Listing 1 sec-check.csh

#!/bin/csh
#
#  --------E&Y LLP UNIX Interrogation Script ----
#       7/98 Initial Program / Baha
#       8/98 Menu added / DER
#       8/98 Added More checks / Baha

set eyversion=v1.1
# =============================================================
#set -x
onintr quit
set prompt="Press <Return> to continue"
set DATE=`date +%m/%d/%y`
set HOSTNAME=`hostname`
set UNAMEa=`uname -a`
set UNAMEr=`uname -r`
set basedir=/tmp/eyscan
set OUTPUT=?{basedir}/ey-?{HOSTNAME}.out
set path=(?PATH /usr/ucb /usr/bin /etc /sbin /usr/sbin /bin .)
@ reply = `whoami |grep root | wc -w`
if (?reply == 0) then
   echo "You must be logged in as root to run this script."
   exit 1
endif

  clear
  echo ""
  echo "       ----------E&Y LLP UNIX Interrogation Script
?{eyversion}---------- "
  echo ""
  echo "          Please enter some of the system specifics "
  echo "          "
  echo -n "           1) What is the Version Number- ?{UNAMEr}?: "
   set version=?<
  echo -n "           2) What is the System Name- ?{HOSTNAME}?: "
   set sysname=?<
  echo -n "           3) What is the Administrator's Name: "
   set adminname=?<
  echo -n "           4) What is the Client's Name: "
   set clientname=?<
  echo -n "           5) Is NIS used [y/n]: "
   set nisused=?<
  echo -n "           6) Enter full path and name of the shadow file used: "
   set shadowfile=?<
#
  clear
  echo ""
  echo "       ----------E&Y LLP UNIX Interrogation Script
?{eyversion}---------- "
  echo ""
  echo "          System specifics "
  echo "          "
  echo "           1) Version Number: ?{version}"
  echo "           2) System Name: ?{sysname}"
  echo "           3) Administrator's Name: ?{adminname}"
  echo "           4) Client's Name: ?{clientname}"
  echo "           5) NIS used: ?{nisused}"
  echo "           6) Full path and name of shadow file: ?{shadowfile}"
  echo ""
  echo -n "           7) Is the above information correct? [y/n]: "
   set ans=?<
#
if (!((?ans == "y") || (?ans == "Y"))) then
       clear
       goto systeminfo
endif 

  clear
  echo ""
  echo "       ----------E&Y LLP UNIX Interrogation Script
?{eyversion}---------- "
  echo ""

#*** Set up output formatting.

echo "Setting up output format"
# Lets start by making sure the files and directories are in place 

        if (!(-d ?{basedir})) then
                mkdir ?{basedir}
        endif

        if (!(-e ?{OUTPUT})) then
                touch ?{OUTPUT}

# Add new text output files to the list here:
                touch ?{basedir}/eynetrc.out
                touch ?{basedir}/eyrhosts.out
                touch ?{basedir}/eyprofl.out
                touch ?{basedir}/eyforward.out
                touch ?{basedir}/eydir.out
# End of new text output files

        endif


cd ?{basedir}

#####################################################
#   Header Information

echo "Setting up  Header Information"
echo '###############################################'>& ?{OUTPUT}
echo '#                                           ' >>& ?{OUTPUT}
echo '# E&Y LLP UNIX Interrogation Script' ?{eyversion} >>& ?{OUTPUT}
echo '#                                           ' >>& ?{OUTPUT}
echo '# Copy Right 1998                           ' >>& ?{OUTPUT}
echo '#                                           ' >>& ?{OUTPUT}
echo '# This Security Profile client:' ?clientname  >>& ?{OUTPUT}
echo '# This Security Profile host: '?sysname 'ver: '?version >>& ?{OUTPUT}
echo '# The System Administrator is: '?adminname  >>& ?{OUTPUT}
echo '# The Script Start time/date is: '`date` >>& ?{OUTPUT}
echo '###############################################'>>& ?{OUTPUT}

# End of index output file

echo "SOLARIS Checks"

echo "***Section: Begin SOLARIS Specific Checks***" >>& ?{OUTPUT}
echo '********************************************' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying /ETC/PASSWD file" >>& ?{OUTPUT}
echo '**************************************' >>& ?{OUTPUT}
ls -la /etc/passwd >>& ?{OUTPUT}
cat /etc/passwd >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying Shadowed Password file" >>& ?{OUTPUT}
echo '********************************************' >>& ?{OUTPUT}
cat /etc/shadow >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Local accounts with a blank passwords"  >>& ?{OUTPUT}
echo '*************************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
cat /etc/shadow | grep ::>>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying Default Password settings" >>& ?{OUTPUT}
echo '***********************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
cat /etc/default/passwd >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying Default Login settings" >>& ?{OUTPUT}
echo '********************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
cat /etc/default/login >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying Solaris loginlog"  >>& ?{OUTPUT}
echo '**************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
tail -100 /var/adm/loginlog >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Solaris EEPROM"  >>& ?{OUTPUT}
echo '*************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
eeprom >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Solaris Mount points"  >>& ?{OUTPUT}
echo '*******************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
cat /etc/dfs/dfstab >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying Console Logging permissions" >>& ?{OUTPUT}
echo '*************************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /etc/logindevperm >>& ?{OUTPUT}
cat /etc/logindevperm >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Displaying SU Log settings" >>& ?{OUTPUT}
echo '*************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /etc/default/su >>& ?{OUTPUT}
cat /etc/default/su >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##SOLARIS: Users Allowed Cron Usage"  >>& ?{OUTPUT}
echo '***********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -la /etc/cron.d/cron.allow >>& ?{OUTPUT}
ls -la /etc/cron.d/cron.deny >>& ?{OUTPUT}
cat /etc/cron.d/cron.allow >>& ?{OUTPUT}
cat /etc/cron.d/cron.deny >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}

############################################
#    Start GENERIC specific
#       This section will be executed for 
#       for all flavors of UNIX. The password
#       information supplied will be displayed 
#       if Generic was selected from the
#       menu.
############################################

echo "User Configs"
############################################
#User Configuration
############################################ 
 
echo "***Section: User Configuration***" >>& ?{OUTPUT}
echo '**********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Check for 0 UID"  >>& ?{OUTPUT}
echo '**************************' >>& ?{OUTPUT}
awk -F: '{ if ( ?3 ==0) print ?1}' /etc/passwd >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Show Mail file ownership"  >>& ?{OUTPUT}
echo '***********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -la /var/mail/spool/* >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Checking .NETRC files"  >>& ?{OUTPUT}
echo '********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -name .netrc -print >>& eynetrc.out
cat eynetrc.out >>& ?{OUTPUT}
foreach netrcname (`grep netrc eynetrc.out`)
  echo 'File found:' ?netrcname 'contains:' >>& user.out
  cat ?netrcname >>& user.out
end
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Checking .RHOSTS files"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -name .rhosts -print >>& eyrhosts.out
cat eyrhosts.out >>& ?{OUTPUT}
foreach rhostname (`grep rhosts eyrhosts.out`)
  echo 'File found:' ?rhostname 'contains:' >>& user.out
  cat ?rhostname >>& ?{OUTPUT}
end
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Checking.PROFILE files"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -name .profile -print >>& eyprofl.out
echo '' >>& ?{OUTPUT}
cat eyprofl.out >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Check Last Login Sessions"  >>& ?{OUTPUT}
echo '************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
last >>& eylast.out
tail -50 eylast.out >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
rm -f eylast.out

############################################
#File Permissions Section
############################################
echo "File Permissions"

echo '***Section: File Permissions***' >>& ?{OUTPUT}
echo '******************************' >>& ?{OUTPUT}
 
echo "##Generic: Listing SUID / SGID files"  >>& ?{OUTPUT}
echo '************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -type f -a -perm -4000 -print >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing WORLD WRITABLE files (-perm -2 ! -type l)"  >>&
?{OUTPUT}
echo '************************************************************' >>&
?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -perm -2 ! -type l -print >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing STICKEY BIT"  >>& ?{OUTPUT}
echo '******************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find  /  -perm  -1000 >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing Writable Directories"  >>& ?{OUTPUT}
echo '***************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; -print >>&
eydir.out
cat eydir.out >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 

echo "##Generic: Listing /ETC directory"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /etc >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing /BIN directory"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /bin >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing /USR/BIN directory"  >>& ?{OUTPUT}
echo '*************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /usr/bin >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing /SBIN directory"  >>& ?{OUTPUT}
echo '**********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /sbin >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing / (root) directory"  >>& ?{OUTPUT}
echo '*************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l / >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
###########################################
#System Configuration Section
############################################
echo "System Configs"

echo "***Section: System Configuration***" >>&  ?{OUTPUT}
echo '***********************************' >>&  ?{OUTPUT}
 
 
echo "##Generic: Checking /ETC/INETD.CONF"  >>&  ?{OUTPUT}
echo '***********************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/inetd.conf >>&  ?{OUTPUT}
cat /etc/inetd.conf >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 
echo "##Generic: Checking /ETC/EXPORTS "  >>&  ?{OUTPUT}
echo '****************************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/exports >>&  ?{OUTPUT}
cat /etc/exports >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 

echo "##Generic: Checking /ETC/PROFILE"  >>&  ?{OUTPUT}
echo '********************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/profile >>&  ?{OUTPUT}
cat /etc/profile >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 
echo "##Generic: Checking /ETC/FTPUSERS"  >>&  ?{OUTPUT}
echo '**********************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/ftpusers >>&  ?{OUTPUT}
cat /etc/ftpusers >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 
echo "##Generic: Displaying CRON files"  >>&  ?{OUTPUT}
echo '********************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/cron.d/cron.allow >>&  ?{OUTPUT}
cat /etc/cron.d/cron.allow  >>&  ?{OUTPUT}
ls -l /etc/cron.d/cron.deny >>&  ?{OUTPUT}
cat /etc/cron.d/cron.deny  >>&  ?{OUTPUT}
ls -l /etc/cron.d/at.allow >>&  ?{OUTPUT}
cat /etc/cron.d/at.allow  >>&  ?{OUTPUT}
ls -l /etc/cron.d/at.deny >>&  ?{OUTPUT}
cat /etc/cron.d/at.deny  >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 
echo "##Generic: Displaying SENDMAIL.CF"  >>&  ?{OUTPUT}
echo '*********************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -l /etc/sendmail.cf >>&  ?{OUTPUT}
cat /etc/sendmail.cf >>&  ?{OUTPUT}
ls -l /usr/lib/sendmail.cf >>&  ?{OUTPUT}
cat /usr/lib/sendmail.cf >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
  
echo "##Generic: Listing SULOG" >>&  ?{OUTPUT}
echo '************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -la /var/adm/sulog >>&  ?{OUTPUT}
tail -50 /var/adm/sulog >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
 

echo "##Generic: Show Crontab files"  >>&  ?{OUTPUT}
echo '*****************************' >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}
ls -la /var/spool/cron/crontabs/* >>&  ?{OUTPUT}
cat /var/spool/cron/crobtabs/* >>&  ?{OUTPUT}
echo '' >>&  ?{OUTPUT}

############################################
# Network Configuration Section
############################################
echo "Network Configs"

echo "***Section: Network Configuration ***" >>& ?{OUTPUT}
echo '**************************************' >>& ?{OUTPUT}
 
echo "##Generic: Listing RPCINFO"  >>& ?{OUTPUT}
echo '**************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
rpcinfo -p >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Displaying NETSTAT -rn"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
netstat -rn >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Displaying SYSLOG.CONF"  >>& ?{OUTPUT}
echo '*********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /etc/syslog.conf>>& ?{OUTPUT}
cat /etc/syslog.conf >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##Generic: Listing TCP Wrapper restrictions"  >>& ?{OUTPUT}
echo '*******************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ls -l /etc/host.allow >>& ?{OUTPUT}
cat /etc/host.allow >>& ?{OUTPUT}
ls -l /etc/host.deny >>& ?{OUTPUT}
cat /etc/host.deny >>& ?{OUTPUT}
/bin/tcpdchk -a -v >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 

goto NIS-Checks 

############################################
#    End GENERIC specific
############################################


############################################
# Start generic NIS checks here
############################################
NIS-Checks:

if (?nisused == 'y' || ?nisused == 'Y') then
echo "NIS Checks"
echo "***Section: NIS Specific Checks***" >>& ?{OUTPUT}
echo '**********************************' >>& ?{OUTPUT}
echo ''  >>& ?{OUTPUT}
 
echo "##NIS: Listing NIS passwd file"  >>& ?{OUTPUT}
echo '******************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ypcat passwd >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##NIS: NIS accounts with empty passwords"  >>& ?{OUTPUT}
echo '****************************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ypcat passwd | grep ::>>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##NIS: Listing NIS services file"  >>& ?{OUTPUT}
echo '********************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ypcat services >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##NIS: Listing NIS hosts file"  >>& ?{OUTPUT}
echo '*****************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ypcat hosts >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
 
echo "##NIS: Listing NIS group file"  >>& ?{OUTPUT}
echo '*****************************' >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
ypcat group >>& ?{OUTPUT}
echo '' >>& ?{OUTPUT}
else
  echo "No NIS checks performed" >>& ?{OUTPUT}
  goto cleanup
endif
 
goto cleanup

############################################
# End NIS checks here
############################################

#################################################################
#
# This portion should remain at the bottom of this script
# 
#################################################################
cleanup:
        rm -f ?{basedir}/eyrhosts.out
        rm -f ?{basedir}/eyprofl.out
        rm -f ?{basedir}/eynetrc.out
        rm -f ?{basedir}/eydir.out
        rm -f ?{basedir}/eyforward.out

sleep 3

 clear
 echo ""
 echo "       ----------E&Y LLP UNIX Interrogation Script ?{eyversion}----------
"
 echo ""
 echo "          The E&Y Report File is located in:"
 echo "          ?{OUTPUT}"
 echo ""
 echo ""
 echo ""
exit 1   


