Következő: 16.5 /etc/crontab Fel: 16. Konfigurációs fájlok Előző: 16.3 /etc/chechsecurity.conf   Index

16.4 /usr/sbin/checksecurity

#!/bin/sh
# Security checks script - run daily out of the system crontab

set -e

PATH=/sbin:/bin:/usr/sbin:/usr/bin

LOG=/var/log
TMP=/var/log/setuid.new.tmp

umask 077
cd /

. /etc/checksecurity.conf

if [ "$CHECKSECURITY_DISABLE" = "TRUE" ] ; then
    exit
fi

#
# Check for NFS/AFS mounts that are not nosuid/nodev
#
#
# Check for NFS/AFS mounts that are not nosuid/nodev
#
if [ ! "$CHECKSECURITY_NONFSAFS" = "TRUE" ] ; then
   # temporarily disable error exit, as grep may give errors if no nfs/afs
   # are mounted.
   set +e
   nfssys=`mount | grep -E 'nfs|afs' | grep -vE '\(.*(nosuid|noexec).*nodev.*\)'`
   nfssyscnt=`echo $nfssys |grep "[a-z]"| wc -l`
   set -e
   if [ $nfssyscnt -gt 0 ] ; then
      echo "The following NFS or AFS filesystems are mounted insecurely:"
      echo ""
      echo $nfssys
      echo ""
      echo "If this is intentional and you have supreme confidence in the"
      echo "security of the server for these file systems, you may disable"
      echo "this message by editing the value of CHECKSECURITY_NONFSAFS in"
      echo "the file /etc/checksecurity.conf."
   fi
fi

if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
	exec 9>&2
	exec 2>/dev/null
fi


find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \
     -xdev \( -type f -perm +06000 -o -type b -o -type c \) \
     -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" \
| sort >$TMP

if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
	exec 2>&9
fi

cd $LOG

test -f setuid.today || touch setuid.today

if cmp -s setuid.today $TMP >/dev/null
then
    :
else
	echo "`hostname` changes to setuid programs and devices:"
	diff setuid.today $TMP || [ $? = 1 ]
	mv setuid.today setuid.yesterday
	mv $TMP setuid.today
fi
rm -f $TMP