forked from vpereira/seccheck
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity-weekly.sh
executable file
·62 lines (42 loc) · 1.03 KB
/
security-weekly.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/sh
####
#
# SuSE weekly security check v2.0 by Marc Heuse <[email protected]>
#
####
#
# TODO /etc /home /home/.* permissions
#
# TODO re-enable it
. /etc/sysconfig/seccheck
MY_DIR=$(dirname $(readlink -f $0))
. $MY_DIR/basic.inc
. $MY_DIR/helper.inc
. $MY_DIR/security_weekly_helper.inc
. $MY_DIR/user_group_password_helper.inc
set_tmpdir "security-weekly.sh"
trap 'rm -rf $TMPDIR; exit 1' 0 1 2 3 13 15
# create SEC_DATA and SEC_VAR. directories used to store and persist data
create_secdir
# initialize rmp-md5, sbit, write, device and write-bin
initialize_secfiles $SEC_DATA
# get the fs mount points
MNT=`/bin/mount | grep -E "^/dev/" | cut -d' ' -f 3 | grep -v "/media" | xargs echo "/dev/"`
# set the mailer that will be used
set_mailer
# extended password check
check_guessable_passwords "extended"
# neverlogin check
check_neverlogin $SEC_BIN
check_suid_sgid "$MNT"
check_writable_executable "$MNT"
check_world_writable "$MNT"
check_new_devices "$MNT"
check_md5
####
#
# Cleaning up
#
rm -rf "$TMPDIR"
exit 0
# END OF SCRIPT