X-Git-Url: https://defaria.com/gitweb/?a=blobdiff_plain;f=clients%2FHP%2Fbin%2Fcheck_security;fp=clients%2FHP%2Fbin%2Fcheck_security;h=b20008c4ee133b935dbd7bd6c2a37650619a7944;hb=a8c84d2892f07a6863b68a11eb0a4a79ffd71fb5;hp=0000000000000000000000000000000000000000;hpb=95384f94f88aceeb5eef2d322210ba4a438b6512;p=clearscm.git

diff --git a/clients/HP/bin/check_security b/clients/HP/bin/check_security
new file mode 100644
index 0000000..b20008c
--- /dev/null
+++ b/clients/HP/bin/check_security
@@ -0,0 +1,93 @@
+#! /bin/ksh
+USAGE='USAGE:	check_security
+
+	This script checks for some security problems.  It does
+	not fix anything.  It only prints messages about possible
+	problems.
+
+   Author: Michael Coulter
+'
+
+# Set parameters
+
+   PASSWD_FILE=/etc/passwd
+
+# Check for execution by root
+
+   WHOAMI=$(whoami)
+   if [ "$WHOAMI" != "root" ]
+   then
+      echo "It is recommended that you run this script as root"
+   fi
+
+# Parse all the lines in $PASSWD_FILE
+
+   OLD_IFS="$IFS"
+   IFS=":"
+   cat "$PASSWD_FILE" | while read USER PASSWORD UID GID COMMENT HOME SHELL REST
+   do
+      # Checks for users who shouldn't log-in, i.e. PASSWORD is "*"
+
+      if [ "$PASSWORD" = '*' ]
+      then
+	 # If the PASSWORD is "*", there should not be a .rhosts or hosts.equiv
+	 # in the home directory or .forward
+	 if [ -f "${HOME}/.rhosts" ]
+	 then
+	    echo "$USER has a .rhosts file in $HOME"
+	 fi
+	 if [ -f "${HOME}/.forward" ]
+	 then
+	    echo "$USER has a .forward file in $HOME"
+	 fi
+
+
+
+	 # There should not be a crontab or atjob for the user
+
+	 if [ -f "/usr/spool/cron/crontabs/${USER}" ]
+	 then
+	    echo "$USER has a crontab file in /usr/spool/cron/crontabs"
+	 fi
+	 if [ -f "/usr/spool/cron/atjobs/${USER}" ]
+	 then
+	    echo "$USER has a crontab file in /usr/spool/cron/atjobs"
+	 fi
+
+      fi # End of * password checks
+
+      if [ "$PASSWORD" = "" ]
+      then
+	 echo "$USER has a NULL password."
+      fi
+
+      # No wildcards in $HOME/.rhosts or /etc/host.equiv
+      LINES="$(sed -e "/^#/d"  $HOME/.rhosts | grep "+" 2> /dev/null | wc -l)"
+      if [ "$LINES" -ne 0 ]
+      then
+	 echo "$USER has + in $HOME/.rhosts"
+      fi
+      
+   done
+   #  read USER PASSWORD UID GID COMMENT HOME SHELL REST
+
+# Checks that are only done once
+
+# Check no wildcards in /etc/host.equiv
+
+   LINES="$(grep -- "+" /etc/host.equiv 2> /dev/null | wc -l)"
+   if [ "$LINES" -ne 0 ]
+   then
+      echo "System has + in /etc/host.equiv" 
+   fi
+
+   if [ ! -f "/usr/adm/inetd.sec" ]
+   then
+      echo "No /usr/adm/inetd.sec file. "
+   fi
+
+   if [ -f "/etc/hosts.equiv" ]
+   then
+      echo "System has a /etc/hosts.equiv file"
+   fi
+