Date: Mon, 24 Feb 1997 11:45:54 +0300 From: Vadim Kolontsov <vadim@tversu.ac.ru> To: freebsd-security@FreeBSD.Org Subject: Re: improved setuid and device file checker for /etc/security Message-ID: <19970224114554.12677@mailserv.tversu.ac.ru> In-Reply-To: <199702230636.WAA22830@salsa.gv.tsc.tdk.com>; from Don Lewis on Feb 02, 1997 at 10:36:27PM -0800 References: <199702230636.WAA22830@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 02, 1997 at 10:36:27PM -0800, Don Lewis wrote: > At least in the case of /etc/security, I came up with a scheme that should > be a lot more automatic. > I also added device file checking (other than their timestamps which tend > do get updated). Here is my contribution to /etc/security... It works fine on my machine. I've added more convinient (I hope :) scheme to check (and backup) some important files. Also checking for users's .rhosts added ---------------------------- cut here ------------------------------------ BAK=/var/backups CHECKFILES="aliases master.passwd group aliases security hosts.equiv" echo "" echo "Backuping and checking some files:" for i in $CHECKFILES ; do if cmp -s $BAK/$i /etc/$i; then echo " * $i"; else echo " * /etc/$i diffs:" echo ---------------------------------------------------------- diff $BAK/$i /etc/$i echo ---------------------------------------------------------- mv $BAK/$i $BAK/$i.bak cp -p /etc/$i $BAK fi done echo "" echo "Looking for user's .rhosts" for pwdentry in `awk 'BEGIN { FS=":" } {printf $1"@"$6" "}' /etc/passwd`; do user=`echo $pwdentry | sed "s/@.*//g"` homedir=`echo $pwdentry | sed "s/.*@//g"` if [ -e $homedir/.rhosts ] ; then if cmp -s $BAK/rhosts/$user $homedir/.rhosts ; then echo " * $user"; else echo " * $user's .rhosts diffs:" echo ---------------------------------------------------------- diff $BAK/rhosts/$user $homedir/.rhosts echo ---------------------------------------------------------- mv $BAK/rhosts/$user $BAK/rhosts/$user.bak cp -p $homedir/.rhosts $BAK/rhosts/$user fi fi done ---------------------------- cut here ------------------------------------ -------------------------------------------------------------------------- Vadim Kolontsov SysAdm/Programmer Tver Regional Center of New Information Technologies Networks Lab
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970224114554.12677>