From owner-freebsd-bugs Sat Aug 24 16:50:03 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA12302 for bugs-outgoing; Sat, 24 Aug 1996 16:50:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA12294; Sat, 24 Aug 1996 16:50:02 -0700 (PDT) Resent-Date: Sat, 24 Aug 1996 16:50:02 -0700 (PDT) Resent-Message-Id: <199608242350.QAA12294@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, pirzyk@dalsdb.fa.disney.com Received: from huey.disney.com (huey.disney.com [204.128.192.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA11493 for ; Sat, 24 Aug 1996 16:40:01 -0700 (PDT) Received: from dalsdb (dalsdb.fa.disney.com [139.104.212.4]) by huey.disney.com (8.7.5/8.7.3) with SMTP id QAA07441 for ; Sat, 24 Aug 1996 16:35:10 -0700 (PDT) Received: from snowhite by dalsdb with smtp (Smail3.1.28.1 #53) id m0uuSIU-00000wC; Sat, 24 Aug 96 16:39 PDT Received: from amigo.cpm.com (port_2933.faf.disney.com [153.6.101.249]) by snowhite (8.6.11/8.6.11) with ESMTP id TAA10876 for ; Sat, 24 Aug 1996 19:38:54 -0400 Received: (from pirzyk@localhost) by amigo.cpm.com (8.6.12/8.6.12) id QAA19207; Sat, 24 Aug 1996 16:11:42 -0400 Message-Id: <199608242011.QAA19207@amigo.cpm.com> Date: Sat, 24 Aug 1996 16:11:42 -0400 From: pirzyk@faf.disney.com Reply-To: pirzyk@dalsdb.fa.disney.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: misc/1538: new /etc/security script Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1538 >Category: misc >Synopsis: enhanced /etc/security script >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 24 16:50:01 PDT 1996 >Last-Modified: >Originator: Jim Pirzyk >Organization: Walt Disney Feature Animation Florida >Release: FreeBSD 2.1-STABLE i386 >Environment: All FreeBSD systems. >Description: Add more security checks in the /etc/security script. >How-To-Repeat: >Fix: Here are the context diffs for /etc/security. *** /etc/security Sat Aug 24 16:00:46 1996 --- /etc/security.bak Thu Nov 16 04:58:43 1995 *************** *** 39,63 **** echo "" echo "checking for uids of 0:" awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd - - echo "" - echo "" - echo "checking for accounts without passwords:" - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd - - echo "" - echo "" - echo "checking for accounts with duplicate uids:" - sort -t: +2n /etc/master.passwd | awk -F: 'BEGIN { duplicate = -1; } $1 != "+" && $3 != 0 {if (duplicate == $3) { print $1, name; } duplicate = $3; name = $1; }' - - echo "" - echo "" - echo "checking for world exported filesystems:" - sed -e '/^\#/d' -e '/^[ \t]*$/d' /etc/exports | awk 'NF < 2 { print }' - - echo "" - echo "" - echo "checking for block & character device files not in /dev:" - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }' - - exit $? --- 39,41 ---- >Audit-Trail: >Unformatted: