110.neggrpperm (103903) | 110.neggrpperm (105936) |
---|---|
1#!/bin/sh - 2# 3# Copyright (c) 2001 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# | 1#!/bin/sh - 2# 3# Copyright (c) 2001 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 10 unchanged lines hidden (view full) --- 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# |
27# $FreeBSD: head/etc/periodic/security/100.chksetuid 103903 2002-09-24 18:53:46Z ache $ | 27# $FreeBSD: head/etc/periodic/security/100.chksetuid 105936 2002-10-25 15:14:16Z thomas $ |
28# 29 30# If there is a global system configuration file, suck it in. 31# 32if [ -r /etc/defaults/periodic.conf ] 33then 34 . /etc/defaults/periodic.conf 35 source_periodic_confs 36fi 37 | 28# 29 30# If there is a global system configuration file, suck it in. 31# 32if [ -r /etc/defaults/periodic.conf ] 33then 34 . /etc/defaults/periodic.conf 35 source_periodic_confs 36fi 37 |
38LOG="${daily_status_security_logdir}" | 38. /etc/periodic/security/security.functions 39 |
39rc=0 40 41case "$daily_status_security_chksetuid_enable" in 42 [Yy][Ee][Ss]) | 40rc=0 41 42case "$daily_status_security_chksetuid_enable" in 43 [Yy][Ee][Ss]) |
43 TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` | |
44 echo "" 45 echo 'Checking setuid files and devices:' 46 # XXX Note that there is the possibility of overrunning the args to ls 47 MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` 48 if [ -n "${MP}" ] 49 then 50 set ${MP} 51 while [ $# -ge 1 ]; do 52 mount=$1 53 shift 54 find $mount -xdev -type f \ 55 \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ 56 \( -perm -u+s -or -perm -g+s \) -print0 | 44 echo "" 45 echo 'Checking setuid files and devices:' 46 # XXX Note that there is the possibility of overrunning the args to ls 47 MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` 48 if [ -n "${MP}" ] 49 then 50 set ${MP} 51 while [ $# -ge 1 ]; do 52 mount=$1 53 shift 54 find $mount -xdev -type f \ 55 \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ 56 \( -perm -u+s -or -perm -g+s \) -print0 |
57 done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 > ${TMP} 58 fi 59 60 if [ ! -f ${LOG}/setuid.today ]; then 61 rc=1 62 echo "No ${LOG}/setuid.today" 63 cp ${TMP} ${LOG}/setuid.today || rc=3 64 fi 65 66 if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null 67 then 68 [ $rc -lt 1 ] && rc=1 69 echo "${host} setuid diffs:" 70 diff -b ${LOG}/setuid.today ${TMP} 71 mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 72 mv ${TMP} ${LOG}/setuid.today || rc=3 73 fi 74 rm -f ${TMP};; | 57 done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 | 58 check_diff setuid - "${host} setuid diffs:" 59 rc=$? 60 fi;; |
75 *) rc=0;; 76esac 77 78exit $rc | 61 *) rc=0;; 62esac 63 64exit $rc |