Commit Graph

33 Commits

Author SHA1 Message Date
sheldonh
d8a93d30ec Apply a consistent style to most of the etc scripts. Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.

Changes discussed on freebsd-hackers.

Submitted by:	Doug Barton <Doug@gorean.org>
1999-09-13 15:44:20 +00:00
peter
289c0d262f $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
sheldonh
8cec588c44 Style clean-up:
* All variables are now embraced: ${foo}

	* All comparisons against some value now take the form:
	  [ "${foo}" ? "value" ]
	  where ? is a comparison operator

	* All empty string tests now take the form:
	  [ -z "${foo}" ]

	* All non-empty string tests now take the form:
	  [ -n "${foo}" ]

Submitted by:	jkh
1999-08-25 16:01:45 +00:00
sheldonh
feb3b0d869 Ignore NIS accounts when checking for passwordless accounts.
PR:     9639
Reported by:    Bob Willcox <bob@pmr.com>
Submitted by:   des
1999-06-23 14:23:54 +00:00
danny
44bde66cb0 Fix typo: "login failures" -> "login failure"
PR:	9424
Submitted by:	Lars K*ller <root@cc.fh-lippe.de>
1999-01-10 11:18:59 +00:00
billf
a81a07d54f Make periodic(8) and the security mailings reflect the full FQDN, as opposed
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.

PR:		bin/9091
Submitted By:	Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
1999-01-01 17:37:33 +00:00
des
7259d16a8d Fix typo in previous commit.
PR:		7621
Submitted by:	Mark Huizer
1998-08-16 10:38:02 +00:00
des
ee72d83db3 Make /etc/security bitch about passwordless accounts.
Use awk -F: rather than 'BEGIN {FS=":"}'
1998-08-11 08:48:54 +00:00
alex
175810b725 Detect user id 0 as a number instead of a string. String comparisons
fail to detect 00.

PR:		7218
Submitted by:	Michal Listos <mcl@Amnesiac.123.org>
		Niall Smart <rotel@indigo.ie>
1998-07-08 22:42:08 +00:00
andreas
45ae42c55e additionally warnings
- login failures
- tcp_wrapper messages about refused connections
1998-06-27 11:13:59 +00:00
alex
4b7cf487fc Display ipfw rules which have reached the log limit. 1998-02-04 01:53:19 +00:00
alex
c6ca8e3387 Changed ipfw grep string: reject rules are now listed as deny, reset,
or unreach.
1997-09-26 01:38:30 +00:00
brian
4099136ec6 Remove the annoying "cmp: EOF" message when
dmesg changes.
1997-08-01 01:25:21 +00:00
mpp
09cbe4801b Remove the -g option from the "find ... | xargs -ls ..." line.
The -g option to ls has been depreciated.
1997-03-03 07:03:50 +00:00
mpp
76a899ae26 When looking for setuid files, call find with -print0 and xargs with -0.
This allows find to pass files with "illegal" characters to xargs in a
safe manner.

Note: due to the manner in which the file names are now passed between
find and xargs, the files are now sorted differently than before.
The first /etc/security run after installing this change may result
in a lot of output when nothing did in fact change.

Closes PR# 1910.

2.2 candidate.
1997-02-23 21:34:34 +00:00
peter
f173325ac8 Revert $FreeBSD$ to $Id$ 1997-02-23 09:21:14 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
nate
579bd31171 Whoops, update the comment field while we're at it. (I *hate* the link
to freefall!)
1996-10-12 04:56:28 +00:00
nate
ab2b99c79b In the same manner that we log the ipfw entries, log the kernel log
messages using the output of dmesg.
1996-10-12 04:51:09 +00:00
pst
68b5118d7c Move intermediary file generation to /var partition 1996-07-31 06:47:05 +00:00
alex
652fd8dd7f If ipfw is enabled, display packet/byte counters for reject/deny rules
that have changed since the last security check.

Make the spacing between sections more consistent.
1996-06-30 19:35:20 +00:00
peter
9b4d02761c If a local ufs filesystem is mounted "nosuid", dont scan it as part of
the /etc/security setuid checks.  This is useful for things like large
news spool partitions that dont have executables.

Reviewed by: pst
1996-06-30 13:16:21 +00:00
ache
12363b211c Exclude devices. Character ones modes changes often and proper names
guessing involves too much AI.
1996-04-19 22:28:01 +00:00
ache
599cdbb685 Use -X to be xargs-friendly
Check devices too, follow original BSD intention
Find only executable files with s-bits, close PR bin/1022
Reset locale to C to have equal results in any case
1996-04-18 10:34:07 +00:00
ache
66a1f35e31 If no $LOG/setuid.today exists (f.e. first time to run), put
warning and make it, all following commands fails in old case
1995-09-15 00:22:31 +00:00
ache
d503e1e6bc Use -b for diff, ls produce different number of spaces 1995-05-27 01:37:44 +00:00
ats
f34d2f9c01 Fix a bug, that someone has introduced into /etc/security. It has no longer
found SUID files, only SGID files. The find has missed some parantheses.
1995-01-14 13:23:50 +00:00
rgrimes
941cae5887 From: rich@lamprey.UTMB.EDU (Rich Murphey)
Subject: Re: daily insecurity output (fwd)
|From: rgrimes@agora.rain.com (Rodney Grimes)
|
|This is from the new /etc/security script.  I no longer get the segmentation
|violation, but now the arg list is too long, some /bin/sh program want to
|fix the current /etc/security ls command so that it is a pipe insteal of
|a back quoted arg?
|
|> checking setuid files and devices:
|> /etc/security: ls: argument list too long

This uses xargs instead.  My slip line's down so I can't check it in
at the moment. Rich
1994-01-22 10:54:13 +00:00
rich
8183c46907 When listing all suid and sgid files list the file itself rather than
directorty contents.
1993-12-15 06:42:01 +00:00
rgrimes
9cbca60857 Reworked the search for suid sgid programs to be more like the original and
only to run find on local file systems.  It now works and no longer gets
the error from sort
1993-10-25 20:13:16 +00:00
rgrimes
cf1bc54ea7 Fixed so that it scans for set uid/gid files. From Rich Murphy and NetBSD,
plus some tid bits from me.
1993-09-06 23:12:04 +00:00
rgrimes
47d084c289 Fixed daily so that it no longer does accounting since FreeBSD does not
yet have the accounting stuff in it.  Disabled ncheck search in security
due to missing ncheck.
1993-08-07 09:58:37 +00:00
rgrimes
241ccdeaf3 Initial import of 386BSD 0.1 othersrc/etc 1993-06-20 13:41:45 +00:00