admin scripts
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。

86 行
2.2 KiB

  1. #!/bin/bash
  2. # File Permissions checker for logwatch
  3. # by Andrew Harford
  4. # receive@redbrick.dcu.ie
  5. ###############
  6. # /root stuff #
  7. ###############
  8. exit 0
  9. echo
  10. echo "-------------[ /root permissions ]------------------"
  11. root_permission=$(stat /root | grep -c "Access: (0700/drwx------)")
  12. if [ $root_permission -ne 1 ]
  13. then
  14. echo "WARNING: The permissions on /root are NOT 0700"
  15. else
  16. echo "info: The permissions on /root are normal"
  17. fi
  18. echo
  19. find /root -type f -perm -o=r -printf "%m \t %P \n"
  20. echo
  21. find /root -type f -not -gid 0 -not -uid 0 -printf "%m \t %u:%g \t %P \n"
  22. ###############
  23. # ldap.secret #
  24. ###############
  25. echo
  26. echo "-------------[ ldap.secret permissions ]------------------"
  27. root_permission=$(stat /etc/ldap.secret | grep -c "Access: (0400/-r--------)")
  28. if [ $root_permission -ne 1 ]
  29. then
  30. echo "WARNING: The permissions on /etc/ldap.secret are NOT 0400"
  31. else
  32. echo "info: The permissions on /etc/ldap.secret are normal"
  33. fi
  34. #####################
  35. # set uid/gid stuff #
  36. #####################
  37. echo
  38. echo "-------------[ Set UID/GID file changes ]------------------"
  39. echo
  40. if [ -f /etc/logwatch/setid.log ]; then
  41. if [ -f /etc/logwatch/setid.old.log ]; then
  42. rm /etc/logwatch/setid.old.log
  43. fi
  44. mv /etc/logwatch/setid.log /etc/logwatch/setid.old.log
  45. else
  46. touch /etc/logwatch/setid.old.log
  47. fi
  48. #find / -not -fstype nfs -perm +4000 -printf "%m %M \t %u:%g \t %P \n"
  49. #find / -not -fstype nfs -perm +2000 -printf "%m %M \t %u:%g \t %P \n"
  50. find / -not -fstype nfs \( -perm -4000 -o -perm -2000 \) -printf "%m %M \t %u:%g \t %P \n" > /etc/logwatch/setid.log
  51. diff /etc/logwatch/setid.log /etc/logwatch/setid/old.log
  52. exit 0
  53. ############### This stuff needs more work ############################
  54. ####################
  55. # /srv/admin stuff #
  56. ####################
  57. echo
  58. echo "-------------[ /srv/admin permissions ]------------------"
  59. echo " (/srv/admin/skel is excluded from this)"
  60. echo
  61. echo "Below Follows a list of files in /srv/admin that are world readable"
  62. find /srv/admin -not -fstype nfs -path '/srv/admin/skel' -prune -perm -o=r -printf "%m \t %P \n"
  63. echo
  64. echo "Below Follows a list of files in /srv/admin not owned by root"
  65. find /srv/admin -not -fstype nfs -path '/srv/admin/skel' -prune -not -gid 0 -not -uid 0 -printf "%m \t %u:%g \t %P \n"
  66. exit 0