#!/usr/bin/sh if [ $# -gt 0 ] then echo "usage: $0" exit 1 fi HOME=/usr/local; export HOME SAFE=$HOME/.s; export SAFE CRON=/var/spool/cron/crontabs/root #-------------------------------------------------------------------------- # Check root setuid and setguid files for differences if [ -f $SAFE/suidlist ] then mv $SAFE/suidlist $SAFE/suidlist.old fi echo "Set [user|group]-id [root|sys] Check: " find / -fsonly hfs -fsonly vxfs \( -perm -4000 -user root \ -o -perm -2000 -group root \ -o -perm -4000 -user sys \ -o -perm -2000 -group sys \) -print > $SAFE/suidlist chmod 400 $SAFE/suidlist if [ -f $SAFE/suidlist.old ] then diff $SAFE/suidlist.old $SAFE/suidlist fi #-------------------------------------------------------------------------- # Check /bin, /sbin, /usr/bin, and /usr/sbin sum for differences if [ -f $SAFE/binsum ] then mv $SAFE/binsum $SAFE/binsum.old fi echo "/bin checksum Check:" # # Test for file existence before doing cksum because of broken # transition links. # #cksum /bin/* /sbin/* /usr/bin/* /usr/sbin/* > $SAFE/binsum # for file in /bin/* /sbin/* /usr/bin/* /usr/sbin/* do if [ -e $file ] then cksum $file >> $SAFE/binsum fi done chmod 400 $SAFE/binsum if [ -f $SAFE/binsum.old ] then diff $SAFE/binsum.old $SAFE/binsum fi #-------------------------------------------------------------------------- # Check /etc/shadow if [ -f $SAFE/shadowfile ] then mv $SAFE/shadowfile $SAFE/shadowfile.old fi echo "/etc/shadow Check: " cp /etc/shadow $SAFE/shadowfile chmod 400 $SAFE/shadowfile if [ -f $SAFE/shadowfile.old ] then diff $SAFE/shadowfile.old $SAFE/shadowfile fi #-------------------------------------------------------------------------- # Check /etc/passwd if [ -f $SAFE/passwdfile ] then mv $SAFE/passwdfile $SAFE/passwdfile.old fi echo "/etc/passwd Check: " cp /etc/passwd $SAFE/passwdfile chmod 400 $SAFE/passwdfile if [ -f $SAFE/passwdfile.old ] then diff $SAFE/passwdfile.old $SAFE/passwdfile fi #-------------------------------------------------------------------------- # Check /etc/passwd.yp if [ -f $SAFE/passwdnis ] then mv $SAFE/passwdnis $SAFE/passwdnis.old fi echo "/etc/passwd.yp Check: " if [ -f /etc/passwd.yp ] then cp /etc/passwd.yp $SAFE/passwdnis chmod 400 $SAFE/passwdnis fi if [ -f $SAFE/passwdnis.old ] then diff $SAFE/passwdnis.old $SAFE/passwdnis fi #-------------------------------------------------------------------------- # Check root cron if [ -f $SAFE/rootcron ] then mv $SAFE/rootcron $SAFE/rootcron.old fi echo "$CRON Check: " if [ -f $CRON ] then cp $CRON $SAFE/rootcron chmod 400 $SAFE/rootcron fi if [ -f $SAFE/rootcron.old ] then diff $SAFE/rootcron.old $SAFE/rootcron fi #-------------------------------------------------------------------------- # Check world writable dirs if [ -f $SAFE/wwdirs ] then mv $SAFE/wwdirs $SAFE/wwdirs.old fi echo "World Writable Dirs Check: " find / -fsonly hfs -fsonly vxfs -type d -perm -002 -print > $SAFE/wwdirs chmod 400 $SAFE/wwdirs if [ -f $SAFE/wwdirs.old ] then diff $SAFE/wwdirs.old $SAFE/wwdirs fi #-------------------------------------------------------------------------- # Check world writable files if [ -f $SAFE/wwfiles ] then mv $SAFE/wwfiles $SAFE/wwfiles.old fi echo "World Writable Files Check: " find / -fsonly hfs -fsonly vxfs -type f -perm -002 -print > $SAFE/wwfiles chmod 400 $SAFE/wwfiles # Don't report on these daily since they change all of the time #if [ -f $SAFE/wwfiles.old ] #then # diff $SAFE/wwfiles.old $SAFE/wwfiles #fi #-------------------------------------------------------------------------- # Check .rhosts if [ -f $SAFE/rhosts ] then mv $SAFE/rhosts $SAFE/rhosts.old fi echo "Rhosts Check: " find / -fsonly hfs -fsonly vxfs -name .rhosts -print > $SAFE/rhosts chmod 400 $SAFE/rhosts if [ -f $SAFE/rhosts.old ] then diff $SAFE/rhosts.old $SAFE/rhosts fi #-------------------------------------------------------------------------- # Check .shosts if [ -f $SAFE/shosts ] then mv $SAFE/shosts $SAFE/shosts.old fi echo "Shosts Check: " find / -fsonly hfs -fsonly vxfs -name .shosts -print > $SAFE/shosts chmod 400 $SAFE/shosts if [ -f $SAFE/shosts.old ] then diff $SAFE/shosts.old $SAFE/shosts fi #-------------------------------------------------------------------------- # Check file permissions echo "File Permissions Check:" $SAFE/bin/permchk.sh