Date: Fri, 3 Mar 2000 16:10:43 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: FreeBSD-gnats-submit@freebsd.org Cc: freebsd-security@freebsd.org Subject: misc/17155: Add mount(8) check to /etc/security Message-ID: <200003032110.QAA44752@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
>Number: 17155
>Category: misc
>Synopsis: Add mount(8) check to /etc/security
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 3 13:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Crist J. Clark
>Release: FreeBSD 3.4-STABLE i386
>Organization:
>Environment:
FreeBSD 3.4-STABLE, distributed /etc/security file.
>Description:
The other day I had to change the way a filesystem was mounted
to do some administrative tasks (specifically, I turned off the nosuid
option). I guess I became distracted because I never re-enabled it
until just noticing it recently.
I was surprised and a little bit peeved that my /etc/security
script would not notice a change in the way filesystems were
mounted. Rather than just complain, I modified my own /etc/security's
accordingly and decided the modification was something that no one
could really argue against, so I'm submitting it here.
>How-To-Repeat:
Do anything to your filesystem mounts. /etc/security won't
notice.
>Fix:
The structure of the added commands parallels the existing
'dmesg' check currently in place. Frankly, it's almost exactly the
same, just different filenames and another command generating the
initial output.
The only thing I am unsure of is which is more asthetically
pleasing, using 'mount -p' output or taking 'mount' output and running
it through a quick sed script to clean out the "writes:"
information. At this point, I perfer the more verbose mount-sed
combo. Both patches are included.
Any contructive comments or criticisms appreciated.
The mount-sed combo,
--- /usr/src/etc/security Tue Dec 21 04:46:02 1999
+++ security Fri Mar 3 15:56:52 2000
@@ -48,6 +48,21 @@
mv $TMP $LOG/setuid.today
fi
+if mount | sed 's/, writes: [^\)]*//' > $TMP; then
+ if [ ! -f $LOG/mount.today ]; then
+ separator
+ echo "no $LOG/mount.today"
+ cp $TMP $LOG/mount.today
+ fi
+ if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else
+ separator
+ echo "$host changes in mounted filesystems:"
+ diff -b $LOG/mount.today $TMP
+ mv $LOG/mount.today $LOG/mount.yesterday
+ mv $TMP $LOG/mount.today
+ fi
+fi
+
separator
echo "checking for uids of 0:"
awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
Now for the mount-p version,
--- /usr/src/etc/security Tue Dec 21 04:46:02 1999
+++ security Fri Mar 3 15:57:52 2000
@@ -48,6 +48,21 @@
mv $TMP $LOG/setuid.today
fi
+if mount -p > $TMP; then
+ if [ ! -f $LOG/mount.today ]; then
+ separator
+ echo "no $LOG/mount.today"
+ cp $TMP $LOG/mount.today
+ fi
+ if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else
+ separator
+ echo "$host changes in mounted filesystems:"
+ diff -b $LOG/mount.today $TMP
+ mv $LOG/mount.today $LOG/mount.yesterday
+ mv $TMP $LOG/mount.today
+ fi
+fi
+
separator
echo "checking for uids of 0:"
awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003032110.QAA44752>