#
1.131 |
|
05-Jul-2023 |
martin |
Fix sysctl invocation testing for missing entropy.
|
#
1.130 |
|
30-Jun-2023 |
riastradh |
security(5): Check kern.entropy.needed for confident entropy.
Don't test whether a non-blocking read from /dev/random would return data.
For the sake of availability, /dev/random will unblock based on sources like timer interrupts, which we can't confidently assert anything about the actual unpredictability of.
Here, the goal is to highlight systems that have neither obtained entropy from an HWRNG with a confident entropy assessment, nor been seeded from a source the operator knows about.
XXX pullup-10
|
Revision tags: netbsd-10-base
|
#
1.129 |
|
04-Nov-2021 |
nia |
Recognize argon2 passwords as valid in daily security reports.
from RVP in misc/56486
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.128 |
|
10-Jan-2021 |
riastradh |
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other channels like security report to alert the operator if there's a problem.
- New man page entropy(7) discussing the higher-level concepts and system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for more details.
This change addresses many of the issues discussed in security/55659. This is a first draft; happy to take improvements to the man pages and scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a reference to the entropy(7) man page, but it's a little trickier: - Not sure it's appropriate for all users to see at login rather than users who have power to affect the entropy estimate (maybe it is, just haven't decided). - We only have a mechanism for changing once at boot; the message would remain until next boot even if an operator adds enough entropy. - The mechanism isn't really conducive to making a message appear conditionally from boot to boot.
|
#
1.127 |
|
02-Dec-2020 |
wiz |
Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.130 |
|
30-Jun-2023 |
riastradh |
security(5): Check kern.entropy.needed for confident entropy.
Don't test whether a non-blocking read from /dev/random would return data.
For the sake of availability, /dev/random will unblock based on sources like timer interrupts, which we can't confidently assert anything about the actual unpredictability of.
Here, the goal is to highlight systems that have neither obtained entropy from an HWRNG with a confident entropy assessment, nor been seeded from a source the operator knows about.
XXX pullup-10
|
Revision tags: netbsd-10-base
|
#
1.129 |
|
04-Nov-2021 |
nia |
Recognize argon2 passwords as valid in daily security reports.
from RVP in misc/56486
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.128 |
|
10-Jan-2021 |
riastradh |
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other channels like security report to alert the operator if there's a problem.
- New man page entropy(7) discussing the higher-level concepts and system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for more details.
This change addresses many of the issues discussed in security/55659. This is a first draft; happy to take improvements to the man pages and scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a reference to the entropy(7) man page, but it's a little trickier: - Not sure it's appropriate for all users to see at login rather than users who have power to affect the entropy estimate (maybe it is, just haven't decided). - We only have a mechanism for changing once at boot; the message would remain until next boot even if an operator adds enough entropy. - The mechanism isn't really conducive to making a message appear conditionally from boot to boot.
|
#
1.127 |
|
02-Dec-2020 |
wiz |
Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.129 |
|
04-Nov-2021 |
nia |
Recognize argon2 passwords as valid in daily security reports.
from RVP in misc/56486
|
Revision tags: cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.128 |
|
10-Jan-2021 |
riastradh |
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other channels like security report to alert the operator if there's a problem.
- New man page entropy(7) discussing the higher-level concepts and system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for more details.
This change addresses many of the issues discussed in security/55659. This is a first draft; happy to take improvements to the man pages and scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a reference to the entropy(7) man page, but it's a little trickier: - Not sure it's appropriate for all users to see at login rather than users who have power to affect the entropy estimate (maybe it is, just haven't decided). - We only have a mechanism for changing once at boot; the message would remain until next boot even if an operator adds enough entropy. - The mechanism isn't really conducive to making a message appear conditionally from boot to boot.
|
#
1.127 |
|
02-Dec-2020 |
wiz |
Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.128 |
|
10-Jan-2021 |
riastradh |
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other channels like security report to alert the operator if there's a problem.
- New man page entropy(7) discussing the higher-level concepts and system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for more details.
This change addresses many of the issues discussed in security/55659. This is a first draft; happy to take improvements to the man pages and scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a reference to the entropy(7) man page, but it's a little trickier: - Not sure it's appropriate for all users to see at login rather than users who have power to affect the entropy estimate (maybe it is, just haven't decided). - We only have a mechanism for changing once at boot; the message would remain until next boot even if an operator adds enough entropy. - The mechanism isn't really conducive to making a message appear conditionally from boot to boot.
|
#
1.127 |
|
02-Dec-2020 |
wiz |
Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.127 |
|
02-Dec-2020 |
wiz |
Update default pkgsrc database location from /var/db/pkg to /usr/pkg/pkgdb.
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.126 |
|
06-Dec-2019 |
riastradh |
Save the entropy seed daily in /etc/security.
|
Revision tags: phil-wifi-20191119
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-0-RC1 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.125 |
|
18-Sep-2019 |
uwe |
Use $file instead of $(echo $file). I don't think the extra round of word expansions was really intended here.
|
Revision tags: netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; 1.122.4; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020
|
#
1.124 |
|
04-Oct-2018 |
kre |
Fix an obvious botch in the previous rev, found by martin@
|
Revision tags: pgoyette-compat-0930
|
#
1.123 |
|
23-Sep-2018 |
kre |
Convert uses of test (aka '[') to use only posix specified forms, mostly just on general principle... this resulted in one or two minor code reformattings to keep 80 char limits - a few needless uses of quotes ("no" ??) were also removed (sh is not C. strings are strings without quotes around them...)
|
Revision tags: pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
branches: 1.122.2; Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.122 |
|
06-Jan-2018 |
mlelstv |
Use sysctl to retrieve iostat names instead of parsing possibly truncated iostat output.
Check dkctl listwedges output with grep.
Fixes PR 59205.
|
Revision tags: matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
13-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
01-May-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
27-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
23-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
25-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
18-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
18-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
01-Oct-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
13-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
13-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
18-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
15-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
14-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
12-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
05-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
03-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
01-Oct-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
24-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
22-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
04-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
15-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
15-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
22-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
17-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
16-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
18-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
24-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
24-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
23-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
22-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
14-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
17-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
15-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
26-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
#
1.121 |
|
29-Feb-2016 |
riastradh |
Record current raid configurations too in /etc/security.
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
12-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
Revision tags: netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 tls-maxphys-base
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.112 |
|
30-Apr-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
Revision tags: agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6 yamt-pagecache-base5 yamt-pagecache-base4
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase
|
#
1.110 |
|
02-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
Revision tags: bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.109 |
|
26-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
Revision tags: matt-premerge-20091211 jym-xensuspend-nbase jym-xensuspend-base
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 mjf-devfs2-base2 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-base mjf-devfs-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
Revision tags: matt-mips64-base
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
Revision tags: netbsd-4-base
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
22-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
Revision tags: abandoned-netbsd-4-base
|
#
1.98 |
|
24-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
Revision tags: netbsd-3-base
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
17-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
17-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
30-Sep-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
12-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
12-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
Revision tags: fvdl_fs64_base
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
10-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
Revision tags: netbsd-1-6-base
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
17-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
18-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
14-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
13-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
11-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
04-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
02-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
30-Sep-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
23-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
21-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
03-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
14-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
09-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
Revision tags: netbsd-1-5-base minoura-xpg4dl-base
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
14-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base comdex-fall-1999-base
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
21-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
Revision tags: netbsd-1-4-PATCH001 netbsd-1-4-RELEASE netbsd-1-4-base
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
16-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
15-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
25-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
Revision tags: netbsd-1-3-PATCH003 netbsd-1-3-PATCH003-CANDIDATE2 netbsd-1-3-PATCH003-CANDIDATE1 netbsd-1-3-PATCH003-CANDIDATE0 netbsd-1-3-PATCH002 netbsd-1-3-PATCH001 netbsd-1-3-RELEASE netbsd-1-3-BETA netbsd-1-3-base
|
#
1.30 |
|
08-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
17-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
18-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
23-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
23-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
22-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
21-May-1996 |
mrg |
ignore setgid on dirs.
|
Revision tags: netbsd-1-2-PATCH001 netbsd-1-2-RELEASE netbsd-1-2-BETA netbsd-1-2-base
|
#
1.13 |
|
13-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
16-Dec-1995 |
thorpej |
New-style RCS ids.
|
Revision tags: netbsd-1-1-PATCH001 netbsd-1-1-RELEASE netbsd-1-1-base
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
18-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
Revision tags: netbsd-1-0-base
|
#
1.9 |
|
14-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
27-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
25-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
Revision tags: netbsd-0-9-RELEASE netbsd-0-9-BETA netbsd-0-9-ALPHA2 netbsd-0-9-ALPHA netbsd-0-9-base netbsd-0-8 netbsd-alpha-1
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.120 |
|
20-Apr-2015 |
pgoyette |
Set the redirection correctly, so that stderr gets duped to the already redirected stdout, rather than duping stdout to stderr!
Without this fix, the disklabel output is included in the log file rather than being discarded as intended. (The purpose of running disklabel this first time is only to check for success.)
|
#
1.119 |
|
14-Feb-2015 |
nakayama |
Avoid nfs devices correctly.
|
#
1.118 |
|
12-Dec-2014 |
uebayasi |
Indent and space fixes.
|
#
1.117 |
|
23-Nov-2014 |
christos |
- generate the list of disks only once and select from them later - don't generate empty/useless files when disklabel or dkctl don't have data
|
#
1.116 |
|
27-Aug-2014 |
apb |
Split some long lines.
|
#
1.115 |
|
06-Nov-2013 |
spz |
Introduce a variable for security.conf, default empty, to list users whose home is (allowed to be) owned by another user.
It's a separate variable and not just check_passwd_permit_dups so I can make security shut up about my uucp users.
Fixes the second half of PR misc/36063
|
#
1.114 |
|
06-Nov-2013 |
spz |
having more than one line with the same group name and gid is not only allowed, it's even recommended for groups with lots of members, so do not warn about duplicate group name lines if the gid is the same
|
#
1.113 |
|
08-Sep-2013 |
prlw1 |
Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf is not installed.
|
#
1.112 |
|
30-Apr-2013 |
agc |
Fix for problematic paths in /etc/daily and /etc/security reported in PR/47645.
Add a separate file which contains the paths for the pkg_admin and pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it from pkg.conf).
Thanks also to Edgar Fuss for the sanity check.
|
#
1.111 |
|
05-Apr-2012 |
spz |
branches: 1.111.2; change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
|
#
1.110 |
|
01-Mar-2011 |
christos |
branches: 1.110.4; too much quoting. pointed by anon ymous
|
#
1.109 |
|
26-Dec-2010 |
christos |
branches: 1.109.2; `` -> $()
|
#
1.108 |
|
05-Feb-2010 |
jmmv |
Deprecate the pkgdb_dir settings from daily.conf and security.conf in favor of the PKG_DBDIR variable in /etc/pkg_install.conf. The purpose of this is to only have to define the location of the packages database in a single place and have all other system components pick it up.
pkgdb_dir is still honored if defined and the scripts will spit out a warning in that case, asking the administrator to migrate to the PKG_DBDIR setting. We can't remove this compatibility workaround until, at least, after NetBSD 6 is released.
|
#
1.107 |
|
19-Jan-2010 |
jmmv |
Add the fetch_pkg_vulnerabilities option to the daily script to keep the packages vulnerability database up to date. This will only fetch the file from the server if it has changed since the last run.
Add the check_pkg_vulnerabilities and check_pkg_signatures options to the security script to check that the installed packages are sane.
All of these options are enabled by default but they will only run if there is, at least, one installed package.
|
#
1.106 |
|
27-Jan-2009 |
haad |
Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.
|
#
1.105 |
|
23-Nov-2007 |
dholland |
branches: 1.105.4; Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.104 |
|
27-Aug-2007 |
adrianp |
The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.103 |
|
09-Aug-2007 |
tron |
branches: 1.103.2; Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
#
1.102 |
|
06-Jun-2007 |
martti |
Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.101 |
|
27-Mar-2007 |
jnemeth |
PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.100 |
|
26-Sep-2006 |
tron |
branches: 1.100.2; Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact.
Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.99 |
|
22-Sep-2006 |
jmcneill |
PR #26490: /etc/security is not aware of sha1 passwords
|
#
1.98 |
|
24-May-2006 |
lukem |
Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.97 |
|
17-Apr-2006 |
veego |
Don't try to backup a 'nfs' disklabel, which will happen because of the recent iostat changes. Patch supplied in pr# 33274 by Geoff C. Wing.
|
#
1.96 |
|
29-Jan-2006 |
rpaulo |
PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.
|
#
1.95 |
|
11-Apr-2005 |
peter |
Allow an underscore as first character and embedded underscores & dots for login and group names.
Fixes PR misc/29913 from Arto Selonen.
|
#
1.94 |
|
05-Feb-2005 |
jdolecek |
branches: 1.94.2; add a check_passwd_permin_nonalpha option, which changes the passwd test to permit non-alphanumeric characters in login names
|
#
1.93 |
|
21-Nov-2004 |
kim |
When checking /etc/exports, account for "-network=XXX" as restricting the mount (i.e. it is not considered globally exported).
Fixes PR: 26890
|
#
1.92 |
|
28-Sep-2004 |
erh |
PR misc/7716: add configuration options find_core_ignore_fstypes and check_devices_ignore_fstypes to allow the filesystem types that are ignored during the daily and security runs to be adjusted.
|
#
1.91 |
|
23-Jul-2004 |
lukem |
Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M". This allows users to override mtree/special entries in mtree/special.local, which is useful if you've replaced a directory with a symlink (for example). This effectively makes $check_mtree_follow_symlinks=YES pointless, but I'm retaining that for compatibility reasons.
Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex), which has existed for a long time but only failed with our awk; GNU awk seems to have permitted this. (This meant that the duplicate UID check was broken when using our awk.)
Rename some temp files to more accurately reflect their purpose, to aid debugging.
|
#
1.90 |
|
09-Apr-2004 |
kim |
Catch STDERR from /etc/security.local (not just STDOUT).
|
#
1.89 |
|
02-Apr-2004 |
jmmv |
Introduce and use the rcvar_manpage variable, which contains the manual page name where the user should look at for documentation about rcvar. It defaults to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.
This variable is useful to let the daily, weekly, monthly and security scripts tune the warning message shown when any of the variables they handle is not properly set.
Closes PR misc/23908.
|
#
1.88 |
|
09-Feb-2004 |
jdolecek |
branches: 1.88.2; 1.88.4; 1.88.6; add missing && in the home directory group writability condition; gawk somehow coped even without (defaults to && ?), but nawk printed bogus warnings (defaults to || ?)
|
#
1.87 |
|
19-Nov-2003 |
jhawk |
Provide a workaround for PR bin/12900. When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty, a "Device not configured" error is returned.
Filter mtree's stderr to ignore this error.
If fdesc is fixed to not behave in this fashion, this workaround can be removed; bin/12900 should remain open until that time.
|
#
1.86 |
|
17-Nov-2003 |
jhawk |
In check_varmail (mailbox ownership/permissions check): Make ls -A explicit, to help n debugging when not run as root (-A is implied when ls is run as root) Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
|
#
1.85 |
|
17-Nov-2003 |
jhawk |
XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability when the groupname matches the username. Defaults to off.
|
#
1.84 |
|
30-Sep-2003 |
jhawk |
Suppress output when running security.local if it produces no output. /etc/security should produce no output (and thus suppress the report) when nothing is wrong.
While we're here, use printf instead of two echos, like the rest of the script.
|
#
1.83 |
|
21-Feb-2003 |
jhawk |
Use $diff_options when running diff in /etc/security. Default diff_options to -u, for unified-format context diffs, because context is essential to a useful evaluation of differences. This represents a behavior change.
Implements change-request PR security/17247 from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
|
#
1.82 |
|
12-Feb-2003 |
jhawk |
Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set. Apparently mtree -L is imperfect, but it is far better than the lack thereof if symlinks are involved reaching files mtree verifies.
|
#
1.81 |
|
12-Feb-2003 |
jhawk |
Add some flexibility to /etc/security, by way of security.conf options: check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells check_passwd_nowarn_users Don't warn about these users check_passwd_permit_star Don't warn about "*" in the $2 field Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and /usr/libexec/uucp/uucico, so that it will not warn about the default master.passwd. The rationale here is that an administrator who chooses to permit these warnable conditions should not be warned about them day after day, yet should not be forced to disable check_passwd entirely. check_passwd_permit_star is primarily of interest to sites who use *'d entries for Kerberos or ssh logins, despite the fact that we permit "*ssh" (etc.) for this purpose (legacy).
|
#
1.80 |
|
06-Jan-2003 |
wiz |
writable, not writeable.
|
#
1.79 |
|
20-Aug-2002 |
elric |
Added .k5login to the list of files that are checked in each user's home directory.
Addresses PR: security/18000
|
#
1.78 |
|
18-Jun-2002 |
itojun |
md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.77 |
|
18-Jun-2002 |
itojun |
recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr>
|
#
1.76 |
|
09-Jun-2002 |
atatat |
The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
#
1.75 |
|
21-May-2002 |
lukem |
branches: 1.75.2; Support shell metacharacters (`*', '?', '[') in /etc/changelist lines, including checks for "backups that exist when actual file is deleted", a la the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks. This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
|
#
1.74 |
|
17-Dec-2001 |
lukem |
Add nullfs to the list of file system types to skip during the "big finds". Fix from Alan Barrett in [misc/14957].
|
#
1.73 |
|
09-Nov-2001 |
lukem |
remove blank lines from the lists of files to backup_and_diff
|
#
1.72 |
|
17-Oct-2001 |
lukem |
add -dgq to check_pkgs ls(1). suggested by @@@
|
#
1.71 |
|
18-Oct-2001 |
taca |
Add -T option to ls(1) when -l option is specified. This fixes none-changed files under ${backup_dir}/pkgs as bellow:
====== /var/backups/pkgs diffs (OLD < > NEW) ====== 159c159 < -rw-r--r-- 1 root wheel 528 Apr 19 01:11 ja-less-332/+CONTENTS --- > -rw-r--r-- 1 root wheel 528 Apr 19 2001 ja-less-332/+CONTENTS
|
#
1.70 |
|
14-Oct-2001 |
lukem |
Use "nodiff" instead of "nomail" for the tag which is used to exclude files from having the changes diff generated. Suggested by Michael Graff.
|
#
1.69 |
|
13-Oct-2001 |
lukem |
minor optimisation suggested by christos
|
#
1.68 |
|
13-Oct-2001 |
lukem |
A few more changes, from more discussions with Andrew Brown. - Resurrect /etc/changelist, even if it's an "empty" file by default, because it's easier to use than /etc/mtree/special.local for adding a couple of simple files. Back by popular demand (hi @@@! :-) - Add /etc/rc.d/* to the list of "dynamic" files; this notices changes in user-added scripts - Only calculate the mtree -I nomail list once, and re-use - Use "cat foo | while read file" instead of "for file in `cat foo`" ; handles whitespace better...
|
#
1.67 |
|
11-Oct-2001 |
lukem |
Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features: - Add a bunch of stuff to /etc/mtree/special to enable removal of /etc/changelist: - files which we want to monitor for changes but don't want to see the diffs of (master.passwd, ssh_host_key, ...) are tagged with "nomail" - files which we don't want to monitor are tagged with "exclude" (such as netgroup.db, kvm.db, ...) - monitor /etc/mtree/special.local, /root/.ssh/* - remove /etc/changelist, and a bunch of XXX comments - use mtree(8)'s -D, -I, and -E to generate lists of files to actually do the changelist stuff on. - support /etc/mtree/special.local as an optional user-provided version of /etc/mtree/special (effectively, an enhanced /etc/changelist) - Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/* including support for these files being added and removed at will. - If /sbin/fdisk exists, backup the output of "fdisk $disk" for all the active disk drives as part of $check_disklabels - Check permissions on: ~/.ssh/* ~/.shosts
Details: - Reorder initialisation of defaults - Remove special case for /etc/master.passwd "monitor but don't email diffs" with general case for other similar files. - Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...) in "$backup_dir/work", to minimise name clashes. - Add migrate_file(old, new) to do the hard work of migrating files from the old `top level' /var/backups mechanism to the `full path' mechanism recently added. Use this appropriately. - Add backup_and_diff(file, printdiffs), to the hard work of backing-up and diff-ing files. - Cleanup use of shell redirects - /bin/sh supports ~root globbing, so use it. - Improve umask checking; use awk regex rather than awk math
|
#
1.66 |
|
04-Oct-2001 |
lukem |
minor whitespace fix
|
#
1.65 |
|
03-Oct-2001 |
lukem |
replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"
|
#
1.64 |
|
03-Oct-2001 |
cjs |
Since we store the output of ls for use later, make sure that we have TZ=UTC. (Otherwise time zone changes cause us to believe that files have changed when they have not.)
|
#
1.63 |
|
02-Oct-2001 |
lukem |
- clean up a couple of comments - reformat some awk blocks - replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
|
#
1.62 |
|
30-Sep-2001 |
atatat |
Add a chunk of code to check the installed pkgs list by making a list of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if they have one) and handling this file along with all the other CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along the way.
|
#
1.61 |
|
23-Sep-2001 |
lukem |
remove acd (non existant), add ld (for hw raid logical drives)
|
#
1.60 |
|
23-Sep-2001 |
perry |
add raid, remove cd drives and floppy drives from the nightly disk permissions checks.
note: This whole thing needs to be rototilled. And yes, I'm volunteering to do it.
|
#
1.59 |
|
23-Sep-2001 |
perry |
Update the password sanity checking thusly: 1) If a password entry is of the form \*[A-z-]+, do not complain that the account is off but has a valid password. Thus you can do passwords like *ssh to indicate ssh only logins. We should come up with a standard scheme for what various *keywords mean. Note that if the field length is 13, 20 or 34 you'll still get bitched at. This code should be cleaned up. (So should the password scheme.) 2) If the entry is for "toor", don't complain that the account is off but has a valid shell. We ship with toor:*:, there is no point in complaining about it.
Part of the campaign against spurious security warning output.
|
#
1.58 |
|
21-Sep-2001 |
perry |
run mtree on the special file using the new -l option, so it will not complain about things like files set 444 instead of 644.
part of the campaign against spurious output in the nightly security run.
|
#
1.57 |
|
26-Aug-2001 |
simonb |
Remove rz/tz support for pmax, switch to MI SCSI.
|
#
1.56 |
|
18-Jun-2001 |
lukem |
use mktemp(1) to create temporary directories, and ensure that cleanup traps are setup asap.
|
#
1.55 |
|
14-Jun-2001 |
lukem |
use symbolic signal names instead of numbers
|
#
1.54 |
|
10-May-2001 |
atatat |
When backing files listed in /etc/changelist, instead of truncating to the basename of the file, use the whole path with $backup_dir prepended, in effect mirrorring the directory tree. This eliminates the possibility of a name collision.
Closes pr bin/12727.
|
#
1.53 |
|
10-May-2001 |
atatat |
Allow embedded hyphens in user names (and group names), just not as the first or last character.
|
#
1.52 |
|
03-Apr-2001 |
atatat |
Provide the capability of storing backups via RCS instead of just a "current" and a "last" (which is useless if you wanna know what you changed last week). Set the default to on.
|
#
1.51 |
|
14-Mar-2001 |
hubertf |
Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's some risk that the users don't get warned if an admin turns off running /etc/security (by putting run_security=no into daily.conf).
Fixes PR 12267.
|
#
1.50 |
|
12-Mar-2001 |
atatat |
Allow md5 passwords of length 34 as passwords
|
#
1.49 |
|
11-Feb-2001 |
jdolecek |
Introduce max_grouplen - this determines the maximum permitted length of group names, similarily to max_loginlen
|
#
1.48 |
|
08-Jan-2001 |
abs |
Add a new variable 'backup_dir', which can be used to change the backup directory from /var/backup (useful for those of us who have a separate /var and would like to have our backup disklabels on the root filesystem). Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
|
#
1.47 |
|
07-Oct-2000 |
lukem |
use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation) by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
|
#
1.46 |
|
10-Sep-2000 |
christos |
PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames that start with -.
|
#
1.45 |
|
02-Jul-2000 |
sommerfeld |
Fix pr9320: improve umask checking for root's dotfiles. Now even notices bogus umasks like 044
|
#
1.44 |
|
26-May-2000 |
ad |
branches: 1.44.4; We may as well allow local additions to /etc/security, since it gets done for the other periodic checks.
|
#
1.43 |
|
05-May-2000 |
itojun |
check /etc/mail/aliases on check_aliases. /etc/aliases will be checked as well, if exists (for backward compatibility).
|
#
1.42 |
|
24-Apr-2000 |
fair |
Add skeyaudit to /etc/security (with a variable to disable) per PR 5871
|
#
1.41 |
|
14-Jan-2000 |
christos |
Use cat -f to avoid denial of service attacks by people who make .rhosts files fifos.
|
#
1.40 |
|
05-Sep-1999 |
perry |
We already had logic not to try to grab the disklabels of md's and fd's -- add cd's to the list.
|
#
1.39 |
|
21-Jul-1999 |
hubertf |
Use standard variable "$0" for the whole line instead of the non-standard, undocumented "$LINE".
Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
|
#
1.38 |
|
23-Apr-1999 |
kleink |
Get rid of old-style chown operands.
|
#
1.37 |
|
17-Mar-1999 |
wrstuden |
branches: 1.37.2; Add a commented-out duplicate id checker which doesn't exclude toor, and add a comment saying how to switch it on.
|
#
1.36 |
|
16-Mar-1999 |
wrstuden |
Modify duplicate user id check to exclude "toor". Any other uid 0 accounts will generate a message with that (those) account names, root, and toor present in the list.
|
#
1.35 |
|
15-Mar-1999 |
fair |
Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home directories with -maproot=nobody on the server. The argument to be made is that if NetBSD's root can't read these files, it shouldn't try to check them.
|
#
1.34 |
|
18-Feb-1999 |
abs |
Handle + in master.passwd (From PR#4802). Also, handle + in group and allow max_loginlen to be configurable.
|
#
1.33 |
|
14-Sep-1998 |
tv |
Nix "Login %s is off but still has a valid shell" warning for 20-character encrypted passwords generated by the NEWSALT option to passwd(1).
|
#
1.32 |
|
25-Aug-1998 |
lukem |
* if $check_disklabels=YES, backup and compare of disklabels of current disks. should detect added or removed disks as well. backup labels go in /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the changelist style backups have .current or .backup suffixes * minor whitespace, formatting, and comment cleanup
|
#
1.31 |
|
26-Jan-1998 |
lukem |
include rc.subr and use appropriately
|
#
1.30 |
|
07-Oct-1997 |
mycroft |
Deal with files in the changelist that are added or removed. * When a file is removed, move its .current file to .backup. * When a file is added, create its .current file. * In either case, send a diff against /dev/null. Mostly from Jim Bernard in PR 4183, with the removal case fixed.
|
#
1.29 |
|
23-Sep-1997 |
lukem |
- use 'ftpd -C user' to check the format of /etc/ftpusers. closes [security/4061] - rename $MPPATH to $MPBYPATH, to clarify its use
|
#
1.28 |
|
17-Sep-1997 |
lukem |
- don't print "Checking setuid files and devices:" if no problems found (solves [security/4047]) - minor cleanup (rename a couple of variables, etc)
|
#
1.27 |
|
22-Aug-1997 |
lukem |
- correct use of generated temporary files. - clean up comments and generated output. - clean up $SECUREDIR if SIGINT or SIGQUIT received. - .rhosts may have to be world readable in NFS environments, so allow it to be. - update list of disks to check for reasonable permissions - don't show differences in /etc/master.passwd, as the encrypted strings may be sent. From reading comments earlier in the script, this was the intention anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994]. - when checking /etc/ftpusers, skip comment lines and only match full usernames. XXX: this should be enhanced to check lines of the enhanced ftpusers format.
|
#
1.26 |
|
19-Aug-1997 |
lukem |
* ensure that check for '.' in root's $PATH doesn't yield a false positive. fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995] * detect empty :: elements as '.' in a sh(1) path (leading :, trailing :, or ::)
|
#
1.25 |
|
23-Jun-1997 |
lukem |
* when checking /etc/master.passwd, read in /etc/shells for a list of valid shells and then check each active account against that * remove unnecessary ()s in a few printf's.
|
#
1.24 |
|
23-Jun-1997 |
lukem |
* take advantage of xargs -0 when finding devices and set?id files * use 'ls -q' in the above, so that characters that may cause problems in the output are replaced with '?'
|
#
1.23 |
|
23-Jun-1997 |
lukem |
Also check /etc/profile for setting of umask. From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]
|
#
1.22 |
|
22-Jun-1997 |
lukem |
Ignore blank lines and comments in /etc/exports From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]
|
#
1.21 |
|
21-Apr-1997 |
mycroft |
Don't list directories with the setuid bit set or FIFOs.
|
#
1.20 |
|
21-Apr-1997 |
mycroft |
Minor cleanup.
|
#
1.19 |
|
21-Apr-1997 |
mycroft |
When doing security checks in user home directory, sort by home directory, to optimize lookups a little. Also, add some more files to the naughty lists.
|
#
1.18 |
|
17-Apr-1997 |
mikel |
make /etc/aliases check a bit more discriminating: the line must be uncommented, and it must contain a '|' character (forwarding to program).
|
#
1.17 |
|
10-Mar-1997 |
mycroft |
Minor cleanup.
|
#
1.16 |
|
14-Feb-1997 |
mikel |
Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106. Also fixed some comments.
|
#
1.15 |
|
05-Jan-1997 |
mrg |
add configuration file for security, as security.conf. the file allows each action taken by security to be turned on or off.
|
#
1.14 |
|
21-May-1996 |
mrg |
ignore setgid on dirs.
|
#
1.13 |
|
13-Jan-1996 |
pk |
Several fixes from Arne H. Juul (PR#1814).
|
#
1.12 |
|
16-Dec-1995 |
thorpej |
New-style RCS ids.
|
#
1.11 |
|
31-Jan-1995 |
jtc |
Change .emacsrc to .emacs in list of files to be checked. From Mike Long, in PR #768.
|
#
1.10 |
|
17-Oct-1994 |
mycroft |
Fix the fstype-based pruning algorithms. Partly suggested by John Kohl.
|
#
1.9 |
|
14-Jun-1994 |
cgd |
branches: 1.9.2; update to new security script
|
#
1.8 |
|
15-Jan-1994 |
cgd |
people importing trees from SunOS should be shot; add -d to ls.
|
#
1.7 |
|
15-Dec-1993 |
mycroft |
Find only set[gu]id files and devices, like old ncheck(1).
|
#
1.6 |
|
26-Oct-1993 |
cgd |
use of xargs wasn't strictly a security hole, but could lead to fouled- up results. xargs should really have an option to automatically 'quote' input.
|
#
1.5 |
|
27-Oct-1993 |
mycroft |
Use xargs(1) to avoid overflowing the argument list to ls(1).
|
#
1.4 |
|
25-Oct-1993 |
cgd |
from FreeBSD: check for set*id devices in a way closer to the original. note that you can still overflow the args buffer for the ls (and it does that on lamp), but it's better than before.
|
#
1.3 |
|
19-Oct-1993 |
mycroft |
Rewrite set[gu]id find command to avoid walking non-local file systems.
|
#
1.2 |
|
02-Apr-1993 |
cgd |
updated to reflect the fact that we don't have an ncheck
|
#
1.1 |
|
21-Mar-1993 |
cgd |
branches: 1.1.1; Initial revision
|
#
1.1.1.2 |
|
14-Feb-1997 |
mikel |
import 4.4BSD-Lite
|
#
1.1.1.1 |
|
21-Mar-1993 |
cgd |
initial import of 386bsd-0.1 sources
|
#
1.9.2.1 |
|
18-Oct-1994 |
cgd |
from trunk.
|
#
1.37.2.1 |
|
10-Sep-1999 |
he |
Pull up revision 1.40: Don't try to grab disklabels from CDs. (perry)
|
#
1.44.4.3 |
|
03-Sep-2002 |
itojun |
pullup 1.77-1.78 via patch (itojun)
understand md5 password
|
#
1.44.4.2 |
|
08-Dec-2001 |
he |
Pull up revision 1.58 (requested by lukem): Run mtree on the special file using the new ``-l'' option, so it will not complain about things like files set to 444 instead of 644.
|
#
1.44.4.1 |
|
02-Jul-2000 |
sommerfeld |
pullup 1.45: fix root umask check to have a chance of working. approved by thorpej
|
#
1.75.2.2 |
|
06-Aug-2002 |
lukem |
Pull up revisions 1.77-1.78 (requested by itojun in ticket #631): 1.77: recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr> 1.78: md5/bcrypt password starts with $[12], so use ^ in regex
|
#
1.75.2.1 |
|
10-Jun-2002 |
tv |
Pull up revision 1.76 (requested by atatat in ticket #235): The check_rootdotfiles section mucks with the PATH setting, but never puts it back properly. As such, jobs run later that expect there to be a path will lose badly (eg, run lintpkgsrc -i from security.local). Let's just re-export the PATH.
|
#
1.88.6.2 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #11367): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.88.6.1 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #11309): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.88.4.2 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #11367): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.88.4.1 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #11309): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.88.2.2 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #11367): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.88.2.1 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #11309): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.94.2.6 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #1841): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.94.2.5 |
|
07-Jun-2007 |
liamjfoy |
Pull up following revision(s) (requested by martti in ticket #1800): etc/monthly: revision 1.11 etc/weekly: revision 1.23 etc/security: revision 1.102 etc/daily: revision 1.70 Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.94.2.4 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #1777): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.94.2.3 |
|
06-Oct-2006 |
ghen |
branches: 1.94.2.3.2; Pull up following revision(s) (requested by tron in ticket #1532): etc/security: revision 1.100 Improve security check for "/etc/exports": 1.) Properly handle line continuation and network exports. 2.) Make the report more compact. Patch contributed by Jukka Salmi in PR bin/24583.
|
#
1.94.2.2 |
|
12-Jul-2006 |
tron |
Pull up following revision(s) (requested by lukem in ticket #1377): etc/security: revision 1.98 share/man/man5/security.conf.5: revision 1.30 by patch etc/defaults/security.conf: revision 1.18 Implement check_devices_ignore_paths, which is a list of paths to avoid traversing during check_devices.
|
#
1.94.2.1 |
|
13-Apr-2005 |
tron |
branches: 1.94.2.1.2; Pull up revision 1.95 (requested by peter in ticket #135): Allow an underscore as first character and embedded underscores & dots for login and group names. Fixes PR misc/29913 from Arto Selonen.
|
#
1.94.2.3.2.3 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #1841): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.94.2.3.2.2 |
|
28-Jun-2007 |
ghen |
Pull up following revision(s) (requested by martti in ticket #1800): etc/monthly: revision 1.11 etc/weekly: revision 1.23 etc/security: revision 1.102 etc/daily: revision 1.70 Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.94.2.3.2.1 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #1777): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.94.2.1.2.3 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #1841): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.94.2.1.2.2 |
|
28-Jun-2007 |
ghen |
Pull up following revision(s) (requested by martti in ticket #1800): etc/monthly: revision 1.11 etc/weekly: revision 1.23 etc/security: revision 1.102 etc/daily: revision 1.70 Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.94.2.1.2.1 |
|
27-May-2007 |
bouyer |
Pull up following revision(s) (requested by jnemeth in ticket #1777): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.100.2.4 |
|
17-Sep-2007 |
bouyer |
Pull up following revision(s) (requested by adrianp in ticket #883): etc/defaults/security.conf: revision 1.20 etc/security: revision 1.104 The location of the pkg_info binary can now be specified in /etc/security.conf. The default remains as /usr/sbin/pkg_info. This should fix PR# 36746.
|
#
1.100.2.3 |
|
23-Aug-2007 |
liamjfoy |
Pull up following revision(s) (requested by tron in ticket #824): etc/security: revision 1.103 Add code to monitor the disk wedges (see dk(4)) configured on the system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
|
#
1.100.2.2 |
|
06-Jun-2007 |
liamjfoy |
Pull up following revision(s) (requested by martti in ticket #708): etc/monthly: revision 1.11 etc/weekly: revision 1.23 etc/security: revision 1.102 etc/daily: revision 1.70 Use "mktemp -d -t xxx" to create the temporary directories. This will use TMPDIR environment variable if set, otherwise use /tmp. (misc/35544)
|
#
1.100.2.1 |
|
08-May-2007 |
pavel |
branches: 1.100.2.1.2; Pull up following revision(s) (requested by jnemeth in ticket #627): etc/security: revision 1.101 PR/36058 -- fix check for group/other writable home directories from Jukka Salmi
|
#
1.100.2.1.2.2 |
|
23-Sep-2007 |
wrstuden |
Catch up with netbsd-4.
|
#
1.100.2.1.2.1 |
|
03-Sep-2007 |
wrstuden |
Sync w/ NetBSD-4-RC_1
|
#
1.103.2.2 |
|
08-Jan-2008 |
matt |
sync with HEAD
|
#
1.103.2.1 |
|
06-Nov-2007 |
matt |
sync with HEAD
|
#
1.105.4.2 |
|
23-Nov-2007 |
dholland |
Handle non-trivial NIS compat entries (like +joe:::::::::) in the password file. Fixes (my own) PR bin/33138.
reviewed: christos
|
#
1.105.4.1 |
|
23-Nov-2007 |
dholland |
file security was added on branch mjf-devfs on 2007-11-23 15:51:28 +0000
|
#
1.109.2.1 |
|
05-Mar-2011 |
bouyer |
Sync with HEAD
|
#
1.110.4.2 |
|
22-May-2014 |
yamt |
sync with head.
for a reference, the tree before this commit was tagged as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
|
#
1.110.4.1 |
|
16-Apr-2012 |
yamt |
sync with head
|
#
1.111.2.2 |
|
19-Aug-2014 |
tls |
Rebase to HEAD as of a few days ago.
|
#
1.111.2.1 |
|
23-Jun-2013 |
tls |
resync from head
|