Browse Source

skip lines in /etc/passwd that start with + or -.

don't bitch about root-owned .rhosts since multiple system accounts
share root's homedir.
OPENBSD_2_1
millert 28 years ago
parent
commit
4fa80f455e
1 changed files with 8 additions and 7 deletions
  1. +8
    -7
      src/etc/security

+ 8
- 7
src/etc/security View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: security,v 1.13 1996/11/30 17:50:58 millert Exp $
# $OpenBSD: security,v 1.14 1996/12/06 17:17:13 millert Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93 # from: @(#)security 8.1 (Berkeley) 6/9/93
# #
@ -246,12 +246,13 @@ done
# Check for special users with .rhosts/.shosts files. Only root # Check for special users with .rhosts/.shosts files. Only root
# should have .rhosts/.shosts files. Also, .rhosts/.shosts # should have .rhosts/.shosts files. Also, .rhosts/.shosts
# files should not have plus signs. # files should not have plus signs.
awk -F: '$1 != "root" && $1 !~ /^[+-].*$/ && \
awk -F: '$1 != "root" && $1 !~ /^[+-]/ && \
($3 < 100 || $1 == "ftp" || $1 == "uucp") \ ($3 < 100 || $1 == "ftp" || $1 == "uucp") \
{ print $1 " " $6 }' /etc/passwd | { print $1 " " $6 }' /etc/passwd |
while read uid homedir; do while read uid homedir; do
for j in .rhosts .shosts; do for j in .rhosts .shosts; do
if [ -f ${homedir}/$j ] ; then
# Root owned .rhosts/.shosts files are ok.
if [ -f ${homedir}/$j -a ! -O ${homedir}/$j ] ; then
rhost=`ls -ldgT ${homedir}/$j` rhost=`ls -ldgT ${homedir}/$j`
printf "$uid: $rhost\n" printf "$uid: $rhost\n"
fi fi
@ -262,7 +263,7 @@ if [ -s $OUTPUT ] ; then
cat $OUTPUT cat $OUTPUT
fi fi
awk -F: '{ print $1 " " $6 }' /etc/passwd | \
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for j in .rhosts .shosts; do for j in .rhosts .shosts; do
if [ -s ${homedir}/$j ] ; then if [ -s ${homedir}/$j ] ; then
@ -283,7 +284,7 @@ fi
# Check home directories. Directories should not be owned by someone else # Check home directories. Directories should not be owned by someone else
# or writeable. # or writeable.
awk -F: '{ if ($1 !~ /^[+-].*$/) print $1 " " $6 }' /etc/passwd | \
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
if [ -d ${homedir}/ ] ; then if [ -d ${homedir}/ ] ; then
file=`ls -ldgT ${homedir}` file=`ls -ldgT ${homedir}`
@ -303,7 +304,7 @@ fi
# Files that should not be owned by someone else or readable. # Files that should not be owned by someone else or readable.
list=".netrc .rhosts .shosts" list=".netrc .rhosts .shosts"
awk -F: '{ print $1 " " $6 }' /etc/passwd | \
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for f in $list ; do for f in $list ; do
file=${homedir}/${f} file=${homedir}/${f}
@ -326,7 +327,7 @@ awk '$1 != $5 && $5 != "root" \
# Files that should not be owned by someone else or writeable. # Files that should not be owned by someone else or writeable.
list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \ list=".bashrc .cshrc .emacs .exrc .forward .klogin .login .logout \
.profile .tcshrc" .profile .tcshrc"
awk -F: '{ print $1 " " $6 }' /etc/passwd | \
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for f in $list ; do for f in $list ; do
file=${homedir}/${f} file=${homedir}/${f}


Loading…
Cancel
Save