[Midnightbsd-cvs] src [11776] U trunk/etc/periodic/security/security.functions: update periodic scripts
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Jul 11 18:10:42 EDT 2018
Revision: 11776
http://svnweb.midnightbsd.org/src/?rev=11776
Author: laffer1
Date: 2018-07-11 18:10:41 -0400 (Wed, 11 Jul 2018)
Log Message:
-----------
update periodic scripts
Modified Paths:
--------------
trunk/etc/periodic/security/100.chksetuid
trunk/etc/periodic/security/110.neggrpperm
trunk/etc/periodic/security/200.chkmounts
trunk/etc/periodic/security/300.chkuid0
trunk/etc/periodic/security/400.passwdless
trunk/etc/periodic/security/410.logincheck
trunk/etc/periodic/security/500.ipfwdenied
trunk/etc/periodic/security/510.ipfdenied
trunk/etc/periodic/security/520.pfdenied
trunk/etc/periodic/security/550.ipfwlimit
trunk/etc/periodic/security/610.ipf6denied
trunk/etc/periodic/security/700.kernelmsg
trunk/etc/periodic/security/800.loginfail
trunk/etc/periodic/security/900.tcpwrap
trunk/etc/periodic/security/Makefile
trunk/etc/periodic/security/security.functions
Property Changed:
----------------
trunk/etc/periodic/security/100.chksetuid
trunk/etc/periodic/security/110.neggrpperm
trunk/etc/periodic/security/200.chkmounts
trunk/etc/periodic/security/300.chkuid0
trunk/etc/periodic/security/400.passwdless
trunk/etc/periodic/security/410.logincheck
trunk/etc/periodic/security/500.ipfwdenied
trunk/etc/periodic/security/510.ipfdenied
trunk/etc/periodic/security/520.pfdenied
trunk/etc/periodic/security/550.ipfwlimit
trunk/etc/periodic/security/610.ipf6denied
trunk/etc/periodic/security/700.kernelmsg
trunk/etc/periodic/security/800.loginfail
trunk/etc/periodic/security/900.tcpwrap
trunk/etc/periodic/security/security.functions
Modified: trunk/etc/periodic/security/100.chksetuid
===================================================================
--- trunk/etc/periodic/security/100.chksetuid 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/100.chksetuid 2018-07-11 22:10:41 UTC (rev 11776)
@@ -37,22 +37,26 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_chksetuid_enable
+
rc=0
-case "$daily_status_security_chksetuid_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_chksetuid_enable
+then
echo ""
echo 'Checking setuid files and devices:'
- MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
- find -sx $MP /dev/null -type f \
+ IFS=$'\n' # Don't split mount points with spaces or tabs
+ MP=`mount -t ufs,zfs | awk '
+ $0 !~ /no(suid|exec)/ {
+ sub(/^.* on \//, "/");
+ sub(/ \(.*\)/, "");
+ print $0
+ }'`
+ find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
\( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
check_diff setuid - "${host} setuid diffs:"
rc=$?
- ;;
- *)
- rc=0
- ;;
-esac
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/100.chksetuid
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/110.neggrpperm
===================================================================
--- trunk/etc/periodic/security/110.neggrpperm 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/110.neggrpperm 2018-07-11 22:10:41 UTC (rev 11776)
@@ -35,20 +35,27 @@
source_periodic_confs
fi
+security_daily_compat_var security_status_neggrpperm_enable
+
rc=0
-case "$daily_status_security_neggrpperm_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_neggrpperm_enable
+then
echo ""
echo 'Checking negative group permissions:'
- MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
- n=$(find -sx $MP /dev/null -type f \
+ IFS=$'\n' # Don't split mount points with spaces or tabs
+ MP=`mount -t ufs,zfs | awk '
+ $0 !~ /no(suid|exec)/ {
+ sub(/^.* on \//, "/");
+ sub(/ \(.*\)/, "");
+ print $0
+ }'`
+ n=$(find -sx $MP /dev/null \( ! -fstype local \) -prune -o -type f \
\( \( ! -perm +010 -and -perm +001 \) -or \
\( ! -perm +020 -and -perm +002 \) -or \
\( ! -perm +040 -and -perm +004 \) \) \
-exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
[ $n -gt 0 ] && rc=1 || rc=0
- ;;
-esac
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/110.neggrpperm
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/200.chkmounts
===================================================================
--- trunk/etc/periodic/security/200.chkmounts 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/200.chkmounts 2018-07-11 22:10:41 UTC (rev 11776)
@@ -40,12 +40,16 @@
. /etc/periodic/security/security.functions
-ignore="${daily_status_security_chkmounts_ignore}"
+security_daily_compat_var security_status_chkmounts_enable
+security_daily_compat_var security_status_chkmounts_ignore
+security_daily_compat_var security_status_noamd
+
+ignore="${security_status_chkmounts_ignore}"
rc=0
-case "$daily_status_security_chkmounts_enable" in
- [Yy][Ee][Ss])
- case "$daily_status_security_noamd" in
+if check_yesno_period security_status_chkmounts_enable
+then
+ case "$security_status_noamd" in
[Yy][Ee][Ss])
ignore="${ignore}|^amd:"
esac
@@ -55,8 +59,7 @@
fi
mount -p | sort | ${cmd} |
check_diff mount - "${host} changes in mounted filesystems:"
- rc=$?;;
- *) rc=0;;
-esac
+ rc=$?
+fi
exit "$rc"
Property changes on: trunk/etc/periodic/security/200.chkmounts
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/300.chkuid0
===================================================================
--- trunk/etc/periodic/security/300.chkuid0 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/300.chkuid0 2018-07-11 22:10:41 UTC (rev 11776)
@@ -36,8 +36,12 @@
source_periodic_confs
fi
-case "$daily_status_security_chkuid0_enable" in
- [Yy][Ee][Ss])
+security_daily_compat_var security_status_chkuid0_enable
+
+rc=0
+
+if check_yesno_period security_status_chkuid0_enable
+then
echo ""
echo 'Checking for uids of 0:'
n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
@@ -44,8 +48,7 @@
tee /dev/stderr |
sed -e '/^root 0$/d' -e '/^toor 0$/d' |
wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0;;
- *) rc=0;;
-esac
+ [ $n -gt 0 ] && rc=1 || rc=0
+fi
exit "$rc"
Property changes on: trunk/etc/periodic/security/300.chkuid0
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/400.passwdless
===================================================================
--- trunk/etc/periodic/security/400.passwdless 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/400.passwdless 2018-07-11 22:10:41 UTC (rev 11776)
@@ -35,14 +35,17 @@
source_periodic_confs
fi
-case "$daily_status_security_passwdless_enable" in
- [Yy][Ee][Ss])
+security_daily_compat_var security_status_passwdless_enable
+
+rc=0
+
+if check_yesno_period security_status_passwdless_enable
+then
echo ""
echo 'Checking for passwordless accounts:'
n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0;;
- *) rc=0;;
-esac
+ [ $n -gt 0 ] && rc=1 || rc=0
+fi
exit "$rc"
Property changes on: trunk/etc/periodic/security/400.passwdless
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/410.logincheck
===================================================================
--- trunk/etc/periodic/security/410.logincheck 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/410.logincheck 2018-07-11 22:10:41 UTC (rev 11776)
@@ -35,8 +35,12 @@
source_periodic_confs
fi
-case "$daily_status_security_logincheck_enable" in
- [Yy][Ee][Ss])
+security_daily_compat_var security_status_logincheck_enable
+
+rc=0
+
+if check_yesno_period security_status_logincheck_enable
+then
echo ""
echo 'Checking login.conf permissions:'
if [ -G /etc/login.conf -a -O /etc/login.conf ]; then
@@ -45,8 +49,7 @@
echo "Bad ownership of /etc/login.conf"
n=1
fi
- [ $n -gt 0 ] && rc=1 || rc=0;;
- *) rc=0;;
-esac
+ [ $n -gt 0 ] && rc=1 || rc=0
+fi
exit "$rc"
Property changes on: trunk/etc/periodic/security/410.logincheck
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/500.ipfwdenied
===================================================================
--- trunk/etc/periodic/security/500.ipfwdenied 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/500.ipfwdenied 2018-07-11 22:10:41 UTC (rev 11776)
@@ -37,17 +37,18 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_ipfwdenied_enable
+
rc=0
-case "$daily_status_security_ipfwdenied_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_ipfwdenied_enable
+then
TMP=`mktemp -t security`
if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:"
fi
rc=$?
- rm -f ${TMP};;
- *) rc=0;;
-esac
+ rm -f ${TMP}
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/500.ipfwdenied
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/510.ipfdenied
===================================================================
--- trunk/etc/periodic/security/510.ipfdenied 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/510.ipfdenied 2018-07-11 22:10:41 UTC (rev 11776)
@@ -37,17 +37,18 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_ipfdenied_enable
+
rc=0
-case "$daily_status_security_ipfdenied_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_ipfdenied_enable
+then
TMP=`mktemp -t security`
if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then
check_diff new_only ipf ${TMP} "${host} ipf denied packets:"
fi
rc=$?
- rm -f ${TMP};;
- *) rc=0;;
-esac
+ rm -f ${TMP}
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/510.ipfdenied
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/520.pfdenied
===================================================================
--- trunk/etc/periodic/security/520.pfdenied 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/520.pfdenied 2018-07-11 22:10:41 UTC (rev 11776)
@@ -37,17 +37,18 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_pfdenied_enable
+
rc=0
-case "$daily_status_security_pfdenied_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_pfdenied_enable
+then
TMP=`mktemp -t security`
- if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' > ${TMP}; then
check_diff new_only pf ${TMP} "${host} pf denied packets:"
fi
rc=$?
- rm -f ${TMP};;
- *) rc=0;;
-esac
+ rm -f ${TMP}
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/520.pfdenied
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/550.ipfwlimit
===================================================================
--- trunk/etc/periodic/security/550.ipfwlimit 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/550.ipfwlimit 2018-07-11 22:10:41 UTC (rev 11776)
@@ -38,10 +38,12 @@
source_periodic_confs
fi
+security_daily_compat_var security_status_ipfwlimit_enable
+
rc=0
-case "$daily_status_security_ipfwlimit_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_ipfwlimit_enable
+then
IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null`
if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then
exit 0
@@ -61,8 +63,7 @@
echo 'ipfw log limit reached:'
cat ${TMP}
fi
- rm -f ${TMP};;
- *) rc=0;;
-esac
+ rm -f ${TMP}
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/550.ipfwlimit
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/610.ipf6denied
===================================================================
--- trunk/etc/periodic/security/610.ipf6denied 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/610.ipf6denied 2018-07-11 22:10:41 UTC (rev 11776)
@@ -37,17 +37,18 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_ipf6denied_enable
+
rc=0
-case "$daily_status_security_ipf6denied_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_ipf6denied_enable
+then
TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then
check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:"
fi
rc=$?
- rm -f ${TMP};;
- *) rc=0;;
-esac
+ rm -f ${TMP}
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/610.ipf6denied
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/700.kernelmsg
===================================================================
--- trunk/etc/periodic/security/700.kernelmsg 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/700.kernelmsg 2018-07-11 22:10:41 UTC (rev 11776)
@@ -40,14 +40,15 @@
. /etc/periodic/security/security.functions
+security_daily_compat_var security_status_kernelmsg_enable
+
rc=0
-case "$daily_status_security_kernelmsg_enable" in
- [Yy][Ee][Ss])
+if check_yesno_period security_status_kernelmsg_enable
+then
dmesg 2>/dev/null |
check_diff new_only dmesg - "${host} kernel log messages:"
- rc=$?;;
- *) rc=0;;
-esac
+ rc=$?
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/700.kernelmsg
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/800.loginfail
===================================================================
--- trunk/etc/periodic/security/800.loginfail 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/800.loginfail 2018-07-11 22:10:41 UTC (rev 11776)
@@ -38,8 +38,11 @@
source_periodic_confs
fi
-LOG="${daily_status_security_logdir}"
+security_daily_compat_var security_status_logdir
+security_daily_compat_var security_status_loginfail_enable
+LOG="${security_status_logdir}"
+
yesterday=`date -v-1d "+%b %e "`
catmsgs() {
@@ -55,14 +58,15 @@
[ -f ${LOG}/auth.log ] && cat $LOG/auth.log
}
-case "$daily_status_security_loginfail_enable" in
- [Yy][Ee][Ss])
+rc=0
+
+if check_yesno_period security_status_loginfail_enable
+then
echo ""
echo "${host} login failures:"
- n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+ n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" |
tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0;;
- *) rc=0;;
-esac
+ [ $n -gt 0 ] && rc=1 || rc=0
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/800.loginfail
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/900.tcpwrap
===================================================================
--- trunk/etc/periodic/security/900.tcpwrap 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/900.tcpwrap 2018-07-11 22:10:41 UTC (rev 11776)
@@ -38,8 +38,11 @@
source_periodic_confs
fi
-LOG="${daily_status_security_logdir}"
+security_daily_compat_var security_status_logdir
+security_daily_compat_var security_status_tcpwrap_enable
+LOG="${security_status_logdir}"
+
yesterday=`date -v-1d "+%b %e "`
catmsgs() {
@@ -55,14 +58,15 @@
[ -f ${LOG}/messages ] && cat $LOG/messages
}
-case "$daily_status_security_tcpwrap_enable" in
- [Yy][Ee][Ss])
+rc=0
+
+if check_yesno_period security_status_tcpwrap_enable
+then
echo ""
echo "${host} refused connections:"
n=$(catmsgs | grep -i "^$yesterday.*refused connect" |
tee /dev/stderr | wc -l)
- [ $n -gt 0 ] && rc=1 || rc=0;;
- *) rc=0;;
-esac
+ [ $n -gt 0 ] && rc=1 || rc=0
+fi
exit $rc
Property changes on: trunk/etc/periodic/security/900.tcpwrap
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/etc/periodic/security/Makefile
===================================================================
--- trunk/etc/periodic/security/Makefile 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/Makefile 2018-07-11 22:10:41 UTC (rev 11776)
@@ -2,6 +2,8 @@
.include <bsd.own.mk>
+FILESGROUPS= FILES DATA
+
FILES= 100.chksetuid \
110.neggrpperm \
200.chkmounts \
@@ -9,9 +11,8 @@
400.passwdless \
410.logincheck \
700.kernelmsg \
- 800.loginfail \
- 900.tcpwrap \
- security.functions
+ 800.loginfail
+DATA= security.functions
# NB: keep these sorted by MK_* knobs
@@ -29,4 +30,8 @@
FILES+= 520.pfdenied
.endif
+.if ${MK_INETD} != "no" && ${MK_TCP_WRAPPERS} != "no"
+FILES+= 900.tcpwrap
+.endif
+
.include <bsd.prog.mk>
Modified: trunk/etc/periodic/security/security.functions
===================================================================
--- trunk/etc/periodic/security/security.functions 2018-07-11 21:01:46 UTC (rev 11775)
+++ trunk/etc/periodic/security/security.functions 2018-07-11 22:10:41 UTC (rev 11776)
@@ -25,13 +25,20 @@
# SUCH DAMAGE.
#
# $MidnightBSD$
-#
+# This is a library file, so we only try to do something when sourced.
+case "$0" in
+*/security.functions) exit 0 ;;
+esac
+
+security_daily_compat_var security_status_logdir
+security_daily_compat_var security_status_diff_flags
+
#
# Show differences in the output of an audit command
#
-LOG="${daily_status_security_logdir}"
+LOG="${security_status_logdir}"
rc=0
# Usage: COMMAND | check_diff [new_only] LABEL - MSG
@@ -40,10 +47,11 @@
# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
check_diff() {
+ unset IFS
rc=0
if [ "$1" = "new_only" ]; then
shift
- filter="grep '^[>+]'"
+ filter="grep '^[>+][^+]'"
else
filter="cat"
fi
@@ -67,7 +75,7 @@
[ $rc -lt 1 ] && rc=1
echo ""
echo "${msg}"
- diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \
+ diff ${security_status_diff_flags} ${LOG}/${label}.today \
${tmpf} | eval "${filter}"
mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
mv ${tmpf} ${LOG}/${label}.today || rc=3
Property changes on: trunk/etc/periodic/security/security.functions
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
More information about the Midnightbsd-cvs
mailing list