#!/bin/sh # # fscheck - check file system for insecurities # # (This should be run as root). # # This script is given in the book, UNIX System Security: A Guide for # Users and System Administrators," by David A. Curry. You should read # this book for an explanation of what it is doing and what it is # looking for. In order for the "diff" code at the bottom to work, # you must first run the "find", "ls" and "sum" commands to get the # master lists. PATH=/usr/bin:/bin export PATH # Set CHECKDIRS to the list of directories you want to put in # your check list. # # Set MASTER_LS to the path of the master checklist generated # with "ls". # # Set MASTER_SUM to the path of the master checklist generated # with "sum". CHECKDIRS="/bin /etc /usr/bin /usr/etc /usr/lib /usr/ucb" MASTER_LS=ls.master MASTER_SUM=sum.master # # Search the entire file system for set-user-id files. # echo "Set-User-Id files found:" find / -type f -a -perm -4000 -exec ls -aslg {} \; echo "" # # Search the entire file system for set-group-id files. # echo "Set-Group-Id files found:" find / -type f -a -perm -2000 -exec ls -aslg {} \; echo "" # # Search the entire file system for world writeable files and driectories. # echo "World writeable files and directories:" find / \! -type l -perm -2 -exec ls -asldg {} \; echo "" # # Search the entire file system for files and directories owned # by non-existent users or groups. This will only work on systems with # the "-nouser" and "-nogroup" options to find. # echo "Files owned by non-existent user or group:" find / \( -nouser -o -nogroup \) -exec ls -asldg {} \; echo "" # # Generate a checklist using ls. # ls -alsgR $CHECKDIRS > /tmp/lschk.$$ # # Generate a checklist using sum. # # The first find command should be used on Berkeley systems - that # version of sum does not print the file name, so we need to print it # using echo. The second find command should be used on System V # systems. # find $CHECKDIRS -type f -exec echo -n {} " " \; \ -exec sum {} \; > /tmp/sumchk.$$ # find $CHECKDIRS -type f -exec sum {} \; > /tmp/sumchk.$$ # # Compare the ls checklist with the master checklist. # echo "Files in $CHECKDIRS whose attributes have changed:" echo "< = master check list, > = current listing" diff $MASTER_SUM /tmp/sumchk.$$ # # Delete out temporary files and exit. # rm -f /tmp/lschk.$$ /tmp/sumchk.$$ exit 0