From pirzyk@faf.disney.com Sat Aug 24 16:40:02 1996 Received: from huey.disney.com (huey.disney.com [204.128.192.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA11493 for ; Sat, 24 Aug 1996 16:40:01 -0700 (PDT) Received: from dalsdb (dalsdb.fa.disney.com [139.104.212.4]) by huey.disney.com (8.7.5/8.7.3) with SMTP id QAA07441 for ; Sat, 24 Aug 1996 16:35:10 -0700 (PDT) Received: from snowhite by dalsdb with smtp (Smail3.1.28.1 #53) id m0uuSIU-00000wC; Sat, 24 Aug 96 16:39 PDT Received: from amigo.cpm.com (port_2933.faf.disney.com [153.6.101.249]) by snowhite (8.6.11/8.6.11) with ESMTP id TAA10876 for ; Sat, 24 Aug 1996 19:38:54 -0400 Received: (from pirzyk@localhost) by amigo.cpm.com (8.6.12/8.6.12) id QAA19207; Sat, 24 Aug 1996 16:11:42 -0400 Message-Id: <199608242011.QAA19207@amigo.cpm.com> Date: Sat, 24 Aug 1996 16:11:42 -0400 From: pirzyk@faf.disney.com Reply-To: pirzyk@dalsdb.fa.disney.com To: FreeBSD-gnats-submit@freebsd.org Subject: new /etc/security script X-Send-Pr-Version: 3.2 >Number: 1538 >Category: misc >Synopsis: enhanced /etc/security script >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 24 16:50:01 PDT 1996 >Closed-Date: Sat May 23 02:23:59 PDT 1998 >Last-Modified: Sat May 23 02:24:13 PDT 1998 >Originator: Jim Pirzyk >Release: FreeBSD 2.1-STABLE i386 >Organization: Walt Disney Feature Animation Florida >Environment: All FreeBSD systems. >Description: Add more security checks in the /etc/security script. >How-To-Repeat: >Fix: Here are the context diffs for /etc/security. *** /etc/security Sat Aug 24 16:00:46 1996 --- /etc/security.bak Thu Nov 16 04:58:43 1995 *************** *** 39,63 **** echo "" echo "checking for uids of 0:" awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd - - echo "" - echo "" - echo "checking for accounts without passwords:" - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd - - echo "" - echo "" - echo "checking for accounts with duplicate uids:" - sort -t: +2n /etc/master.passwd | awk -F: 'BEGIN { duplicate = -1; } $1 != "+" && $3 != 0 {if (duplicate == $3) { print $1, name; } duplicate = $3; name = $1; }' - - echo "" - echo "" - echo "checking for world exported filesystems:" - sed -e '/^\#/d' -e '/^[ \t]*$/d' /etc/exports | awk 'NF < 2 { print }' - - echo "" - echo "" - echo "checking for block & character device files not in /dev:" - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }' - - exit $? --- 39,41 ---- >Release-Note: >Audit-Trail: From: J Wunsch To: Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: misc/1538: new /etc/security script Date: Sun, 25 Aug 1996 11:47:30 +0200 (MET DST) As pirzyk@faf.disney.com wrote: > *** /etc/security Sat Aug 24 16:00:46 1996 > --- /etc/security.bak Thu Nov 16 04:58:43 1995 (Btw., your patch is reversed. Not a big deal, but i thought i'd mention it.) > - echo "" > - echo "" > - echo "checking for accounts without passwords:" > - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd This is a matter of local policy and not always unwanted. So i'd leave this commented in the script, up to the local admin to enable it if he wants. > - echo "checking for block & character device files not in /dev:" > - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }' > - What i don't like with these approaches is that there are multiple find's walking down the disk twice or more each night. This will only increase the sales volume of disk vendors... Instead, we should run *one* find, selecting all the desired items, and post-process its output for the various actions. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) State-Changed-From-To: open->closed State-Changed-By: phk State-Changed-When: Sat May 23 02:23:59 PDT 1998 State-Changed-Why: As part of our PR auditing campaign, this PR has been closed due to it's age and lack of activity on the PR. There is a good chance that the problem reported have been solved as part of other activities. If this is not the case, please reopen this PR with fresh information on the manifestation of the bug. Sorry about the late reaction to this PR. >Unformatted: