[Midnightbsd-cvs] src: periodic/security: Update security periodic to go with changes in

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu Mar 19 23:10:41 EDT 2009


Log Message:
-----------
Update security periodic to go with changes in various system utilities including ipfw

Modified Files:
--------------
    src/etc/periodic/security:
        100.chksetuid (r1.2 -> r1.3)
        200.chkmounts (r1.2 -> r1.3)
        300.chkuid0 (r1.2 -> r1.3)
        400.passwdless (r1.2 -> r1.3)
        500.ipfwdenied (r1.2 -> r1.3)
        510.ipfdenied (r1.2 -> r1.3)
        520.pfdenied (r1.2 -> r1.3)
        550.ipfwlimit (r1.2 -> r1.3)
        610.ipf6denied (r1.2 -> r1.3)
        700.kernelmsg (r1.2 -> r1.3)
        800.loginfail (r1.3 -> r1.4)
        900.tcpwrap (r1.2 -> r1.3)
        Makefile (r1.2 -> r1.3)
        security.functions (r1.2 -> r1.3)

Added Files:
-----------
    src/etc/periodic/security:
        410.logincheck (r1.1)

Removed Files:
-------------
    src/etc/periodic/security:
        600.ip6fwdenied
        650.ip6fwlimit

-------------- next part --------------
Index: 500.ipfwdenied
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/500.ipfwdenied,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/500.ipfwdenied -L etc/periodic/security/500.ipfwdenied -u -r1.2 -r1.3
--- etc/periodic/security/500.ipfwdenied
+++ etc/periodic/security/500.ipfwdenied
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/500.ipfwdenied,v 1.6 2005/02/23 15:07:36 ssouhlal Exp $
-#
+# $MidnightBSD$
 
 # If there is a global system configuration file, suck it in.
 #
Index: security.functions
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/security.functions,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/security.functions -L etc/periodic/security/security.functions -u -r1.2 -r1.3
--- etc/periodic/security/security.functions
+++ etc/periodic/security/security.functions
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
+# $FreeBSD: src/etc/periodic/security/security.functions,v 1.5 2005/08/22 09:33:36 cperciva Exp $
 # $MidnightBSD$
-# $FreeBSD: src/etc/periodic/security/security.functions,v 1.4.2.1 2005/08/25 19:07:28 cperciva Exp $
-#
 
 #
 # Show differences in the output of an audit command
--- etc/periodic/security/600.ip6fwdenied
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001  The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $MidnightBSD: src/etc/periodic/security/600.ip6fwdenied,v 1.2 2006/08/28 02:13:43 laffer1 Exp $
-# $FreeBSD: src/etc/periodic/security/600.ip6fwdenied,v 1.5 2003/06/30 22:06:26 mtm Exp $
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
-    . /etc/defaults/periodic.conf
-    source_periodic_confs
-fi
-
-. /etc/periodic/security/security.functions
-
-rc=0
-
-case "$daily_status_security_ip6fwdenied_enable" in
-    [Yy][Ee][Ss])
-	TMP=`mktemp -t security`
-	if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
-	  check_diff new_only ip6fw ${TMP} "${host} ip6fw denied packets:"
-	fi
-	rc=$?
-	rm -f ${TMP};;
-    *)	rc=0;;
-esac
-
-exit $rc
Index: 550.ipfwlimit
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/550.ipfwlimit,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/550.ipfwlimit -L etc/periodic/security/550.ipfwlimit -u -r1.2 -r1.3
--- etc/periodic/security/550.ipfwlimit
+++ etc/periodic/security/550.ipfwlimit
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
+# $FreeBSD: src/etc/periodic/security/550.ipfwlimit,v 1.10 2005/09/11 14:29:58 maxim Exp $
 # $MidnightBSD$
-# $FreeBSD: src/etc/periodic/security/550.ipfwlimit,v 1.7.2.2 2005/09/13 14:31:34 maxim Exp $
-#
 
 # Show ipfw rules which have reached the log limit
 #
Index: 900.tcpwrap
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/900.tcpwrap,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/900.tcpwrap -L etc/periodic/security/900.tcpwrap -u -r1.2 -r1.3
--- etc/periodic/security/900.tcpwrap
+++ etc/periodic/security/900.tcpwrap
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/900.tcpwrap,v 1.3 2003/01/05 21:32:50 se Exp $
-#
+# $MidnightBSD$
 
 # Show tcp_wrapper warning messages
 #
--- etc/periodic/security/650.ip6fwlimit
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (c) 2001  The FreeBSD Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $MidnightBSD: src/etc/periodic/security/650.ip6fwlimit,v 1.2 2006/08/28 02:13:43 laffer1 Exp $
-# $FreeBSD: src/etc/periodic/security/650.ip6fwlimit,v 1.6 2003/06/30 22:06:26 mtm Exp $
-#
-
-# Show ip6fw rules which have reached the log limit
-#
-
-# If there is a global system configuration file, suck it in.
-#
-if [ -r /etc/defaults/periodic.conf ]
-then
-    . /etc/defaults/periodic.conf
-    source_periodic_confs
-fi
-
-rc=0
-
-case "$daily_status_security_ip6fwlimit_enable" in
-    [Yy][Ee][Ss])
-	TMP=`mktemp -t security`
-	IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
-	if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
-	    ip6fw -a l | grep " log " | \
-	    grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
-	    awk -v limit="$IPFW_LOG_LIMIT" \
-		'{if ($2 > limit) {print $0}}' > ${TMP}
-	    if [ -s "${TMP}" ]; then
-		rc=1
-		echo ""
-		echo 'ip6fw log limit reached:'
-		cat ${TMP}
-	    fi
-	fi
-	rm -f ${TMP};;
-    *)	rc=0;;
-esac
-
-exit $rc
Index: 300.chkuid0
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/300.chkuid0,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/300.chkuid0 -L etc/periodic/security/300.chkuid0 -u -r1.2 -r1.3
--- etc/periodic/security/300.chkuid0
+++ etc/periodic/security/300.chkuid0
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/300.chkuid0,v 1.1 2001/12/07 23:57:38 cjc Exp $
-#
+# $MidnightBSD$
 
 
 # If there is a global system configuration file, suck it in.
Index: 520.pfdenied
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/520.pfdenied,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/520.pfdenied -L etc/periodic/security/520.pfdenied -u -r1.2 -r1.3
--- etc/periodic/security/520.pfdenied
+++ etc/periodic/security/520.pfdenied
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/520.pfdenied,v 1.1 2004/11/24 18:41:53 mlaier Exp $
-#
+# $MidnightBSD$
 
 # If there is a global system configuration file, suck it in.
 #
Index: 800.loginfail
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/800.loginfail,v
retrieving revision 1.3
retrieving revision 1.4
diff -L etc/periodic/security/800.loginfail -L etc/periodic/security/800.loginfail -u -r1.3 -r1.4
--- etc/periodic/security/800.loginfail
+++ etc/periodic/security/800.loginfail
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
+# $FreeBSD: src/etc/periodic/security/800.loginfail,v 1.8 2007/02/23 21:42:54 remko Exp $
 # $MidnightBSD$
-# $FreeBSD: src/etc/periodic/security/800.loginfail,v 1.5 2003/01/05 21:32:50 se Exp $
-#
 
 # Show login failures
 #
@@ -60,7 +59,7 @@
     [Yy][Ee][Ss])
 	echo ""
 	echo "${host} login failures:"
-	n=$(catmsgs | egrep -ia "^$yesterday.*(fail|invalid|bad|illegal)" |
+	n=$(catmsgs | egrep -ia "^$yesterday.*: .* (fail|invalid|bad|illegal)" |
 	    tee /dev/stderr | wc -l)
 	[ $n -gt 0 ] && rc=1 || rc=0;;
     *)	rc=0;;
Index: 200.chkmounts
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/200.chkmounts,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/200.chkmounts -L etc/periodic/security/200.chkmounts -u -r1.2 -r1.3
--- etc/periodic/security/200.chkmounts
+++ etc/periodic/security/200.chkmounts
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/200.chkmounts,v 1.5 2002/10/25 15:14:16 thomas Exp $
-#
+# $MidnightBSD$
 
 # Show changes in the way filesystems are mounted
 #
--- /dev/null
+++ etc/periodic/security/410.logincheck
@@ -0,0 +1,52 @@
+#!/bin/sh -
+#
+# Copyright (c) 2006  Tom Rhodes
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD: src/etc/periodic/security/410.logincheck,v 1.1 2006/08/25 07:34:36 trhodes Exp $
+# $MidnightBSD: src/etc/periodic/security/410.logincheck,v 1.1 2009/03/20 03:10:40 laffer1 Exp $
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_status_security_logincheck_enable" in
+    [Yy][Ee][Ss])
+	echo ""
+	echo 'Checking login.conf permissions:'
+	if [ -G /etc/login.conf -a -O /etc/login.conf ] then
+	    n=0
+	else
+	    echo "Bad ownership of /etc/login.conf"
+	    n=1
+	fi
+	[ $n -gt 0 ] && rc=1 || rc=0;;
+    *)	rc=0;;
+esac
+
+exit "$rc"
Index: 510.ipfdenied
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/510.ipfdenied,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/510.ipfdenied -L etc/periodic/security/510.ipfdenied -u -r1.2 -r1.3
--- etc/periodic/security/510.ipfdenied
+++ etc/periodic/security/510.ipfdenied
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/510.ipfdenied,v 1.2 2003/06/30 22:06:26 mtm Exp $
-#
+# $MidnightBSD$
 
 # If there is a global system configuration file, suck it in.
 #
Index: Makefile
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/Makefile -L etc/periodic/security/Makefile -u -r1.2 -r1.3
--- etc/periodic/security/Makefile
+++ etc/periodic/security/Makefile
@@ -1,16 +1,14 @@
 # $MidnightBSD$
-# $FreeBSD: src/etc/periodic/security/Makefile,v 1.4 2004/11/24 18:41:53 mlaier Exp $
 
 FILES=	100.chksetuid \
 	200.chkmounts \
 	300.chkuid0 \
 	400.passwdless \
+	410.logincheck \
 	500.ipfwdenied \
 	510.ipfdenied \
 	520.pfdenied \
 	550.ipfwlimit \
-	600.ip6fwdenied \
-	650.ip6fwlimit \
 	700.kernelmsg \
 	800.loginfail \
 	900.tcpwrap \
Index: 700.kernelmsg
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/700.kernelmsg,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/700.kernelmsg -L etc/periodic/security/700.kernelmsg -u -r1.2 -r1.3
--- etc/periodic/security/700.kernelmsg
+++ etc/periodic/security/700.kernelmsg
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/700.kernelmsg,v 1.7 2002/11/16 14:57:12 thomas Exp $
-#
+# $MidnightBSD$
 
 # Show kernel log messages
 #
Index: 100.chksetuid
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/100.chksetuid,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/100.chksetuid -L etc/periodic/security/100.chksetuid -u -r1.2 -r1.3
--- etc/periodic/security/100.chksetuid
+++ etc/periodic/security/100.chksetuid
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
+# $FreeBSD: src/etc/periodic/security/100.chksetuid,v 1.8.14.1 2008/01/29 00:22:33 dougb Exp $
 # $MidnightBSD$
-# $FreeBSD: src/etc/periodic/security/100.chksetuid,v 1.8 2005/01/13 15:07:35 glebius Exp $
-#
 
 # If there is a global system configuration file, suck it in.
 #
@@ -45,7 +44,7 @@
 	echo ""
 	echo 'Checking setuid files and devices:'
 	# XXX Note that there is the possibility of overrunning the args to ls
-	MP=`mount -t ufs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
+	MP=`mount -t ufs,zfs | egrep -v " no(suid|exec)" | awk '{ print $3 }' | sort`
 	if [ -n "${MP}" ]
 	then
 	    set ${MP}
Index: 610.ipf6denied
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/610.ipf6denied,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/610.ipf6denied -L etc/periodic/security/610.ipf6denied -u -r1.2 -r1.3
--- etc/periodic/security/610.ipf6denied
+++ etc/periodic/security/610.ipf6denied
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/610.ipf6denied,v 1.1 2004/04/20 13:44:57 darrenr Exp $
-#
+# $MidnightBSD$
 
 # If there is a global system configuration file, suck it in.
 #
Index: 400.passwdless
===================================================================
RCS file: /home/cvs/src/etc/periodic/security/400.passwdless,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/periodic/security/400.passwdless -L etc/periodic/security/400.passwdless -u -r1.2 -r1.3
--- etc/periodic/security/400.passwdless
+++ etc/periodic/security/400.passwdless
@@ -24,9 +24,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $MidnightBSD$
 # $FreeBSD: src/etc/periodic/security/400.passwdless,v 1.1 2001/12/07 23:57:38 cjc Exp $
-#
+# $MidnightBSD$
 
 # If there is a global system configuration file, suck it in.
 #


More information about the Midnightbsd-cvs mailing list