Unix security automating script

Hendrik Vermooten hendrik at zeusa.UUCP
Tue Mar 20 01:26:01 AEST 1990


This script is used to try and improve a system's security. Go through the
commands and you'll see what is done.

The challenge is this: who has more and/or better ideas to improve this
thing? Please mail me your [tested] suggestions, and I'll send in some
follow-up articles.

 *** ***     Hendrik Vermooten, ZEUS software
 * o o *     Bang: ..!uunet!ddsw1!olsa99!zeusa!hendrik
O|  I  |O    or hendrik at zeusa.UUCP
 | *** |
 \*****/

# Security checking script.
#
# Hendrik Vermooten, ZEUS software  (No copyright)
#    hendrik at zeusa.UUCP
#    ..!uunet!ddsw1!olsa99!zeusa!hendrik
#
DIR=/u/security
CRONDIR=/usr/spool/cron/crontabs
UUCPDIR=/usr/lib/uucp
echo "*** Hendrik's UNIX security check script ***"
date
echo ""
echo "* Logins with super user privileges:"
awk 'BEGIN { FS=":" } { if ($3 == "0" || $3 == "") print $1 }' < /etc/passwd
echo ""
#
echo "* Logins without passwords:"
awk 'BEGIN { FS=":" } { if ($2 == "") print $1 }' < /etc/passwd
echo ""

# Check changes to passwd file
echo "* Changes to /etc/passwd since `cat $DIR/prevrun`"
diff /etc/passwd $DIR/passwd
cp /etc/passwd $DIR/passwd
echo "* Changes to /etc/group since `cat $DIR/prevrun`"
diff /etc/group $DIR/group
cp /etc/group $DIR/group
echo ""

# Check writeability of /etc/passwd
ls -l /etc/passwd | grep -v "^-rw-r--r--" && echo "WARNING: Check this file's access mode!"
ls -l /etc/group | grep -v "^-rw-r--r--" && echo "WARNING: Check this file's access mode!"
ls -l /etc/rc | grep -v "^-rw-r--r--" && echo "WARNING: Check this file's access mode!"
ls -l $CRONDIR/root | grep -v "^-rw-------" && echo "WARNING: Check this file's access mode!"
if [ -f $CRONDIR/bin ]
	then
		ls -l $CRONDIR/bin | grep -v "^-rw-r--r--" && echo "WARNING: Check this file's access mode!"
	fi

# If someone has changed root or bin crontabs, they can get in.
# This section is not working yet, because I haven't figured out how to pass
#  shell variables as variables to 'awk' below.
# echo ""
# ls $CRONDIR | sort > $DIR/newcron
# ls $DIR/crons | sort > $DIR/oldcron
# echo "* New crontab files:"
# diff $DIR/oldcron $DIR/newcron | grep "^>"
# echo "* Changes to crontab files:"
# ls $CRONDIR/* | awk '{ printf "echo %s:\ndiff %s/crons/%s %s/%s\n", $1, $DIR, $1, $CRONDIR, $1 }' | /bin/sh

rm $DIR/newcron
rm $DIR/oldcron
mkdir $DIR/crons 2> /dev/null
cp $CRONDIR/* $DIR/crons

echo ""
echo "* UUCP security:"
echo "'Systems' file changes:"
diff $UUCPDIR/Systems $DIR/Systems
cp $UUCPDIR/Systems $DIR/Systems
echo "'Permissions' file changes:"
diff $UUCPDIR/Permissions $DIR/Permissions
cp $UUCPDIR/Permissions $DIR/Permissions

#
# It would be nice to have full path names in the next two reports. But how?
#
echo ""
echo "* Directories that can be written to by everyone:"
ls -lR / | awk '/^d[rwx]......w[x-]/ { print }'
echo ""
echo "* Directories with search permissions for everyone:"
ls -lR / | awk '/^d[rwx]......w[x-]/ { print }'

# Check Set UIDs & GIDs: I left the most important check till last
mv $DIR/setuids $DIR/setuids.prev
find / \( -perm -4000 -o -perm -2000 \) -exec ls -ld {} \; | sort > $DIR/setuids
echo "* Set UID status that have been enabled since `cat $DIR/prevrun`"
diff $DIR/setuids.prev $DIR/setuids | grep "^>"

date > $DIR/prevrun
chown root $DIR/*
chmod 600 $DIR/*
chmod 700 $DIR
chmod +x $DIR/$0

# Other checks:
#   Changes to files under /etc/rc.d/*



More information about the Comp.unix.wizards mailing list