From owner-freebsd-security Mon Feb 24 00:45:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA08853 for security-outgoing; Mon, 24 Feb 1997 00:45:50 -0800 (PST) Received: from mailserv.tversu.ac.ru (mailserv.tversu.ac.ru [193.233.128.3]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id AAA08848 for ; Mon, 24 Feb 1997 00:45:36 -0800 (PST) Received: (from vadim@localhost) by mailserv.tversu.ac.ru (8.6.12/8.6.12) id LAA19757; Mon, 24 Feb 1997 11:45:55 +0300 Message-ID: <19970224114554.12677@mailserv.tversu.ac.ru> Date: Mon, 24 Feb 1997 11:45:54 +0300 From: Vadim Kolontsov To: freebsd-security@FreeBSD.Org Subject: Re: improved setuid and device file checker for /etc/security References: <199702230636.WAA22830@salsa.gv.tsc.tdk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61.1 In-Reply-To: <199702230636.WAA22830@salsa.gv.tsc.tdk.com>; from Don Lewis on Feb 02, 1997 at 10:36:27PM -0800 Sender: owner-security@FreeBSD.Org X-Loop: FreeBSD.org Precedence: bulk On Feb 02, 1997 at 10:36:27PM -0800, Don Lewis wrote: > At least in the case of /etc/security, I came up with a scheme that should > be a lot more automatic. > I also added device file checking (other than their timestamps which tend > do get updated). Here is my contribution to /etc/security... It works fine on my machine. I've added more convinient (I hope :) scheme to check (and backup) some important files. Also checking for users's .rhosts added ---------------------------- cut here ------------------------------------ BAK=/var/backups CHECKFILES="aliases master.passwd group aliases security hosts.equiv" echo "" echo "Backuping and checking some files:" for i in $CHECKFILES ; do if cmp -s $BAK/$i /etc/$i; then echo " * $i"; else echo " * /etc/$i diffs:" echo ---------------------------------------------------------- diff $BAK/$i /etc/$i echo ---------------------------------------------------------- mv $BAK/$i $BAK/$i.bak cp -p /etc/$i $BAK fi done echo "" echo "Looking for user's .rhosts" for pwdentry in `awk 'BEGIN { FS=":" } {printf $1"@"$6" "}' /etc/passwd`; do user=`echo $pwdentry | sed "s/@.*//g"` homedir=`echo $pwdentry | sed "s/.*@//g"` if [ -e $homedir/.rhosts ] ; then if cmp -s $BAK/rhosts/$user $homedir/.rhosts ; then echo " * $user"; else echo " * $user's .rhosts diffs:" echo ---------------------------------------------------------- diff $BAK/rhosts/$user $homedir/.rhosts echo ---------------------------------------------------------- mv $BAK/rhosts/$user $BAK/rhosts/$user.bak cp -p $homedir/.rhosts $BAK/rhosts/$user fi fi done ---------------------------- cut here ------------------------------------ -------------------------------------------------------------------------- Vadim Kolontsov SysAdm/Programmer Tver Regional Center of New Information Technologies Networks Lab