head	1.60;
access;
symbols
	RELENG_4_11_0_RELEASE:1.36.2.21
	RELENG_4_11:1.36.2.21.0.12
	RELENG_4_11_BP:1.36.2.21
	RELENG_4_10_0_RELEASE:1.36.2.21
	RELENG_4_10:1.36.2.21.0.10
	RELENG_4_10_BP:1.36.2.21
	RELENG_4_9_0_RELEASE:1.36.2.21
	RELENG_4_9:1.36.2.21.0.8
	RELENG_4_9_BP:1.36.2.21
	RELENG_4_8_0_RELEASE:1.36.2.21
	RELENG_4_8:1.36.2.21.0.6
	RELENG_4_8_BP:1.36.2.21
	RELENG_4_7_0_RELEASE:1.36.2.21
	RELENG_4_7:1.36.2.21.0.4
	RELENG_4_7_BP:1.36.2.21
	RELENG_4_6_2_RELEASE:1.36.2.21
	RELENG_4_6_1_RELEASE:1.36.2.21
	RELENG_4_6_0_RELEASE:1.36.2.21
	RELENG_4_6:1.36.2.21.0.2
	RELENG_4_6_BP:1.36.2.21
	RELENG_4_5_0_RELEASE:1.36.2.20
	RELENG_4_5:1.36.2.20.0.2
	RELENG_4_5_BP:1.36.2.20
	RELENG_4_4_0_RELEASE:1.36.2.18
	RELENG_4_4:1.36.2.18.0.2
	RELENG_4_4_BP:1.36.2.18
	RELENG_4_3_0_RELEASE:1.36.2.13
	RELENG_4_3:1.36.2.13.0.2
	RELENG_4_3_BP:1.36.2.13
	RELENG_4_2_0_RELEASE:1.36.2.7
	RELENG_4_1_1_RELEASE:1.36.2.6
	PRE_SMPNG:1.41
	RELENG_4_1_0_RELEASE:1.36.2.3
	RELENG_3_5_0_RELEASE:1.29.2.5
	RELENG_4_0_0_RELEASE:1.36
	RELENG_4:1.36.0.2
	RELENG_4_BP:1.36
	RELENG_3_4_0_RELEASE:1.29.2.2
	RELENG_3_3_0_RELEASE:1.29.2.2
	RELENG_3_2_PAO:1.29.0.4
	RELENG_3_2_PAO_BP:1.29
	RELENG_3_2_0_RELEASE:1.29
	RELENG_3_1_0_RELEASE:1.29
	RELENG_3:1.29.0.2
	RELENG_3_BP:1.29
	RELENG_2_2_8_RELEASE:1.16.2.6
	RELENG_3_0_0_RELEASE:1.27
	RELENG_2_2_7_RELEASE:1.16.2.6
	RELENG_2_2_6_RELEASE:1.16.2.4
	RELENG_2_2_5_RELEASE:1.16.2.4
	RELENG_2_2_2_RELEASE:1.16.2.2
	RELENG_2_2_1_RELEASE:1.16.2.2
	RELENG_2_2_0_RELEASE:1.16.2.2
	RELENG_2_1_7_RELEASE:1.8.4.4
	RELENG_2_1_6_1_RELEASE:1.8.4.3
	RELENG_2_1_6_RELEASE:1.8.4.3
	RELENG_2_2:1.16.0.2
	RELENG_2_2_BP:1.16
	RELENG_2_1_5_RELEASE:1.8.4.3
	RELENG_2_1_0_RELEASE:1.8
	RELENG_2_1_0:1.8.0.4
	RELENG_2_1_0_BP:1.8
	RELENG_2_0_5_RELEASE:1.8
	RELENG_2_0_5:1.8.0.2
	RELENG_2_0_5_BP:1.8
	RELENG_2_0_5_ALPHA:1.8
	RELEASE_2_0:1.6
	BETA_2_0:1.6
	ALPHA_2_0:1.6.0.4
	MOVED_NEWCVS:1.6
	FINAL_1_1_5:1.6
	ALPHA_1_1_5:1.6
	FINAL_1_1:1.6
	GAMMA_1_1:1.6
	BETA_1_1:1.6.0.2
	BP_BETA_1_1:1.6
	FINAL_1_0:1.4
	EPSILON_1_0:1.3
	GAMMA_1_0:1.2
	BETA_1_0:1.2
	ALPHA_1_0:1.1.1.1
	V_0_0_1_0:1.1.1.1;
locks; strict;
comment	@# @;


1.60
date	2001.12.07.23.57.20;	author cjc;	state dead;
branches;
next	1.59;

1.59
date	2001.11.28.04.07.00;	author silby;	state Exp;
branches;
next	1.58;

1.58
date	2001.11.27.01.06.57;	author silby;	state Exp;
branches;
next	1.57;

1.57
date	2001.09.18.00.03.48;	author fenner;	state Exp;
branches;
next	1.56;

1.56
date	2001.09.14.11.18.06;	author brian;	state Exp;
branches;
next	1.55;

1.55
date	2001.07.04.12.49.17;	author ume;	state Exp;
branches;
next	1.54;

1.54
date	2001.06.21.19.17.15;	author cjc;	state Exp;
branches;
next	1.53;

1.53
date	2001.06.14.04.30.46;	author dd;	state Exp;
branches;
next	1.52;

1.52
date	2001.06.01.10.07.15;	author ru;	state Exp;
branches;
next	1.51;

1.51
date	2001.04.21.22.37.54;	author dirk;	state Exp;
branches;
next	1.50;

1.50
date	2001.04.14.10.05.01;	author dirk;	state Exp;
branches;
next	1.49;

1.49
date	2001.04.13.15.13.15;	author nate;	state Exp;
branches;
next	1.48;

1.48
date	2001.03.17.21.22.29;	author brian;	state Exp;
branches;
next	1.47;

1.47
date	2001.02.08.20.31.21;	author brian;	state Exp;
branches;
next	1.46;

1.46
date	2001.02.03.01.28.46;	author brian;	state Exp;
branches;
next	1.45;

1.45
date	2000.12.17.08.15.57;	author dougb;	state Exp;
branches;
next	1.44;

1.44
date	2000.10.08.19.20.36;	author obrien;	state Exp;
branches;
next	1.43;

1.43
date	2000.09.18.18.35.07;	author brian;	state Exp;
branches;
next	1.42;

1.42
date	2000.09.14.17.19.08;	author brian;	state Exp;
branches;
next	1.41;

1.41
date	2000.08.07.09.08.35;	author brian;	state Exp;
branches;
next	1.40;

1.40
date	2000.07.11.14.24.53;	author dwmalone;	state Exp;
branches;
next	1.39;

1.39
date	2000.06.23.01.16.49;	author brian;	state Exp;
branches;
next	1.38;

1.38
date	2000.04.06.10.46.50;	author sheldonh;	state Exp;
branches;
next	1.37;

1.37
date	2000.04.05.13.42.48;	author sheldonh;	state Exp;
branches;
next	1.36;

1.36
date	99.12.20.17.33.56;	author phantom;	state Exp;
branches
	1.36.2.1;
next	1.35;

1.35
date	99.10.06.10.29.33;	author sheldonh;	state Exp;
branches;
next	1.34;

1.34
date	99.10.04.14.54.34;	author sheldonh;	state Exp;
branches;
next	1.33;

1.33
date	99.09.13.15.44.18;	author sheldonh;	state Exp;
branches;
next	1.32;

1.32
date	99.08.27.23.23.45;	author peter;	state Exp;
branches;
next	1.31;

1.31
date	99.08.25.16.01.38;	author sheldonh;	state Exp;
branches;
next	1.30;

1.30
date	99.06.23.14.23.54;	author sheldonh;	state Exp;
branches;
next	1.29;

1.29
date	99.01.10.11.18.59;	author danny;	state Exp;
branches
	1.29.2.1;
next	1.28;

1.28
date	99.01.01.17.37.33;	author billf;	state Exp;
branches;
next	1.27;

1.27
date	98.08.16.10.38.02;	author des;	state Exp;
branches;
next	1.26;

1.26
date	98.08.11.08.48.54;	author des;	state Exp;
branches;
next	1.25;

1.25
date	98.07.08.22.42.08;	author alex;	state Exp;
branches;
next	1.24;

1.24
date	98.06.27.11.13.59;	author andreas;	state Exp;
branches;
next	1.23;

1.23
date	98.02.04.01.53.19;	author alex;	state Exp;
branches;
next	1.22;

1.22
date	97.09.26.01.38.30;	author alex;	state Exp;
branches;
next	1.21;

1.21
date	97.08.01.01.25.21;	author brian;	state Exp;
branches;
next	1.20;

1.20
date	97.03.03.07.03.50;	author mpp;	state Exp;
branches;
next	1.19;

1.19
date	97.02.23.21.34.34;	author mpp;	state Exp;
branches;
next	1.18;

1.18
date	97.02.23.09.20.52;	author peter;	state Exp;
branches;
next	1.17;

1.17
date	97.01.14.05.44.37;	author jkh;	state Exp;
branches;
next	1.16;

1.16
date	96.10.12.04.56.28;	author nate;	state Exp;
branches
	1.16.2.1;
next	1.15;

1.15
date	96.10.12.04.51.09;	author nate;	state Exp;
branches;
next	1.14;

1.14
date	96.07.31.06.47.05;	author pst;	state Exp;
branches;
next	1.13;

1.13
date	96.06.30.19.35.20;	author alex;	state Exp;
branches;
next	1.12;

1.12
date	96.06.30.13.16.21;	author peter;	state Exp;
branches;
next	1.11;

1.11
date	96.04.19.22.28.01;	author ache;	state Exp;
branches;
next	1.10;

1.10
date	96.04.18.10.34.07;	author ache;	state Exp;
branches;
next	1.9;

1.9
date	95.09.15.00.22.31;	author ache;	state Exp;
branches;
next	1.8;

1.8
date	95.05.27.01.37.44;	author ache;	state Exp;
branches
	1.8.4.1;
next	1.7;

1.7
date	95.01.14.13.23.50;	author ats;	state Exp;
branches;
next	1.6;

1.6
date	94.01.22.10.54.13;	author rgrimes;	state Exp;
branches;
next	1.5;

1.5
date	93.12.15.06.42.01;	author rich;	state Exp;
branches;
next	1.4;

1.4
date	93.10.25.20.13.16;	author rgrimes;	state Exp;
branches;
next	1.3;

1.3
date	93.09.06.23.12.04;	author rgrimes;	state Exp;
branches;
next	1.2;

1.2
date	93.08.07.09.58.37;	author rgrimes;	state Exp;
branches;
next	1.1;

1.1
date	93.06.20.13.41.35;	author rgrimes;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	93.06.20.13.41.36;	author rgrimes;	state Exp;
branches;
next	;

1.8.4.1
date	96.05.29.22.23.41;	author jkh;	state Exp;
branches;
next	1.8.4.2;

1.8.4.2
date	96.06.05.02.36.37;	author jkh;	state Exp;
branches;
next	1.8.4.3;

1.8.4.3
date	96.06.17.09.17.12;	author jkh;	state Exp;
branches;
next	1.8.4.4;

1.8.4.4
date	97.01.19.19.42.26;	author guido;	state Exp;
branches;
next	1.8.4.5;

1.8.4.5
date	97.04.12.06.16.14;	author dima;	state Exp;
branches;
next	1.8.4.6;

1.8.4.6
date	99.09.05.11.02.52;	author peter;	state Exp;
branches;
next	;

1.16.2.1
date	97.03.02.14.50.31;	author joerg;	state Exp;
branches;
next	1.16.2.2;

1.16.2.2
date	97.03.03.07.05.47;	author mpp;	state Exp;
branches;
next	1.16.2.3;

1.16.2.3
date	97.08.01.01.28.01;	author brian;	state Exp;
branches;
next	1.16.2.4;

1.16.2.4
date	97.09.26.01.41.30;	author alex;	state Exp;
branches;
next	1.16.2.5;

1.16.2.5
date	98.06.27.11.20.34;	author andreas;	state Exp;
branches;
next	1.16.2.6;

1.16.2.6
date	98.07.08.22.44.08;	author alex;	state Exp;
branches;
next	1.16.2.7;

1.16.2.7
date	99.01.01.17.44.15;	author billf;	state Exp;
branches;
next	1.16.2.8;

1.16.2.8
date	99.01.10.11.21.04;	author danny;	state Exp;
branches;
next	1.16.2.9;

1.16.2.9
date	99.09.05.11.01.58;	author peter;	state Exp;
branches;
next	;

1.29.2.1
date	99.06.23.14.28.00;	author sheldonh;	state Exp;
branches;
next	1.29.2.2;

1.29.2.2
date	99.08.29.14.19.01;	author peter;	state Exp;
branches;
next	1.29.2.3;

1.29.2.3
date	99.12.21.09.28.29;	author sheldonh;	state Exp;
branches;
next	1.29.2.4;

1.29.2.4
date	99.12.21.09.46.02;	author sheldonh;	state Exp;
branches;
next	1.29.2.5;

1.29.2.5
date	2000.04.05.13.46.37;	author sheldonh;	state Exp;
branches;
next	;

1.36.2.1
date	2000.04.05.13.44.35;	author sheldonh;	state Exp;
branches;
next	1.36.2.2;

1.36.2.2
date	2000.05.28.14.26.21;	author asmodai;	state Exp;
branches;
next	1.36.2.3;

1.36.2.3
date	2000.07.14.19.36.00;	author dwmalone;	state Exp;
branches;
next	1.36.2.4;

1.36.2.4
date	2000.08.07.20.02.01;	author brian;	state Exp;
branches;
next	1.36.2.5;

1.36.2.5
date	2000.08.08.18.05.26;	author brian;	state Exp;
branches;
next	1.36.2.6;

1.36.2.6
date	2000.09.20.20.16.19;	author brian;	state Exp;
branches;
next	1.36.2.7;

1.36.2.7
date	2000.10.30.10.40.11;	author obrien;	state Exp;
branches;
next	1.36.2.8;

1.36.2.8
date	2001.01.14.09.47.48;	author dougb;	state Exp;
branches;
next	1.36.2.9;

1.36.2.9
date	2001.02.21.22.48.23;	author brian;	state Exp;
branches;
next	1.36.2.10;

1.36.2.10
date	2001.02.21.22.50.42;	author brian;	state Exp;
branches;
next	1.36.2.11;

1.36.2.11
date	2001.03.06.02.23.24;	author obrien;	state Exp;
branches;
next	1.36.2.12;

1.36.2.12
date	2001.04.13.16.49.34;	author nate;	state Exp;
branches;
next	1.36.2.13;

1.36.2.13
date	2001.04.14.13.45.08;	author dirk;	state Exp;
branches;
next	1.36.2.14;

1.36.2.14
date	2001.04.21.12.54.45;	author brian;	state Exp;
branches;
next	1.36.2.15;

1.36.2.15
date	2001.05.06.14.03.27;	author dirk;	state Exp;
branches;
next	1.36.2.16;

1.36.2.16
date	2001.06.30.03.34.42;	author cjc;	state Exp;
branches;
next	1.36.2.17;

1.36.2.17
date	2001.07.19.12.20.44;	author ume;	state Exp;
branches;
next	1.36.2.18;

1.36.2.18
date	2001.08.01.20.18.55;	author obrien;	state Exp;
branches;
next	1.36.2.19;

1.36.2.19
date	2001.12.04.00.40.07;	author silby;	state Exp;
branches;
next	1.36.2.20;

1.36.2.20
date	2001.12.14.09.00.37;	author ru;	state Exp;
branches;
next	1.36.2.21;

1.36.2.21
date	2002.02.25.10.52.55;	author cjc;	state dead;
branches;
next	;


desc
@@


1.60
log
@Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
@
text
@#!/bin/sh -
#
# Copyright (c) 2000  The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#	@@(#)security	5.3 (Berkeley) 5/28/91
# $FreeBSD: src/etc/security,v 1.59 2001/11/28 04:07:00 silby Exp $
#

PATH=/sbin:/bin:/usr/bin
LC_ALL=C; export LC_ALL
rc=0
LOG=/var/log
TMP=/var/run/_secure.$$

separator () {
	echo ''
	echo ''
}

catmsgs() {
	find $LOG -name 'messages.*' -mtime -2 |
	    sort -t. -r -n +1 -2 |
	    xargs zcat -f
	[ -f $LOG/messages ] && cat $LOG/messages
}

sflag=FALSE ignore=
while getopts as c
do
	case "$c" in
		a) ignore="$ignore|^amd:";;
		s) sflag=TRUE;;
	esac
done

yesterday=`date -v-1d "+%b %e "`

host=`hostname`

umask 027

echo 'Checking setuid files and devices:'

# Don't have ncheck, but this does the equivalent of the commented out block.
# Note that one of the original problems, the possibility of overrunning
# the args to ls, is still here...
#
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
set ${MP}
while [ $# -ge 1 ]; do
	mount=$1
	shift
	find $mount -xdev -type f \
		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
		\( -perm -u+s -or -perm -g+s \) -print0
done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}

if [ ! -f ${LOG}/setuid.today ]; then
	[ $rc -lt 1 ] && rc=1
	separator
	echo "No ${LOG}/setuid.today"
	cp ${TMP} ${LOG}/setuid.today || rc=3
fi

if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
	[ $rc -lt 1 ] && rc=1
	separator
	echo "${host} setuid diffs:"
	diff -w ${LOG}/setuid.today ${TMP}
	mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
	mv ${TMP} ${LOG}/setuid.today || rc=3
fi

# Show changes in the way filesystems are mounted
#
[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
if mount -p | $cmd > $TMP; then
	if [ ! -f $LOG/mount.today ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "No $LOG/mount.today"
		cp $TMP $LOG/mount.today || rc=3
	fi
	if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "$host changes in mounted filesystems:"
		diff -b $LOG/mount.today $TMP
		mv $LOG/mount.today $LOG/mount.yesterday || rc=3
		mv $TMP $LOG/mount.today || rc=3
	fi
fi

separator
echo 'Checking for uids of 0:'
n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
    tee /dev/stderr |
    sed -e '/^root 0$/d' -e '/^toor 0$/d' |
    wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

separator
echo 'Checking for passwordless accounts:'
n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
    tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

# Show denied packets
#
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
	if [ ! -f ${LOG}/ipfw.today ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "No ${LOG}/ipfw.today"
		cp ${TMP} ${LOG}/ipfw.today || rc=3
	fi

	if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "${host} denied packets:"
		diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
		mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
		mv ${TMP} ${LOG}/ipfw.today || rc=3
	fi
fi

# Show ipfw rules which have reached the log limit
#
IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
	ipfw -a l | grep " log " | perl -n -e \
		'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
	if [ -s "${TMP}" ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo 'ipfw log limit reached:'
		cat ${TMP}
	fi
fi

# Show IPv6 denied packets
#
if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
	if [ ! -f ${LOG}/ip6fw.today ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "No ${LOG}/ip6fw.today"
		cp ${TMP} ${LOG}/ip6fw.today || rc=3
	fi

	if ! cmp ${LOG}/ip6fw.today ${TMP} >/dev/null; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "${host} IPv6 denied packets:"
		diff -b ${LOG}/ip6fw.today ${TMP} | egrep "^>"
		mv ${LOG}/ip6fw.today ${LOG}/ip6fw.yesterday || rc=3
		mv ${TMP} ${LOG}/ip6fw.today || rc=3
	fi
fi

# Show ip6fw rules which have reached the log limit
#
IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
	ip6fw -a l | grep " log " | perl -n -e \
		'/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP}
	if [ -s "${TMP}" ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo 'ip6fw log limit reached:'
		cat ${TMP}
	fi
fi

# Show kernel log messages
#
if dmesg -a 2>/dev/null > ${TMP}; then
	if [ ! -f ${LOG}/dmesg.today ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "No ${LOG}/dmesg.today"
		cp ${TMP} ${LOG}/dmesg.today || rc=3
	fi

	if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "${host} kernel log messages:"
		diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
		mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
		mv ${TMP} ${LOG}/dmesg.today || rc=3
	fi
fi

# Show login failures
#
separator
echo "${host} login failures:"
n=$(catmsgs | grep -ia "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

# Show tcp_wrapper warning messages
#
separator
echo "${host} refused connections:"
n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

rm -f ${TMP}

exit $rc
@


1.59
log
@Make sure the security check output includes a To: line in the
same way the daily run output does.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.58 2001/11/27 01:06:57 silby Exp $
@


1.58
log
@Have security add a To: root@@host line; the lack of a To: line is causing
spambouncer to think my security logs are spam.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.57 2001/09/18 00:03:48 fenner Exp $
a60 2
[ $sflag = FALSE ] && echo "To: root@@${host}"
[ $sflag = FALSE ] && echo "Subject: ${host} security check output"
@


1.57
log
@Handle the absence of net.inet.ip.fw.verbose_limit better, just like
 brian's fix for v6 in rev 1.56.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.56 2001/09/14 11:18:06 brian Exp $
d61 1
@


1.56
log
@Handle the absence of net.inet6.ip6.fw.verbose_limit better
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.55 2001/07/04 12:49:17 ume Exp $
d154 1
a154 1
if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
@


1.55
log
@Show IPv6 denied packets.

MFC after:	1 week
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.54 2001/06/21 19:17:15 cjc Exp $
d188 1
a188 1
if [ $? -eq 0 -a "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
@


1.54
log
@Fixing a bug reported on freebsd-security. It is possible for
non-printable characters to sneak into /var/log/messages (e.g.
someone aims a Solaris/Linux RCP exploit at your FreeBSD box and
you end up with his shellcode as part of a log entry). You might
get something like,

  host.mydom.org login failures:
  Binary file (standard input) matches

In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.

Submitted by:	Tim Zingelman <zingelman@@fnal.gov> on freebsd-security
Approved by:	ru
MFC after:	1 week
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.53 2001/06/14 04:30:46 dd Exp $
d161 34
@


1.53
log
@Pass -a to dmesg(8).

PR:		26870
Submitted by:	Tomonobu AKIMOTO <akimoto@@xephion.ne.jp>
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.52 2001/06/01 10:07:15 ru Exp $
d189 1
a189 1
n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
@


1.52
log
@Remove vestiges of MFS.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.51 2001/04/21 22:37:54 dirk Exp $
d167 1
a167 1
if dmesg 2>/dev/null > ${TMP}; then
@


1.51
log
@Checking of denied zone transfers is now done in
periodic/daily/470.status-named.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.50 2001/04/14 10:05:01 dirk Exp $
d50 1
a50 1
while getopts ams c
a53 1
		m) ignore="$ignore|^mfs:";;
@


1.50
log
@Log denied IXFR, too.

MFC canidate.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.49 2001/04/13 15:13:15 nate Exp $
a197 7
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

# Show denied secondary bind transfer attempts
#
separator
echo "$host checking for denied secondary zone transfers:"
n=$(catmsgs | grep -i -E "denied (AXFR|IXFR) from" | tee /dev/stderr | wc -l)
@


1.49
log
@- Newer versions of bind log denied secondary zone tranfers with
  'denied AXFR', not 'unapproved AXFR'.

This is an MFC candidate.

PR:		misc/26529
Submitted by:	duwde@@duwde.com.br
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.48 2001/03/17 21:22:29 brian Exp $
d204 1
a204 1
n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l)
@


1.48
log
@Ignore comments in /etc/passwd

PR:		25845
Submitted by:	Udo Schweigert <ust@@cert.siemens.de>
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.47 2001/02/08 20:31:21 brian Exp $
d204 1
a204 1
n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc -l)
@


1.47
log
@Show denied secondary bind transfer attempts

Submitted by:		inTEXT Communications <glenn@@intextonline.com>
Ok'd by:		imp, kris
Not objected to by:	freebsd-audit
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.46 2001/02/03 01:28:46 brian Exp $
d120 1
a120 1
n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
@


1.46
log
@Pick up all messages* files less than two days old rather than
just messages{,.0*} when looking for login failures and refused
connections.

PR: 23415
Mostly submitted by: phk

Convert a few "  "s to tabs while I'm here - for consistency.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.45 2000/12/17 08:15:57 dougb Exp $
d198 7
@


1.45
log
@Apply a more consistent style to the echo statements in /etc/ scripts.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard

No functionality changes
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.44 2000/10/08 19:20:36 obrien Exp $
d43 4
a46 3
  [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
  [ -f $LOG/messages.0 ] && cat $LOG/messages.0
  [ -f $LOG/messages ] && cat $LOG/messages
d52 5
a56 5
  case "$c" in
    a) ignore="$ignore|^amd:";;
    m) ignore="$ignore|^mfs:";;
    s) sflag=TRUE;;
  esac
@


1.44
log
@Add copyright notices.  Other systems have been barrowing our /etc files
w/o giving any credit.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.43 2000/09/18 18:35:07 brian Exp $
d65 1
a65 1
echo "checking setuid files and devices:"
d84 1
a84 1
	echo "no ${LOG}/setuid.today"
d104 1
a104 1
		echo "no $LOG/mount.today"
d118 1
a118 1
echo "checking for uids of 0:"
d126 1
a126 1
echo "checking for passwordless accounts:"
d137 1
a137 1
		echo "no ${LOG}/ipfw.today"
d160 1
a160 1
		echo "ipfw log limit reached:"
d171 1
a171 1
		echo "no ${LOG}/dmesg.today"
@


1.43
log
@Sort the output of mount
Requested by: des

Remove a redundant sed
@
text
@d3 24
d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.42 2000/09/14 17:19:08 brian Exp $
d30 1
@


1.42
log
@Another overhaul of the periodic stuff.

All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8).  Output may be masked based on variable values in
periodic.conf.

It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.

The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).

PR:	21250
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.41 2000/08/07 09:08:35 brian Exp $
d46 1
a46 1
MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'`
@


1.41
log
@Use ``diff -w'' for setuid.{to,yester}day comparisons
rather than ``diff -b''.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.40 2000/07/11 14:24:53 dwmalone Exp $
d8 3
d17 6
a37 3
LOG=/var/log
TMP=/var/run/_secure.$$

d57 1
d60 1
a60 1
	cp ${TMP} ${LOG}/setuid.today
d64 1
d68 2
a69 2
	mv ${LOG}/setuid.today ${LOG}/setuid.yesterday
	mv ${TMP} ${LOG}/setuid.today
d77 1
d80 1
a80 1
		cp $TMP $LOG/mount.today
d83 1
d87 2
a88 2
		mv $LOG/mount.today $LOG/mount.yesterday
		mv $TMP $LOG/mount.today
d94 5
a98 1
awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
d102 3
a104 1
awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
d110 1
d113 1
a113 1
		cp ${TMP} ${LOG}/ipfw.today
d117 1
d121 2
a122 2
		mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday
		mv ${TMP} ${LOG}/ipfw.today
d133 1
d144 1
d147 1
a147 1
		cp ${TMP} ${LOG}/dmesg.today
d151 1
d155 2
a156 2
		mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday
		mv ${TMP} ${LOG}/dmesg.today
d164 2
a165 1
zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure"
d171 2
a172 1
zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect"
d175 2
@


1.40
log
@Get the security script to list the indoe numbers of the suid files.
I've seen some script kiddie tools out there that fake the timestamps
but don't preserve the inode number.

Note - this will cause a lot of output the first time it is run!

PR:		18947
Reviewed by:	Sheldon Hearn <sheldonh@@uunet.co.za>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.39 2000/06/23 01:16:49 brian Exp $
d59 1
a59 1
	diff -b ${LOG}/setuid.today ${TMP}
@


1.39
log
@Add -s -a and -m flags for supressing the subject line, ignoring amd
mounts and ignoring mfs mounts.
Default functionality stays the same.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.38 2000/04/06 10:46:50 sheldonh Exp $
d48 1
a48 1
done | xargs -0 -n 20 ls -lTd | sort +9 > ${TMP}
@


1.38
log
@Add a step for showing changes in the way filesystems are mounted
today from the way they were mounted yesterday.

PR:		17155
Submitted by:	"Crist J. Clark" <cjc@@cc942873-a.ewndsr1.nj.home.com>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.37 2000/04/05 13:42:48 sheldonh Exp $
d14 10
d27 1
a27 1
echo "Subject: ${host} security check output"
d56 1
a56 1
if cmp ${LOG}/setuid.today ${TMP} >/dev/null; then :; else
d66 2
a67 1
if mount -p > $TMP; then
d73 1
a73 1
	if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else
d99 1
a99 1
	if cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then :; else
d130 1
a130 1
	if cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then :; else
@


1.37
log
@Do not report blocked out NIS password entries as passwordless.

Submitted by:	"Sean O'Connell" <sean@@stat.Duke.EDU>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36 1999/12/20 17:33:56 phantom Exp $
d52 17
@


1.36
log
@Test rotated logs for dangerous messages as well as current

PR:		misc/12228
Submitted by:	Philippe SCHACK <phschak@@inba.fr>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.35 1999/10/06 10:29:33 sheldonh Exp $
d60 1
a60 1
awk -F: 'NF > 1 && $1 !~ /^[#+]/ && $2=="" {print $0}' /etc/master.passwd
@


1.36.2.1
log
@MFC rev 1.37: Ignore passwordless, blocked out NIS password entries.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36 1999/12/20 17:33:56 phantom Exp $
d60 1
a60 1
awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
@


1.36.2.2
log
@MFC:	- show mounted filesystem differences
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.1 2000/04/05 13:44:35 sheldonh Exp $
a51 17
fi

# Show changes in the way filesystems are mounted
#
if mount -p > $TMP; then
	if [ ! -f $LOG/mount.today ]; then
		separator
		echo "no $LOG/mount.today"
		cp $TMP $LOG/mount.today
	fi
	if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else
		separator
		echo "$host changes in mounted filesystems:"
		diff -b $LOG/mount.today $TMP
		mv $LOG/mount.today $LOG/mount.yesterday
		mv $TMP $LOG/mount.today
	fi
@


1.36.2.3
log
@MFC: 1.40 List inode numbers of suid files. WARNING: Will produce a lot
	output the first time this run as it replaces the list without inode
	numbers.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.2 2000/05/28 14:26:21 asmodai Exp $
d38 1
a38 1
done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}
@


1.36.2.4
log
@MFC: diff -w setuid files rather than diff -b
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.3 2000/07/14 19:36:00 dwmalone Exp $
d49 1
a49 1
	diff -w ${LOG}/setuid.today ${TMP}
@


1.36.2.5
log
@MFC: Introduce periodic.conf

PR:		20381
Submitted by:	Vlad Skvortsov <vss@@ulstu.ru>

Although any commit mistakes are probably mine....
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.4 2000/08/07 20:02:01 brian Exp $
a13 10
sflag=FALSE ignore=
while getopts ams c
do
  case "$c" in
    a) ignore="$ignore|^amd:";;
    m) ignore="$ignore|^mfs:";;
    s) sflag=TRUE;;
  esac
done

d17 1
a17 1
[ $sflag = FALSE ] && echo "Subject: ${host} security check output"
d46 1
a46 1
if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
d56 1
a56 2
[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
if mount -p | $cmd > $TMP; then
d62 1
a62 1
	if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
d88 1
a88 1
	if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
d119 1
a119 1
	if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
@


1.36.2.6
log
@MFC: return the correct values for the latest version of periodic(8)
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.5 2000/08/08 18:05:26 brian Exp $
a7 3
rc=0
LOG=/var/log
TMP=/var/run/_secure.$$
a13 6
catmsgs() {
  [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
  [ -f $LOG/messages.0 ] && cat $LOG/messages.0
  [ -f $LOG/messages ] && cat $LOG/messages
}

d29 3
d40 1
a40 1
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
a50 1
	[ $rc -lt 1 ] && rc=1
d53 1
a53 1
	cp ${TMP} ${LOG}/setuid.today || rc=3
a56 1
	[ $rc -lt 1 ] && rc=1
d60 2
a61 2
	mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
	mv ${TMP} ${LOG}/setuid.today || rc=3
a68 1
		[ $rc -lt 1 ] && rc=1
d71 1
a71 1
		cp $TMP $LOG/mount.today || rc=3
a73 1
		[ $rc -lt 1 ] && rc=1
d77 2
a78 2
		mv $LOG/mount.today $LOG/mount.yesterday || rc=3
		mv $TMP $LOG/mount.today || rc=3
d84 1
a84 5
n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
    tee /dev/stderr |
    sed -e '/^root 0$/d' -e '/^toor 0$/d' |
    wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
d88 1
a88 3
n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
    tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
a93 1
		[ $rc -lt 1 ] && rc=1
d96 1
a96 1
		cp ${TMP} ${LOG}/ipfw.today || rc=3
a99 1
		[ $rc -lt 1 ] && rc=1
d103 2
a104 2
		mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
		mv ${TMP} ${LOG}/ipfw.today || rc=3
a114 1
		[ $rc -lt 1 ] && rc=1
a124 1
		[ $rc -lt 1 ] && rc=1
d127 1
a127 1
		cp ${TMP} ${LOG}/dmesg.today || rc=3
a130 1
		[ $rc -lt 1 ] && rc=1
d134 2
a135 2
		mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
		mv ${TMP} ${LOG}/dmesg.today || rc=3
d143 1
a143 2
n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
d149 1
a149 2
n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
a151 2

exit $rc
@


1.36.2.7
log
@MFC: Add copyright.
@
text
@a2 24
# Copyright (c) 2000  The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.36.2.6 2000/09/20 20:16:19 brian Exp $
a5 1

@


1.36.2.8
log
@MFC, Apply a more consistent style to the echo statements in /etc/ scripts.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.7 2000/10/30 10:40:11 obrien Exp $
d65 1
a65 1
echo 'Checking setuid files and devices:'
d84 1
a84 1
	echo "No ${LOG}/setuid.today"
d104 1
a104 1
		echo "No $LOG/mount.today"
d118 1
a118 1
echo 'Checking for uids of 0:'
d126 1
a126 1
echo 'Checking for passwordless accounts:'
d137 1
a137 1
		echo "No ${LOG}/ipfw.today"
d160 1
a160 1
		echo 'ipfw log limit reached:'
d171 1
a171 1
		echo "No ${LOG}/dmesg.today"
@


1.36.2.9
log
@MFC: Make catmsgs() work as expected.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.8 2001/01/14 09:47:48 dougb Exp $
d43 3
a45 4
	find $LOG -name 'messages.*' -mtime -2 |
	    sort -t. -r -n +1 -2 |
	    xargs zcat -f
	[ -f $LOG/messages ] && cat $LOG/messages
@


1.36.2.10
log
@MFC: Some minor whitespace changes
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.9 2001/02/21 22:48:23 brian Exp $
d52 5
a56 5
	case "$c" in
		a) ignore="$ignore|^amd:";;
		m) ignore="$ignore|^mfs:";;
		s) sflag=TRUE;;
	esac
@


1.36.2.11
log
@MFC: 1.47: Show denied secondary bind transfer attempts
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.10 2001/02/21 22:50:42 brian Exp $
a197 7
[ $n -gt 0 -a $rc -lt 1 ] && rc=1

# Show denied secondary bind transfer attempts
#
separator
echo "$host checking for denied secondary zone transfers:"
n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc -l)
@


1.36.2.12
log
@MFC: Correct identify denied secondary zone transfer messages.

PR:             misc/26529
Approved by:	jkh
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.11 2001/03/06 02:23:24 obrien Exp $
d204 1
a204 1
n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l)
@


1.36.2.13
log
@MFC: Log denied IXFR.

Approved by:	jkh
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.12 2001/04/13 16:49:34 nate Exp $
d204 1
a204 1
n=$(catmsgs | grep -i -E "denied (AXFR|IXFR) from" | tee /dev/stderr | wc -l)
@


1.36.2.14
log
@MFC: Ignore comments in /etc/master.passwd
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.13 2001/04/14 13:45:08 dirk Exp $
d120 1
a120 1
n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
@


1.36.2.15
log
@MFC: Checking of denied zone transfers moved to
     periodic/daily/470.status-named.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.14 2001/04/21 12:54:45 brian Exp $
d198 7
@


1.36.2.16
log
@MFC: 1.54
Treat 'messages' log files as a text file even if they contain
non-printable characters.

Approved by:	ru
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.15 2001/05/06 14:03:27 dirk Exp $
d190 1
a190 1
n=$(catmsgs | grep -ia "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
@


1.36.2.17
log
@MFC 1.55: Show IPv6 denied packets.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.16 2001/06/30 03:34:42 cjc Exp $
a161 34
		cat ${TMP}
	fi
fi

# Show IPv6 denied packets
#
if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
	if [ ! -f ${LOG}/ip6fw.today ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "No ${LOG}/ip6fw.today"
		cp ${TMP} ${LOG}/ip6fw.today || rc=3
	fi

	if ! cmp ${LOG}/ip6fw.today ${TMP} >/dev/null; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo "${host} IPv6 denied packets:"
		diff -b ${LOG}/ip6fw.today ${TMP} | egrep "^>"
		mv ${LOG}/ip6fw.today ${LOG}/ip6fw.yesterday || rc=3
		mv ${TMP} ${LOG}/ip6fw.today || rc=3
	fi
fi

# Show ip6fw rules which have reached the log limit
#
IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
if [ $? -eq 0 -a "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
	ip6fw -a l | grep " log " | perl -n -e \
		'/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP}
	if [ -s "${TMP}" ]; then
		[ $rc -lt 1 ] && rc=1
		separator
		echo 'ip6fw log limit reached:'
@


1.36.2.18
log
@MFC: rev 1.53 (pass -a to dmesg)
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.17 2001/07/19 12:20:44 ume Exp $
d202 1
a202 1
if dmesg -a 2>/dev/null > ${TMP}; then
@


1.36.2.19
log
@MFC: Make sure that security check outputs are mailed with a To:
line just as daily run outputs are.
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.18 2001/08/01 20:18:55 obrien Exp $
d62 1
@


1.36.2.20
log
@MFC: (from etc/periodic/security)

Work around the bugfeature of test(1).
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.19 2001/12/04 00:40:07 silby Exp $
d154 1
a154 1
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
d188 1
a188 1
if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
@


1.36.2.21
log
@MFC: Long ago, there was just /etc/daily. Then /etc/security was split
out of /etc/daily. Some time later, /etc/daily became a set of
periodic(8) scripts. Now, this evolution continues, and /etc/security
has been broken into periodic(8) scripts to make local customization
easier and more maintainable.

  src/etc/Makefile                                  1.264
  src/etc/defaults/periodic.conf                    1.18
  src/etc/mtree/BSD.root.dist                       1.57
  src/etc/periodic/Makefile                         1.3
  src/etc/periodic/daily/450.status-security        1.9
  src/etc/periodic/security/100.chksetuid           1.1
  src/etc/periodic/security/200.chkmounts           1.2
  src/etc/periodic/security/300.chkuid0             1.1
  src/etc/periodic/security/400.passwdless          1.1
  src/etc/periodic/security/500.ipfwdenied          1.1
  src/etc/periodic/security/550.ipfwlimit           1.2
  src/etc/periodic/security/600.ip6fwdenied         1.1
  src/etc/periodic/security/650.ip6fwlimit          1.2
  src/etc/periodic/security/700.kernelmsg           1.1
  src/etc/periodic/security/800.loginfail           1.1
  src/etc/periodic/security/900.tcpwrap             1.1
  src/etc/periodic/security/Makefile                1.1
  src/etc/security                                  1.60
  src/share/man/man5/periodic.conf.5                1.38
  src/usr.sbin/periodic/periodic.8                  1.26
@
text
@d28 1
a28 1
# $FreeBSD: src/etc/security,v 1.36.2.20 2001/12/14 09:00:37 ru Exp $
@


1.35
log
@Do not misinterpret blank and comment lines as passwordless accounts.

PR:	13909
Submitted by:	Peter Jeremy <peter.jeremy@@alcatel.com.au>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.34 1999/10/04 14:54:34 sheldonh Exp $
d14 2
d115 1
a115 1
grep -i "login failure" ${LOG}/messages
d121 1
a121 1
grep -i "refused connect" ${LOG}/messages
@


1.34
log
@The previous commit missed two unquoted variable expansions.  This had
the unfortunate side-effect of breaking the security script for hosts
without kernel support for IPFW. Fix.

Reported by:	jhay
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.33 1999/09/13 15:44:18 sheldonh Exp $
d58 1
a58 1
awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd
@


1.33
log
@Apply a consistent style to most of the etc scripts.  Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.

Changes discussed on freebsd-hackers.

Submitted by:	Doug Barton <Doug@@gorean.org>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.32 1999/08/27 23:23:45 peter Exp $
d81 1
a81 1
if [ $? -eq 0 -a ${IPFW_LOG_LIMIT} -ne 0 ]; then
d84 1
a84 1
	if [ -s ${TMP} ]; then
@


1.32
log
@$Id$ -> $FreeBSD$
@
text
@d4 1
a4 1
# $FreeBSD$
d10 2
a11 2
	echo ""
	echo ""
d24 2
a25 2
# don't have ncheck, but this does the equivalent of the commented out block.
# note that one of the original problem, the possibility of overrunning
d30 1
a30 1
while test $# -ge 1; do
d35 1
a35 1
		\( -perm -u+s -or -perm -g+s \)  -print0
d38 1
a38 1
if [ ! -f ${LOG}/setuid.today ] ; then
d43 1
d60 2
a61 1
# show denied packets
d63 1
a63 1
	if [ ! -f ${LOG}/ipfw.today ] ; then
d68 1
d71 4
a74 4
	        echo "${host} denied packets:"
	        diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
	        mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday
	        mv ${TMP} ${LOG}/ipfw.today
d78 2
a79 1
# show ipfw rules which have reached the log limit
d81 1
a81 1
if [ $? -eq 0 ] && [ ${IPFW_LOG_LIMIT} -ne 0 ]; then
d91 2
a92 1
# show kernel log messages
d94 1
a94 1
	if [ ! -f ${LOG}/dmesg.today ] ; then
d99 1
d102 4
a105 4
	        echo "${host} kernel log messages:"
	        diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
	        mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday
	        mv ${TMP} ${LOG}/dmesg.today
d109 2
a110 1
# show login failures
d115 2
a116 1
# show tcp_wrapper warning messages
@


1.31
log
@Style clean-up:

	* All variables are now embraced: ${foo}

	* All comparisons against some value now take the form:
	  [ "${foo}" ? "value" ]
	  where ? is a comparison operator

	* All empty string tests now take the form:
	  [ -z "${foo}" ]

	* All non-empty string tests now take the form:
	  [ -n "${foo}" ]

Submitted by:	jkh
@
text
@d4 1
a4 1
#	$Id: security,v 1.30 1999/06/23 14:23:54 sheldonh Exp $
@


1.30
log
@Ignore NIS accounts when checking for passwordless accounts.

PR:     9639
Reported by:    Bob Willcox <bob@@pmr.com>
Submitted by:   des
@
text
@d4 1
a4 1
#	$Id: security,v 1.29 1999/01/10 11:18:59 danny Exp $
d15 1
a15 1
echo "Subject: $host security check output"
d29 1
a29 1
set $MP
d36 1
a36 1
done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
d38 1
a38 1
if [ ! -f $LOG/setuid.today ] ; then
d40 2
a41 2
	echo "no $LOG/setuid.today"
	cp $TMP $LOG/setuid.today
d43 1
a43 1
if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
d45 4
a48 4
	echo "$host setuid diffs:"
	diff -b $LOG/setuid.today $TMP
	mv $LOG/setuid.today $LOG/setuid.yesterday
	mv $TMP $LOG/setuid.today
d60 2
a61 2
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then
	if [ ! -f $LOG/ipfw.today ] ; then
d63 2
a64 2
		echo "no $LOG/ipfw.today"
		cp $TMP $LOG/ipfw.today
d66 1
a66 1
	if cmp $LOG/ipfw.today $TMP >/dev/null; then :; else
d68 4
a71 4
	        echo "$host denied packets:"
	        diff -b $LOG/ipfw.today $TMP | egrep "^>"
	        mv $LOG/ipfw.today $LOG/ipfw.yesterday
	        mv $TMP $LOG/ipfw.today
d77 1
a77 1
if [ $? -eq 0 ] && [ $IPFW_LOG_LIMIT -ne 0 ]; then
d79 2
a80 2
		'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > $TMP
	if [ -s $TMP ]; then
d83 1
a83 1
		cat $TMP
d88 2
a89 2
if dmesg 2>/dev/null > $TMP; then
	if [ ! -f $LOG/dmesg.today ] ; then
d91 2
a92 2
		echo "no $LOG/dmesg.today"
		cp $TMP $LOG/dmesg.today
d94 1
a94 1
	if cmp $LOG/dmesg.today $TMP >/dev/null 2>&1; then :; else
d96 4
a99 4
	        echo "$host kernel log messages:"
	        diff -b $LOG/dmesg.today $TMP | egrep "^>"
	        mv $LOG/dmesg.today $LOG/dmesg.yesterday
	        mv $TMP $LOG/dmesg.today
d105 2
a106 2
echo "$host login failures:"
grep -i "login failure" $LOG/messages
d110 2
a111 2
echo "$host refused connections:"
grep -i "refused connect" $LOG/messages
d113 1
a113 1
rm -f $TMP
@


1.29
log
@Fix typo: "login failures" -> "login failure"
PR:	9424
Submitted by:	Lars K*ller <root@@cc.fh-lippe.de>
@
text
@d4 1
a4 1
#	$Id: security,v 1.28 1999/01/01 17:37:33 billf Exp $
d57 1
a57 1
awk -F: '$2=="" {print $0}' /etc/master.passwd
@


1.29.2.1
log
@MFC: Ignore NIS accounts when checking for passwordless accounts.
@
text
@d4 1
a4 1
#	$Id: security,v 1.29 1999/01/10 11:18:59 danny Exp $
d57 1
a57 1
awk -F: '$1 !~ /^\+/ && $2=="" {print $0}' /etc/master.passwd
@


1.29.2.2
log
@$Id$ -> $FreeBSD$
@
text
@d4 1
a4 1
# $FreeBSD$
@


1.29.2.3
log
@MFC rev 1.35: don't report blank / comment lines as passwordless accts.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.29.2.2 1999/08/29 14:19:01 peter Exp $
d57 1
a57 1
awk -F: 'NF > 1 && $1 !~ /^[#+]/ && $2=="" {print $0}' /etc/master.passwd
@


1.29.2.4
log
@MFC: Do not break if IPFW is not compiled into the kernel.  This fix
     is a partial merge of rev 1.34.

PR:		13909
Submitted by:	Peter Jeremy <peter.jeremy@@alcatel.com.au>
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.29.2.3 1999/12/21 09:28:29 sheldonh Exp $
d77 1
a77 1
if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
@


1.29.2.5
log
@MFC rev 1.37: Ignore passwordless, blocked out NIS entries.
@
text
@d4 1
a4 1
# $FreeBSD: src/etc/security,v 1.29.2.4 1999/12/21 09:46:02 sheldonh Exp $
d57 1
a57 1
awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
@


1.28
log
@Make periodic(8) and the security mailings reflect the full FQDN, as opposed
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.

PR:		bin/9091
Submitted By:	Heikki Suonsivu <hsu@@clinet.fi>
No Response From: -current mailing list
@
text
@d4 1
a4 1
#	$Id: security,v 1.27 1998/08/16 10:38:02 des Exp $
d106 1
a106 1
grep -i "login failures" $LOG/messages
@


1.27
log
@Fix typo in previous commit.

PR:		7621
Submitted by:	Mark Huizer
@
text
@d4 1
a4 1
#	$Id: security,v 1.26 1998/08/11 08:48:54 des Exp $
d14 1
a14 1
host=`hostname -s`
@


1.26
log
@Make /etc/security bitch about passwordless accounts.
Use awk -F: rather than 'BEGIN {FS=":"}'
@
text
@d4 1
a4 1
#	$Id: security,v 1.25 1998/07/08 22:42:08 alex Exp $
d56 1
a56 1
echo "checking for paswordless accounts:"
@


1.25
log
@Detect user id 0 as a number instead of a string.  String comparisons
fail to detect 00.

PR:		7218
Submitted by:	Michal Listos <mcl@@Amnesiac.123.org>
		Niall Smart <rotel@@indigo.ie>
@
text
@d4 1
a4 1
#	$Id: security,v 1.24 1998/06/27 11:13:59 andreas Exp $
d53 5
a57 1
awk 'BEGIN {FS=":"} $3==0 {print $1,$3}' /etc/master.passwd
@


1.24
log
@additionally warnings
- login failures
- tcp_wrapper messages about refused connections
@
text
@d4 1
a4 1
#	$Id: security,v 1.23 1998/02/04 01:53:19 alex Exp $
d53 1
a53 1
awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
@


1.23
log
@Display ipfw rules which have reached the log limit.
@
text
@d4 1
a4 1
#	$Id: security,v 1.22 1997/09/26 01:38:30 alex Exp $
d98 10
@


1.22
log
@Changed ipfw grep string: reject rules are now listed as deny, reset,
or unreach.
@
text
@d4 1
a4 1
#	$Id: security,v 1.21 1997/08/01 01:25:21 brian Exp $
d68 12
@


1.21
log
@Remove the annoying "cmp: EOF" message when
dmesg changes.
@
text
@d4 1
a4 1
#	$Id: security,v 1.20 1997/03/03 07:03:50 mpp Exp $
d56 1
a56 1
if ipfw -a l 2>/dev/null | egrep "deny|reject" > $TMP; then
@


1.20
log
@Remove the -g option from the "find ... | xargs -ls ..." line.
The -g option to ls has been depreciated.
@
text
@d4 1
a4 1
#	$Id: security,v 1.19 1997/02/23 21:34:34 mpp Exp $
d78 1
a78 1
	if cmp $LOG/dmesg.today $TMP >/dev/null; then :; else
@


1.19
log
@When looking for setuid files, call find with -print0 and xargs with -0.
This allows find to pass files with "illegal" characters to xargs in a
safe manner.

Note: due to the manner in which the file names are now passed between
find and xargs, the files are now sorted differently than before.
The first /etc/security run after installing this change may result
in a lot of output when nothing did in fact change.

Closes PR# 1910.

2.2 candidate.
@
text
@d4 1
a4 1
#	$Id: security,v 1.18 1997/02/23 09:20:52 peter Exp $
d36 1
a36 1
done | xargs -0 -n 20 ls -lgTd | sort +9 > $TMP
@


1.18
log
@Revert $FreeBSD$ to $Id$
@
text
@d4 1
a4 1
#	$Id$
d33 1
a33 1
	find -X $mount -xdev -type f \
d35 2
a36 2
		\( -perm -u+s -or -perm -g+s \) | sort
done | xargs -n 20 ls -lgTd > $TMP
@


1.17
log
@Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
@
text
@d4 1
a4 1
#	$FreeBSD$
@


1.16
log
@Whoops, update the comment field while we're at it.  (I *hate* the link
to freefall!)
@
text
@d4 1
a4 1
#	$Id: security,v 1.15 1996/10/12 04:51:09 nate Exp $
@


1.16.2.1
log
@YAMFC (rev 1.19: use find -print0 and xargs -0)
@
text
@d4 1
a4 1
#	$Id: security,v 1.16 1996/10/12 04:56:28 nate Exp $
d33 1
a33 1
	find $mount -xdev -type f \
d35 2
a36 2
		\( -perm -u+s -or -perm -g+s \)  -print0
done | xargs -0 -n 20 ls -lgTd | sort +9 > $TMP
@


1.16.2.2
log
@YAMFC: remove the -g option from the "find ... | xargs ls ..." line.
@
text
@d4 1
a4 1
#	$Id: security,v 1.20 1997/03/03 07:03:50 mpp Exp $
d36 1
a36 1
done | xargs -0 -n 20 ls -lTd | sort +9 > $TMP
@


1.16.2.3
log
@YAMFC: Remove the annoying "cmp: EOF" message when
       dmesg changes.
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.2 1997/03/03 07:05:47 mpp Exp $
d78 1
a78 1
	if cmp $LOG/dmesg.today $TMP >/dev/null 2>&1; then :; else
@


1.16.2.4
log
@Merge from current: ipfw grep string is now "deny|reset|unreach".
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.3 1997/08/01 01:28:01 brian Exp $
d56 1
a56 1
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then
@


1.16.2.5
log
@merged from current,
new security warnings (login failures and tcp_wrappers messages)
PR:	closes misc/7050
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.4 1997/09/26 01:41:30 alex Exp $
a85 10

# show login failures
separator
echo "$host login failures:"
grep -i "login failures" $LOG/messages

# show tcp_wrapper warning messages
separator
echo "$host refused connections:"
grep -i "refused connect" $LOG/messages
@


1.16.2.6
log
@MFC (rev 1.25): detect uid 0 correctly.
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.5 1998/06/27 11:20:34 andreas Exp $
d53 1
a53 1
awk 'BEGIN {FS=":"} $3==0 {print $1,$3}' /etc/master.passwd
@


1.16.2.7
log
@MFC: Use FQDN instead of hostname in reports (bin/9091)
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.6 1998/07/08 22:44:08 alex Exp $
d14 1
a14 1
host=`hostname`
@


1.16.2.8
log
@"login failures" -> "login failure"
PR:		9424
Submitted by:	Lars K*ller
@
text
@d4 1
a4 1
#	$Id: security,v 1.16.2.7 1999/01/01 17:44:15 billf Exp $
d90 1
a90 1
grep -i "login failure" $LOG/messages
@


1.16.2.9
log
@$Id$ -> $FreeBSD$
@
text
@d4 1
a4 1
# $FreeBSD$
@


1.15
log
@In the same manner that we log the ipfw entries, log the kernel log
messages using the output of dmesg.
@
text
@d4 1
a4 1
#	$Id: security,v 1.14 1996/07/31 06:47:05 pst Exp $
d71 1
a71 1
# show denied packets
@


1.14
log
@Move intermediary file generation to /var partition
@
text
@d4 1
a4 1
#	$Id: security,v 1.13 1996/06/30 19:35:20 alex Exp $
d68 16
@


1.13
log
@If ipfw is enabled, display packet/byte counters for reject/deny rules
that have changed since the last security check.

Make the spacing between sections more consistent.
@
text
@d4 1
a4 1
#	$Id: security,v 1.12 1996/06/30 13:16:21 peter Exp $
d18 1
a18 1
TMP=/tmp/_secure.$$
@


1.12
log
@If a local ufs filesystem is mounted "nosuid", dont scan it as part of
the /etc/security setuid checks.  This is useful for things like large
news spool partitions that dont have executables.

Reviewed by: pst
@
text
@d4 1
a4 1
#	$Id: security,v 1.11 1996/04/19 22:28:01 ache Exp $
d9 5
d39 1
d44 1
a49 1
rm -f $TMP
d51 1
a51 2
echo ""
echo ""
d54 18
@


1.11
log
@Exclude devices. Character ones modes changes often and proper names
guessing involves too much AI.
@
text
@d4 1
a4 1
#	$Id: security,v 1.10 1996/04/18 10:34:07 ache Exp $
d23 1
a23 1
MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $3 }'`
@


1.10
log
@Use -X to be xargs-friendly
Check devices too, follow original BSD intention
Find only executable files with s-bits, close PR bin/1022
Reset locale to C to have equal results in any case
@
text
@d4 1
a4 1
#	$Id: security,v 1.9 1995/09/15 00:22:31 ache Exp $
d30 2
a31 7
		\( -perm -u+s -or -perm -g+s \) -or \
		\( -type c -or -type b \) \
	| sort
# exclude date/time info for devices
done |  xargs -n 20 ls -lgTd | expand | \
	sed 's/\(^[cb].*, *[0-9x]*\).*\( \/.*\)$/\1\2/' \
> $TMP
d38 1
a38 1
	echo "$host setuid/device diffs:"
@


1.9
log
@If no $LOG/setuid.today exists (f.e. first time to run), put
warning and make it, all following commands fails in old case
@
text
@d4 1
a4 1
#	$Id: security,v 1.8 1995/05/27 01:37:44 ache Exp $
d7 1
d28 9
a36 2
	find $mount -xdev \( -perm -u+s -or -perm -g+s \) | sort
done | xargs -n 20 ls -lgTd > $TMP
@


1.8
log
@Use -b for diff, ls produce different number of spaces
@
text
@d4 1
a4 1
#	$Id: security,v 1.7 1995/01/14 13:23:50 ats Exp $
d30 4
@


1.8.4.1
log
@Merge from HEAD, except:

	Clients that used gnumalloc still do, despite the merge.  We're not
	bringing phkmalloc over.

	Thread stuff left out.

	PCCARD support left out.
@
text
@d4 1
a4 1
#	$Id: security,v 1.8 1995/05/27 01:37:44 ache Exp $
a6 1
LC_ALL=C; export LC_ALL
d27 1
a27 3
	find -X $mount -xdev -type f \
		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
		\( -perm -u+s -or -perm -g+s \) | sort
a29 4
if [ ! -f $LOG/setuid.today ] ; then
	echo "no $LOG/setuid.today"
	cp $TMP $LOG/setuid.today
fi
d31 1
a31 1
	echo "$host setuid diffs:"
@


1.8.4.2
log
@This 3rd mega-commit should hopefully bring us back to where we were.
I can get it to `make world' succesfully, anyway!
@
text
@d7 1
d28 3
a30 1
	find $mount -xdev \( -perm -u+s -or -perm -g+s \) | sort
d33 4
d38 1
a38 1
	echo "$host setuid/device diffs:"
@


1.8.4.3
log
@Merge very small, selected parts of this directory from HEAD.  Mostly
motivated by a desire to see the local_startup stuff work correctly
for the packages collection in 2.1.5.
@
text
@d4 1
a4 1
#	$Id: security,v 1.8.4.2 1996/06/05 02:36:37 jkh Exp $
a6 1
LC_ALL=C; export LC_ALL
d27 1
a27 3
	find -X $mount -xdev -type f \
		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
		\( -perm -u+s -or -perm -g+s \) | sort
a29 4
if [ ! -f $LOG/setuid.today ] ; then
	echo "no $LOG/setuid.today"
	cp $TMP $LOG/setuid.today
fi
d31 1
a31 1
	echo "$host setuid diffs:"
@


1.8.4.4
log
@Move intermediary file generation to /var partition (from 1.14 already
in main branch)
@
text
@d4 1
a4 1
#	$Id: security,v 1.8.4.3 1996/06/17 09:17:12 jkh Exp $
d13 1
a13 1
TMP=/var/run/_secure.$$
@


1.8.4.5
log
@From HEAD:
Use "find -print0 | xargs -0" instead of "find -X | xargs"
@
text
@d4 1
a4 1
#	$Id: security,v 1.8.4.4 1997/01/19 19:42:26 guido Exp $
d28 1
a28 1
	find $mount -xdev -type f \
d30 2
a31 2
		\( -perm -u+s -or -perm -g+s \) -print0
done | xargs -0 -n 20 ls -lgTd > $TMP
@


1.8.4.6
log
@$Id$ -> $FreeBSD$
@
text
@d4 1
a4 1
# $FreeBSD$
@


1.7
log
@Fix a bug, that someone has introduced into /etc/security. It has no longer
found SUID files, only SGID files. The find has missed some parantheses.
@
text
@d4 1
a4 1
#	$Id: security,v 1.6 1994/01/22 10:54:13 rgrimes Exp $
d32 1
a32 1
	diff $LOG/setuid.today $TMP
@


1.6
log
@From: rich@@lamprey.UTMB.EDU (Rich Murphey)
Subject: Re: daily insecurity output (fwd)
|From: rgrimes@@agora.rain.com (Rodney Grimes)
|
|This is from the new /etc/security script.  I no longer get the segmentation
|violation, but now the arg list is too long, some /bin/sh program want to
|fix the current /etc/security ls command so that it is a pipe insteal of
|a back quoted arg?
|
|> checking setuid files and devices:
|> /etc/security: ls: argument list too long

This uses xargs instead.  My slip line's down so I can't check it in
at the moment. Rich
@
text
@d4 1
a4 1
#	$Id: security,v 1.5 1993/12/15 06:42:01 rich Exp $
d27 1
a27 1
	find $mount -xdev -perm -u+s -or -perm -g+s | sort
@


1.5
log
@When listing all suid and sgid files list the file itself rather than
directorty contents.
@
text
@d4 1
a4 1
#	$Id: security,v 1.4 1993/10/25 20:13:16 rgrimes Exp $
d24 1
a24 1
ls -dlgT `while test $# -ge 1; do
d28 1
a28 12
done` > $TMP

#MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $1 " " $3 }'`
#set $MP
#ls -lgT `while test $# -ge 2; do
#	device=$1
#	shift
#	mount=$1
#	shift
#	ncheck -s $device | sed -e "/:$/d" -e "/\/dev\//d" \
#	    -e "s;[^/]*;$mount;" -e "s;//;/;g" | sort
#done` > $TMP
@


1.4
log
@Reworked the search for suid sgid programs to be more like the original and
only to run find on local file systems.  It now works and no longer gets
the error from sort
@
text
@d4 1
a4 1
#	$Id: security,v 1.3 1993/09/06 23:12:04 rgrimes Exp $
d24 1
a24 1
ls -lgT `while test $# -ge 1; do
@


1.3
log
@Fixed so that it scans for set uid/gid files.  From Rich Murphy and NetBSD,
plus some tid bits from me.
@
text
@d4 1
a4 1
#	$Id$
d22 7
a28 9
# add this after -a when find supports isofs, and you don't want to check
# your cd roms
#    \( ! \( -fstype isofs \) -o -prune \) \
# do skip checking cdroms

find / -fstype local -a \
    \( -perm -u+s -or -perm -g+s \) | \
	sed -e "/\/dev\//d" -e "s;//;/;g" | sort | xargs -n 20 ls -lgT > $TMP

@


1.2
log
@Fixed daily so that it no longer does accounting since FreeBSD does not
yet have the accounting stuff in it.  Disabled ncheck search in security
due to missing ncheck.
@
text
@d4 1
d14 2
a15 1
if false; then
d17 13
a29 10
MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $1 " " $3 }'`
set $MP
ls -lgT `while test $# -ge 2; do
	device=$1
	shift
	mount=$1
	shift
	ncheck -s $device | sed -e "/:$/d" -e "/\/dev\//d" \
	    -e "s;[^/]*;$mount;" -e "s;//;/;g" | sort
done` > $TMP
d31 12
a49 1
fi
@


1.1
log
@Initial revision
@
text
@d13 1
d33 1
@


1.1.1.1
log
@Initial import of 386BSD 0.1 othersrc/etc
@
text
@@
