diff --git a/src/etc/security b/src/etc/security index c02c13f7..86a7943b 100644 --- a/src/etc/security +++ b/src/etc/security @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: security,v 1.39 2000/10/06 17:35:30 aaron Exp $ +# $OpenBSD: security,v 1.40 2000/10/18 16:45:27 hugh Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # @@ -48,7 +48,7 @@ awk -F: '{ if (system("test -s /etc/skeykeys && grep -q \"^"$1" \" /etc/skeykeys") == 0) printf("Login %s is off but still has a valid shell and an entry in /etc/skeykeys.\n", $1); if (system("test -d "$9" -a ! -r "$9"") == 0) - printf("Login %s if off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); + printf("Login %s is off but still has valid shell and home directory is unreadable\n\t by root; cannot check for existence of alternate access files.\n", $1); else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e "$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test ! -O "$9"/$file)) ; then exit 1; fi; fi; done")) printf("Login %s is off but still has a valid shell and alternate access files in\n\t home directory are still readable.\n",$1); } @@ -60,20 +60,20 @@ awk -F: '{ printf("Login %s has a negative group ID.\n", $1); }' < $MP > $OUTPUT if [ -s $OUTPUT ] ; then - printf "\nChecking the $MP file:\n" + printf "\nChecking the %s file:\n" "$MP" cat $OUTPUT fi awk -F: '{ print $1 }' $MP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then - printf "\n$MP has duplicate user names.\n" + printf "\n%s has duplicate user names.\n" "$MP" column $OUTPUT fi awk -F: '{ print $1 " " $3 }' $MP | sort -n +1 | tee $TMP1 | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 if [ -s $TMP2 ] ; then - printf "\n$MP has duplicate user ID's.\n" + printf "\n%s has duplicate user ID's.\n" "$MP" while read uid; do grep -w $uid $TMP1 done < $TMP2 | column @@ -120,13 +120,13 @@ awk -F: '{ printf("Login %s has a negative group ID.\n", $1); }' < $GRP > $OUTPUT if [ -s $OUTPUT ] ; then - printf "\nChecking the $GRP file:\n" + printf "\nChecking the %s file:\n" "$GRP" cat $OUTPUT fi awk -F: '{ print $1 }' $GRP | sort | uniq -d > $OUTPUT if [ -s $OUTPUT ] ; then - printf "\n$GRP has duplicate group names.\n" + printf "\n%s has duplicate group names.\n" "$GRP" column $OUTPUT fi @@ -173,7 +173,7 @@ end-of-csh fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then - printf "\nChecking root csh paths, umask values:\n$list\n" + printf "\nChecking root csh paths, umask values:\n%s\n" "$list" if [ -s $OUTPUT ] ; then cat $OUTPUT fi @@ -227,7 +227,7 @@ end-of-sh fi done if [ $umaskset = "no" -o -s $OUTPUT ] ; then - printf "\nChecking root sh paths, umask values:\n$list\n" + printf "\nChecking root sh paths, umask values:\n%s\n" "$list" if [ -s $OUTPUT ] ; then cat $OUTPUT fi @@ -279,7 +279,7 @@ end-of-sh done ) if [ -s $OUTPUT ] ; then - printf "\nChecking root ksh paths, umask values:\n$list\n" + printf "\nChecking root ksh paths, umask values:\n%s\n" "$list" cat $OUTPUT fi @@ -324,7 +324,7 @@ while read uid homedir; do # Root owned .rhosts/.shosts files are ok. if [ -s ${homedir}/$j -a ! -O ${homedir}/$j ] ; then rhost=`ls -ldgT ${homedir}/$j` - printf "$uid: $rhost\n" + printf "%s: %s\n" "$uid" "$rhost" fi done done > $OUTPUT @@ -358,7 +358,7 @@ awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do if [ -d ${homedir}/ ] ; then file=`ls -ldgT ${homedir}` - printf "$uid $file\n" + printf "%s %s\n" "$uid" "$file" fi done | awk '$1 != $4 && $4 != "root" \ @@ -379,7 +379,7 @@ while read uid homedir; do for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then - printf "$uid $f `ls -ldgT $file`\n" + printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" fi done done | @@ -405,7 +405,7 @@ while read uid homedir; do for f in $list ; do file=${homedir}/${f} if [ -f $file ] ; then - printf "$uid $f `ls -ldgT $file`\n" + printf "%s %s %s\n" "$uid" "$f" "`ls -ldgT $file`" fi done done | @@ -464,7 +464,7 @@ pending="\nChecking setuid/setgid files and devices:\n" # Display any errors that occurred during system file walk. if [ -s $OUTPUT ] ; then - printf "${pending}Setuid/device find errors:\n" + printf "%sSetuid/device find errors:\n" "$pending" pending= cat $OUTPUT printf "\n" @@ -475,7 +475,7 @@ egrep -v '^[bc]' $LIST > $TMP1 if [ -s $TMP1 ] ; then # Check to make sure uudecode isn't setuid. if grep -w uudecode $TMP1 > /dev/null ; then - printf "${pending}\nUudecode is setuid.\n" + printf "%s\nUudecode is setuid.\n" "$pending" pending= fi @@ -489,7 +489,7 @@ if [ -s $TMP1 ] ; then > $TMP2 join -110 -210 -v2 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then - printf "${pending}Setuid additions:\n" + printf "%sSetuid additions:\n" "$pending" pending= tee -a $TMP2 < $OUTPUT printf "\n" @@ -497,7 +497,7 @@ if [ -s $TMP1 ] ; then join -110 -210 -v1 $CUR $TMP1 > $OUTPUT if [ -s $OUTPUT ] ; then - printf "${pending}Setuid deletions:\n" + printf "%sSetuid deletions:\n" "$pending" pending= tee -a $TMP2 < $OUTPUT printf "\n" @@ -506,7 +506,7 @@ if [ -s $TMP1 ] ; then sort +9 $TMP2 $CUR $TMP1 | \ sed -e 's/[ ][ ]*/ /g' | uniq -u > $OUTPUT if [ -s $OUTPUT ] ; then - printf "${pending}Setuid changes:\n" + printf "%sSetuid changes:\n" "$pending" pending= column -t $OUTPUT printf "\n" @@ -516,7 +516,7 @@ if [ -s $TMP1 ] ; then cp $TMP1 $CUR fi else - printf "${pending}Setuid additions:\n" + printf "%sSetuid additions:\n" "$pending" pending= column -t $TMP1 printf "\n" @@ -620,7 +620,7 @@ if [ -d /etc/mtree ] ; then tree=`sed -n -e '3s/.* //p' -e 3q $file` mtree -f $file -p $tree > $TMP1 if [ -s $TMP1 ] ; then - printf "\nChecking $tree:\n" >> $OUTPUT + printf "\nChecking %s:\n" "$tree" >> $OUTPUT cat $TMP1 >> $OUTPUT fi done