ne 0 ]; then ipfw -a l | grep " log " | perl -n -e \ - '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > $TMP - if [ -s $TMP ]; then + '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} + if [ -s ${TMP} ]; then separator echo "ipfw log limit reached:" - cat $TMP + cat ${TMP} fi fi # show kernel log messages -if dmesg 2>/dev/null > $TMP; then - if [ ! -f $LOG/dmesg.today ] ; then +if dmesg 2>/dev/null > ${TMP}; then + if [ ! -f ${LOG}/dmesg.today ] ; then separator - echo "no $LOG/dmesg.today" - cp $TMP $LOG/dmesg.today + echo "no ${LOG}/dmesg.today" + cp ${TMP} ${LOG}/dmesg.today fi - if cmp $LOG/dmesg.today $TMP >/dev/null 2>&1; then :; else + if cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then :; else separator - echo "$host kernel log messages:" - diff -b $LOG/dmesg.today $TMP | egrep "^>" - mv $LOG/dmesg.today $LOG/dmesg.yesterday - mv $TMP $LOG/dmesg.today + echo "${host} kernel log messages:" + diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday + mv ${TMP} ${LOG}/dmesg.today fi fi # show login failures separator -echo "$host login failures:" -grep -i "login failure" $LOG/messages +echo "${host} login failures:" +grep -i "login failure" ${LOG}/messages # show tcp_wrapper warning messages separator -echo "$host refused connections:" -grep -i "refused connect" $LOG/messages +echo "${host} refused connections:" +grep -i "refused connect" ${LOG}/messages -rm -f $TMP +rm -f ${TMP} |