Cover V01, I01
Article
Listing 1
Listing 2

may92.tar

Listing 1

cksuid

#!/bin/sh
#
# cksuid - verify all setuid files on a system
#
# Run this manually the first time to create the list of setuid
# files.  The list will be created in the file defined by OLDLIST:

OLDLIST=/etc/cksuid.list

#
# Then run this script via cron (as root) on a regular basis to compare
# it to this list.  This file should also be manually examined regularly
# to make sure no unauthorized files have been added.
#

####################################################################
#
# Portability note:
#
# This script uses the df(1) command to determine what filesystems
# are local to the host (so that the find(1) command doesn't spend
# time looking through remote filesystems).
#
# The df command in Berkeley Unix (and SunOS) produces output in
# a different format than the SVR4 version of df.
#
# Most SVR4 versions of Unix will provide this in the Berkeley
# compatibility package as /usr/ucb/df which can be used (by adding
# the full directory specification to the df command below).
#
# If you do not have access to the Berkeley version of df, comment
# out the line with the df command in it below, and use the one that
# is currently commented out.
#
####################################################################
#
# maintain secure path since the script will run as root
#
PATH="/bin:/usr/bin:/etc:/usr/etc"
#
NEWLIST=/tmp/cksuid.$$
TEMP=/tmp/scratch.$$

#
# create a list of the local filesystems (i.e. those not remotely mounted)
#

LOCAL_FILESYSTEMS=`df | grep '^/' | awk '{print $6}'`

##
## If you wish to use the SVR4 version of df, comment out the above line
## and use the following instead:
##
## LOCAL_FILESYSTEMS=`df | grep '(/dev/' | awk '{print $1}'`
##

#
# if this is the first time the script is being run
#
if [ ! -s $OLDLIST ]; then
echo "Creating list of setuid files in $OLDLIST..."
fi

#
# make the list of files to be examined
#
find $LOCAL_FILESYSTEMS -type f -perm -4000 -xdev -print | sort >$TEMP

#
# for each file in the list, get the directory entry and checksum
#
cp /dev/null $NEWLIST
for i in `cat $TEMP`
do
echo `ls -lg $i` `sum $i` `file $i` >>$NEWLIST
done

#
# if an old list exists, make the comparison, output will be mailed
# to root if run via cron.
#
if [ -s $OLDLIST ]; then
diff $OLDLIST $NEWLIST
fi

#
# clean up
#
rm $TEMP
mv $NEWLIST $OLDLIST


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com