Listing 1: Script for reviewing potential security threats

#!/bin/ksh
#    @(#)check_CERT.sh    1.2    4/15/98
#    Script to check for installed security fixes
#    Bill Sherman - June 24, 1997

#    DEFAULT Input file check_CERT.lis
#    DEFAULT Separator ,

function usage {
echo "Usage: check_CERT.sh [-D] [-i file] [-s sep] [-v]
[-D]        # Debug mode
[-i file]    # Input file
[-s sep]    # Single character seperator
[-v]        # Verbose - show all items
"
}

VERBOSE=
DEBUG=
INFILE=
SEP=

while getopts Di:s:v name
do
case ${name} in
D)      DEBUG="set -x" ;;
i)    INFILE=${OPTARG} ;;
s)    SEP=${OPTARG} ;;
v)    VERBOSE=1 ;;
?)      usage;
exit 2;;
esac
done

${DEBUG}
SEP=${SEP:-,}        # Default field separator
INFILE=${INFILE:-$(dirname $0)/check_CERT.lis}
SWLIST=/tmp/swlist.lis

function arch {

#    Create standard architecture string
STATUS=0
OS=$( uname -s )    # What type of system are we?
case ${OS} in
AIX) ARCH="${OS}$( uname -v ).$( uname -r )"
;;
HP-UX)
ARCH="${OS}$( uname -r | cut -d "." -f 2- )"
/usr/sbin/swlist -l product >${SWLIST}
;;
*) ARCH=
STATUS=1
;;
esac
echo ${ARCH}
return ${STATUS}
}

# Get the architecture type
ARCH=$( arch ) || (echo "Unknown operating system"; exit 1)

HEADER=
LINECNT=0;

while read LINE
do
if [[ -z "${HEADER}" ]]
then
#    Read the header from the ${INFILE}

echo ${LINE} | tr "${SEP}" " " | read DATE HEADER OS_LEVELS

LOOP=2
for ITEM in ${OS_LEVELS}
do
if [[ "${ARCH}" = "${ITEM}" ]]
then
FLAG=${LOOP}
else
let "LOOP = ${LOOP} + 1"
fi
done
else
FIX=$( echo ${LINE} | cut -d "${SEP}" -f ${FLAG} )
DESC=$( echo ${LINE} | cut -d "${SEP}" -f 1-2 )
NEED=
SHOW=0

case ${FIX} in
"")
NEED="NO DATA"
;;
"N/A")
NEED="Not applicable"
;;
"NV")
NEED="Not vulnerable"
;;
"IP")
SHOW=1
NEED="Fix in progress"
;;
"U[pP]*")
SHOW=1
NEED="No fix, must upgraded"
;;
*)
case ${ARCH} in
AIX*)
TEMP="$( instfix -ik "${FIX}" 2>&1)"
[ $? -eq 0 ] || SHOW=1
NEED=$( printf "Checking\n%s\n" "${TEMP}" )
;;
HP-UX*)
NEED="Checking"
for F in ${FIX}
do
grep ${F} ${SWLIST}
if [ $? -ne 0 ]
then
SHOW=1
NEED=$( printf "${NEED}  ${F} not found\n" )
fi
done
[ ${SHOW} -eq 0 ] && NEED=""
;;
esac
;;
esac
if [[ ${SHOW} -eq 1 || ${VERBOSE} -eq 1 ]]
then
let "LINECNT = ${LINECNT} + 1"
printf "%d) %s - %s\n" ${LINECNT} "${DESC}" "${NEED}"
fi
fi
done <${INFILE}
exit

# End of File