100.chksetuid revision 96048
1281760Ssjg#!/bin/sh - 2281760Ssjg# 3281760Ssjg# Copyright (c) 2001 The FreeBSD Project 4281760Ssjg# All rights reserved. 5281760Ssjg# 6281760Ssjg# Redistribution and use in source and binary forms, with or without 7281760Ssjg# modification, are permitted provided that the following conditions 8281760Ssjg# are met: 9281760Ssjg# 1. Redistributions of source code must retain the above copyright 10281760Ssjg# notice, this list of conditions and the following disclaimer. 11281760Ssjg# 2. Redistributions in binary form must reproduce the above copyright 12281760Ssjg# notice, this list of conditions and the following disclaimer in the 13281760Ssjg# documentation and/or other materials provided with the distribution. 14281760Ssjg# 15281760Ssjg# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16281760Ssjg# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17281760Ssjg# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18281760Ssjg# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19281760Ssjg# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20281760Ssjg# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21281760Ssjg# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22281760Ssjg# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23281760Ssjg# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24281760Ssjg# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25281760Ssjg# SUCH DAMAGE. 26281760Ssjg# 27281760Ssjg# $FreeBSD: head/etc/periodic/security/100.chksetuid 96048 2002-05-05 00:59:37Z cjc $ 28281760Ssjg# 29281760Ssjg 30281760Ssjg# If there is a global system configuration file, suck it in. 31281760Ssjg# 32281760Ssjgif [ -r /etc/defaults/periodic.conf ] 33281760Ssjgthen 34281760Ssjg . /etc/defaults/periodic.conf 35281760Ssjg source_periodic_confs 36281760Ssjgfi 37281760Ssjg 38281760SsjgTMP=/var/run/_secure.$$ 39281760SsjgLOG="${daily_status_security_logdir}" 40281760Ssjgrc=0 41281760Ssjg 42281760Ssjgcase "$daily_status_security_chksetuid_enable" in 43281760Ssjg [Yy][Ee][Ss]) 44281760Ssjg echo "" 45281760Ssjg echo 'Checking setuid files and devices:' 46281760Ssjg # XXX Note that there is the possibility of overrunning the args to ls 47281760Ssjg MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` 48281760Ssjg set ${MP} 49281760Ssjg while [ $# -ge 1 ]; do 50281760Ssjg mount=$1 51281760Ssjg shift 52281760Ssjg find $mount -xdev -type f \ 53281760Ssjg \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ 54281760Ssjg \( -perm -u+s -or -perm -g+s \) -print0 55281760Ssjg done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort +10 > ${TMP} 56281760Ssjg 57281760Ssjg if [ ! -f ${LOG}/setuid.today ]; then 58281760Ssjg rc=1 59281760Ssjg echo "No ${LOG}/setuid.today" 60281760Ssjg cp ${TMP} ${LOG}/setuid.today || rc=3 61281760Ssjg fi 62 63 if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null 64 then 65 [ $rc -lt 1 ] && rc=1 66 echo "${host} setuid diffs:" 67 diff -b ${LOG}/setuid.today ${TMP} 68 mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 69 mv ${TMP} ${LOG}/setuid.today || rc=3 70 fi 71 rm -f ${TMP};; 72 *) rc=0;; 73esac 74 75exit $rc 76