Cover V06, I07
Article
Listing 1
Listing 2
Listing 3
Listing 4

jul97.tar


Listing 1: nischeck

nischeck


#!/bin/csh -f
# James W. Meritt 10/3/96
#
# program to check a variety of things on an entire (NIS) network
# create a scratch file for the program to keep intermediate results
set TMPFILE="/tmp/tmpnischeck`date +%M%S`"
# set the home directory that contains this program and the error files
setenv HOMEDIR /home/meritj/nischeck
# identify the systems NIS reachable
set NODES="` rup | /bin/awk '{ print $1 }' | sort -u | grep -v Sending `"
# get todays date
set TODAY = "`date | cut -c5-10`"
echo the temp file is $TMPFILE
echo the home directory is $HOMEDIR
echo the checked nodes are $NODES
echo the date is $TODAY
/bin/rm nischeck.rpt
echo "~s The NIS systems check as of `date`" > nischeck.rpt
# the first section checks every system to find who has logged in
echo "_____________________________________________" >> nischeck.rpt
echo "Logged in today: " >> nischeck.rpt
foreach HOST ( $NODES )
echo "---------------------------------------------" >> nischeck.rpt
echo "on $HOST " >> nischeck.rpt
rsh $HOST last | grep "$TODAY" >> nischeck.rpt
end
echo "_____________________________________________" >> nischeck.rpt

# The next section
# examines the messages file on every system reachable and creates
# an overall report.  The searched-for errors are in:

# crack.error - contains intrusion indicators
# network.error - contains communications signals
# system.error - problems with individual systems


echo "Intruder indicators: " >> nischeck.rpt
touch $TMPFILE
# get the names of the systems currently answering on the network
foreach NODE ( $NODES )
rsh $NODE fgrep -f $HOMEDIR/crack.error /var/adm/messages | grep \
"$TODAY" | cut -c8-110 >> $TMPFILE
end
sort $TMPFILE >> nischeck.rpt
/bin/rm $TMPFILE
echo "_____________________________________________" >> nischeck.rpt
echo "Network problem indicators: " >> nischeck.rpt
touch $TMPFILE
# get the names of the systems currently answering on the network
foreach NODE ( $NODES )
rsh $NODE fgrep -f $HOMEDIR/network.error /var/adm/messages | grep \
"$TODAY" | cut -c8-110 >> $TMPFILE
end
sort $TMPFILE >> nischeck.rpt
/bin/rm $TMPFILE
echo "_____________________________________________" >> nischeck.rpt
echo "System problem indicators: " >> nischeck.rpt
touch $TMPFILE
# get the names of the systems currently answering on the network
foreach NODE ( $NODES )
rsh $NODE fgrep -f $HOMEDIR/system.error /var/adm/messages | grep \
"$TODAY" | cut -c8-110 >> $TMPFILE
end
sort $TMPFILE >> nischeck.rpt
/bin/rm $TMPFILE
echo "_____________________________________________" >> nischeck.rpt
foreach HOST ( $NODES )
echo "disk utilization on $HOST" >> nischeck.rpt
rsh $HOST /usr/ucb/df -kl >> nischeck.rpt
end
echo "_____________________________________________" >> nischeck.rpt
foreach HOST ( $NODES )
echo "checking syslog on $HOST" >> nischeck.rpt
grep "$TODAY" /var/log/syslog | grep -v sendmail  >> nischeck.rpt
echo " " >> nischeck.rpt
end
echo "_____________________________________________" >> nischeck.rpt
foreach HOST ( $NODES )
echo "checking for new executable items selected directories on $HOST \
" >> nischeck.rpt
rsh $HOST find /bin -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /etc -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /usr/ucb -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /usr/local -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /usr/bin -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /usr/sbin -mtime 1 -ls | grep x >> nischeck.rpt
rsh $HOST find /usr/ucb -mtime 1 -ls | grep x >> nischeck.rpt
end
echo "_____________________________________________" >> nischeck.rpt
foreach HOST ( $NODES )
echo "looking for and erasing core files on $HOST " >> nischeck.rpt
rsh $HOST find / -name core  -ls -exec /bin/rm  {} \; >> nischeck.rpt
end
echo "_____________________________________________" >> nischeck.rpt
endit:
echo "_____________________________________________" >> nischeck.rpt
echo "End nischeck report. " >> nischeck.rpt
mail JWMeritt@aol.com < nischeck.rpt
# End of File