Baseline tool part 2 of 3 - blStart.sh

bluedragon2 · Jun 11, 2003

#!/bin/sh

#################################################
# Define varibles and create temp working files #
#################################################

WorkDir=/Files/Baseline
export WorkDir
tmpFind='./FindFile'
export tmpFind
blFileDir=${WorkDir}/blFiles
rm -f ${blFileDir}/*.txt

####################################
# Find Files required for Baseline #
####################################

echo "----------------------------------------------------"
echo "Searching for files required to be in the baseline"
echo "This may take several minutes"

${WorkDir}/blFind

#########################
# Create baseline files #
#########################

echo "----------------------------------------------------"
echo "Creating baseline files"

#--------------------------------------------------------
#| Create Network Services required for operations file |
#--------------------------------------------------------

NetSvc=${blFileDir}/NetServices.txt
touch ${NetSvc}
netstat -a | grep -i listen >> ${NetSvc}
echo "*\c"

#--------------------------------------------------------
#| Create unowned files file |
#--------------------------------------------------------

UnOwnFiles=${blFileDir}/UnownedFiles.txt
touch ${UnOwnFiles}
grep "^fUnowned " ${tmpFind} | cut -d' ' -f2- | tr -s ' ' 1 >> ${UnOwnFiles}
echo "*\c"

#--------------------------------------------------------
#| Create system log files more permissive then 744 |
#--------------------------------------------------------

SysLog744=${blFileDir}/SysLog744.txt
touch ${SysLog744}
grep "^fSystemLogs" ${tmpFind}| egrep "/etc/|/var" | awk '{print $10}' >> ${SysLog744}
echo "*\c"

#--------------------------------------------------------
#| Create system command files more permissive then 755 |
#--------------------------------------------------------

SysCom755=${blFileDir}/SysCom755.txt
touch ${SysCom755}
BinaryDir='/bin /sbin /usr/bin /usr/sbin /etc /usr/ccs/bin'
for DirBin in ${BinaryDir}
do
find ${DirBin} ! $ -fstype nfs $ ! $ -fstype cdfs $ -type f -a $ \( -perm -0100 $ -o $ -perm -0010 $ -o $ -perm -0001 $ \) -a $ \( -perm -0020 $ -o $ -perm -0002 ! -user 0 $ \) -exec ls -lLd {} \; | tr -s " " >> ${SysCom755}
done
echo "*\c"

#--------------------------------------------------------
#| Create startup files not owned by root or user |
#--------------------------------------------------------

UnownStrFile=${blFileDir}/UnownedStartup.txt
touch ${UnownStrFile}
USERACCT=`egrep -v "^\+|^daemon:|^bin:|^sys:|^adm:|^smtp:|^uucp:|^nuucp:|^listen:|^lp:|^ingres:|^oracle:|^oracle7:|^oracle8:|^informix:|^news:|^nobody:|^nobody4:|^noaccess:|^sybase:|^tivoli:|^mqm:|^

http://www:|^ftp:|^tftp:|^hpdb:|^sshd:"

/etc/passwd | cut -d":" -f1`
for UserName in `echo ${USERACCT}`
do
PwHomeDir=`grep "^${UserName}:" /etc/passwd | cut -d: -f6`
if [ ! -d ${PwHomeDir} ] # Has no home directory - nothing to do.
then
:
else
if [ ! -s ${PwHomeDir}/.??* ]
then
:
else
A=`ls -ldL ${PwHomeDir}/.??* |tr -s ' ' |tr ' ' ':'` 2>/dev/null
for File in ${A}
do
Owner=`echo ${File} | cut -d":" -f3`
if [ ${Owner} != ${UserName} -a ${Owner} != "root" ]
then
echo ${File} |tr ':' ' ' |sed -e 's/\/\//\//' >> ${UnownStrFile}
fi
done
fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create home files not owned by user (except startup) |
#--------------------------------------------------------

UnownHomeFile=${blFileDir}/UnownedHome.txt
touch ${UnownHomeFile}
DotFiles='( -name .cshrc
-o -name .diPatch
-o -name .dt
-o -name .dtprofile
-o -name .emacs
-o -name .exrc
-o -name .forward
-o -name .login
-o -name .logout
-o -name .netrc
-o -name .nodes
-o -name .profile
-o -name .rhosts
-o -name .Xauthority
-o -name .Xdefaults
-o -name .Xinit
-o -name .Xresource
-o -name .Xsession )'
for UserName in `echo ${USERACCT}`
do
Char1=`echo $UserName | cut -c 1-1`
if [ "$Char1" != "+" ]
then
PwTest=`grep "^${UserName}:" /etc/passwd | cut -d: -f6`
PwHomeDir=${PwTest:-NOVALUE}
if [ "${PwHomeDir}" != "NOVALUE" -a "${PwHomeDir}" != " " ]
then
if [ -d ${PwHomeDir} ]
then
if [ ${PwHomeDir} = '/' ]
then
:
else
find ${PwHomeDir} -fstype ufs -xdev -type f ! ${DotFiles} ! -user ${UserName} -exec ls -adlL {} \; | tr -s " " 1>> ${UnownHomeFile}
# | grep " ${PwHomeDir}/" fi
fi
fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create User directories non-startup greeater then 755|
#--------------------------------------------------------

UserHome750=${blFileDir}/UserHome750.txt
touch ${UserHome750}
DotFiles='( -name .cshrc
-o -name .dt
-o -name .dtprofile
-o -name .emacs
-o -name .exrc
-o -name .forward
-o -name .login
-o -name .logout
-o -name .netrc
-o -name .nodes
-o -name .profile
-o -name .rhosts
-o -name .Xauthority
-o -name .Xdefaults
-o -name .Xinit
-o -name .Xresource
-o -name .Xsession )'
for UserName in `echo ${USERACCT}`
do
Char1=`echo $UserName | cut -c 1-1`
if [ "$Char1" != "+" ]
then
PwTest=`grep "^${UserName}:" /etc/passwd | cut -d: -f6`
PwHomeDir=${PwTest:-NOVALUE}
if [ "${PwHomeDir}" != "NOVALUE" -a "${PwHomeDir}" != " " ]
then
if [ -d ${PwHomeDir} ]
then
if [ ${PwHomeDir} = '/' ]
then
:
else
find ${PwHomeDir} -fstype ufs -type f -xdev -local ! ${DotFiles} $ -perm -0001 -o -perm -0002 -o -perm -0004 -o -perm -0020 $ -exec ls -dlL {} \; | tr -s " " 1>> ${UserHome750}
fi
fi
# | grep " ${PwHomeDir}/" fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create world writable files and/or directories |
#--------------------------------------------------------

WWFiles=${blFileDir}/wwFiles.txt
touch ${WWFiles}
egrep "^fWwritable|^fWwdirs" ${tmpFind}| cut -d' ' -f2- | egrep -v "/var/tmp|/tmp|/dev/screen|^d.......w[t,T]|/proc|/fd" | tr -s ' ' 1>${WWFiles}
echo "*\c"

#--------------------------------------------------------
#| Create MIB files with permissions greater then 700 |
#--------------------------------------------------------

MIB700=${blFileDir}/MIB700.txt
touch ${MIB700}
PERM=""
Tmp0=${WorkDir}/tmpMIB
rm -f ${Tmp0}
grep "^fMibfile" ${tmpFind} | awk '{print $10}' 1>> ${Tmp0}
for entry in `cat ${Tmp0}`
do
if [ -s ${entry} ]
then
PERM=`ls -lL ${entry} | cut -c5-10`
if [ ${PERM} != "------" ]
then
ls -lL ${entry} | tr -s ' ' 1>> ${MIB700}
fi
else
echo "${entry}, does not exist." 1>> ${MIB700}
fi
done
rm -f ${Tmp0}
echo "*\c"

#--------------------------------------------------------
#| Create suid files |
#--------------------------------------------------------

suidfile=${blFileDir}/suidfiles.txt
touch ${suidfile}
grep "^fSuid " ${tmpFind} |cut -d' ' -f2- |egrep -v '/proc/|/adm/sw' 1> ${suidfile}
echo "*\c"

#--------------------------------------------------------
#| Create sgid files |
#--------------------------------------------------------

sgidfile=${blFileDir}/sgidfiles.txt
touch ${sgidfile}
grep "^fSgid " ${tmpFind} |cut -d' ' -f2- |egrep -v '/proc/|/adm/sw' 1> ${sgidfile}
echo "*\c"

#--------------------------------------------------------
#| Create file showing accts that password can change 24|
#--------------------------------------------------------

Pwd24hours=${blFileDir}/Pwd24hours.txt
touch ${Pwd24hours}
for USER in ${USERACCT}
do
MinChange=`grep "^${USER}:" /etc/shadow | awk -F":" '{print $4}'`
if [ "${MinChange}X" = "X" -o "${MinChange}X" = "0X" ]
then
grep "^${USER}" /etc/shadow 1>${Pwd24hours}
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create users not assigned home directory |
#--------------------------------------------------------

NoHomeDir=${blFileDir}/NoHomeDir.txt
touch ${NoHomeDir}
for USER in ${USERACCT}
do
USERNAME=`grep "^${USER}:" /etc/passwd | cut -d':' -f1,6`
User=`echo ${USERNAME} | cut -d':' -f1`
DirName=`echo ${USERNAME} | cut -d':' -f2`
if [ -d ${DirName} ]
then
a=`ls -ld ${DirName} | awk '{print $3}'`
if [ ${a} != ${User} ]
then
echo "${User}: No operable home directory - the user does not own" "it." 1>>${NoHomeDir}
ls -ld ${DirName} | tr -s ' ' 1>> ${NoHomeDir}
fi
else
echo "${User}: Home directory does not exist." 1>>${NoHomeDir}
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create home directories with permissions greater 750 |
#--------------------------------------------------------

HomePerm750=${blFileDir}/HomePerm750.txt
touch ${HomePerm750}
Char1=""
UserName=""
UserDir=""
PERM=0
for UserName in ${USERACCT}
do
Char1=`grep "^${UserName}:" /etc/passwd | cut -c1`
if [ ${Char1} != "+" ]
then
UserDir=`grep "^${UserName}:" /etc/passwd | cut -d':' -f6`
if [ "${UserDir}X" != "X" ]
then
if [ -d "${UserDir}" ]
then
PERM=`ls -ld ${UserDir} |cut -c6,8,9,10`
if [ ${PERM} != "----" ]
then
ls -dl ${UserDir} | tr -s ' ' 1>> ${HomePerm750}
fi
fi
fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create user who do not own home directory |
#--------------------------------------------------------

UserNoOwn=${blFileDir}/UserNoOwn.txt
touch ${UserNoOwn}
for UserName in ${USERACCT}
do
Char1=`echo $UserName | cut -c 1-1`
if [ "$Char1" != "+" ]
then
PwTest=`grep "^${UserName}:" /etc/passwd | cut -d":" -f6`
PwHomeDir=${PwTest}
if [ "${PwHomeDir}" = "" -o "${PwHomeDir}" = " " ]
then
echo "${UserName} has no home directory defined." 1>> ${UserNoOwn}
else
PwUID=`grep "^${UserName}:" /etc/passwd | cut -d: -f3`
if [ -d ${PwHomeDir} ]
then
LsOwner=`ls -dl ${PwHomeDir} | tr -s ' ' | cut -d' ' -f3`
LsUID=`ls -dln ${PwHomeDir} | tr -s ' ' | cut -d' ' -f3`
if [ "${PwUID}" -ne "${LsUID}" ]
then
echo ${UserName} 1>> ${UserNoOwn}
ls -ld ${PwHomeDir} | tr -s ' ' 1>> ${UserNoOwn}
fi
fi
fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create Primary GID different then home GID |
#--------------------------------------------------------

PriGIDHomeGID=${blFileDir}/PriGIDHomeGID.txt
touch ${PriGIDHomeGID}
for UserName in ${USERACCT}
do
Char1=`echo $UserName | cut -c 1-1`
if [ "$Char1" != "+" ]
then
PwTest=`grep "^${UserName}:" /etc/passwd | cut -d: -f6`
PwHomeDir=${PwTest:-NOVALUE}
if [ "${PwHomeDir}" != "NOVALUE" -a "${PwHomeDir}" != " " ]
then
PwGID=`grep "^${UserName}:" /etc/passwd | cut -d: -f4`
PwGroup=`grep ":${PwGID}:" /etc/group | cut -d: -f1`
if [ -d ${PwHomeDir} ]
then
LsGroup=`ls -dl ${PwHomeDir} | tr -s ' ' | cut -d' ' -f4`
LsGID=`ls -dln ${PwHomeDir} | tr -s ' ' | cut -d' ' -f4`
if [ ${PwGID} -ne ${LsGID} ]
then
echo ${UserName}': '${PwHomeDir}' - expected' '"'${PwGroup}'" ('${PwGID}'), but got' '"'${LsGroup}'" ('${LsGID}').' 1>> ${PriGIDHomeGID}
fi
fi
else
echo "${UserName} has no home directory defined." 1>>${PriGIDHomeGID}
fi
fi
done
echo "*\c"

#--------------------------------------------------------
#| Create copy of passwd file |
#--------------------------------------------------------

PasswdFile=${blFileDir}/PasswdFile.txt
touch ${PasswdFile}
cat /etc/passwd > ${PasswdFile}
echo "*\c"

#--------------------------------------------------------
#| Create listing of net routes |
#--------------------------------------------------------

NetRoutes=${blFileDir}/NetRoutes.txt
touch ${NetRoutes}
netstat -rn > ${NetRoutes}
echo "*\c"

#--------------------------------------------------------
#| Create copy of host.allow |
#--------------------------------------------------------

HostAllow=${blFileDir}/HostAllow.txt
touch ${HostAllow}
cat /etc/hosts.allow > ${HostAllow}
echo "*"

###############################
# Create Master Baseline File #
###############################

echo "----------------------------------------------------"
echo "Creating Master Baseline File"

blMaster=${WorkDir}/blMaster.txt
rm -f ${blMaster}
touch ${blMaster}
chmod 700 ${blMaster}
chown 0:0 ${blMaster}

echo "***************************************************************************" >> ${blMaster}
echo "** **" >> ${blMaster}
echo " Master Baseline for `hostname` on `date` " >> ${blMaster}
echo "** **" >> ${blMaster}
echo "***************************************************************************" >> ${blMaster}
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Network services required for operations |" >> ${blMaster}
echo "| FSO Reference PID: A028 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${NetSvc} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Passwords that can be changed more then |" >> ${blMaster}
echo "| once every 24 hours |" >> ${blMaster}
echo "| FSO Reference PID: G004 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${Pwd24hours} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Unowned files |" >> ${blMaster}
echo "| FSO Reference PID: G035 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${UnOwnFiles} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: System log files more permissive than 744|" >> ${blMaster}
echo "| FSO Reference PID: G037 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${SysLog744} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: System command files more permissive |" >> ${blMaster}
echo "| than 755 |" >> ${blMaster}
echo "| FSO Reference PID: G044 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${SysCom755} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Users not assigned a home directory |" >> ${blMaster}
echo "| FSO Reference PID: G051 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${NoHomeDir} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Home directories more permissive than 750|" >> ${blMaster}
echo "| FSO Reference PID: G053 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${HomePerm750} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Users that do not own home directory |" >> ${blMaster}
echo "| FSO Reference PID: G054 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${UserNoOwn} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Account GID different than home GID " >> ${blMaster}
echo "| FSO Reference PID: G055 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${PriGIDHomeGID} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Startup files in user directories not |" >> ${blMaster}
echo "| owned by user or root |" >> ${blMaster}
echo "| FSO Reference PID: G056 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${UnownStrFile} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Unowned user files in home directory |" >> ${blMaster}
echo "| FSO Reference PID: G067 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${UnownHomeFile} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Non-startup user directories more |" >> ${blMaster}
echo "| permissive than 750 |" >> ${blMaster}
echo "| FSO Reference PID: G068 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${UserHome750} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: World writable files or directories |" >> ${blMaster}
echo "| FSO Reference PID: G079 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${WWFiles} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Suid files |" >> ${blMaster}
echo "| FSO Reference PID: G082 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${suidfile} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Sgid files |" >> ${blMaster}
echo "| FSO Reference PID: G083 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${sgidfile} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: MIB's more permissive than 700 |" >> ${blMaster}
echo "| FSO Reference PID: G226 |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${MIB700} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: /etc/passwd file |" >> ${blMaster}
echo "| FSO Reference PID: N/A |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${PasswdFile} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: /etc/hosts.allow file |" >> ${blMaster}
echo "| FSO Reference PID: N/A |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${HostAllow} >> ${blMaster}
echo "*\c"
echo " " >> ${blMaster}
echo " " >> ${blMaster}

echo "----------------------------------------------------------" >> ${blMaster}
echo "| Description: Network routes |" >> ${blMaster}
echo "| FSO Reference PID: N/A |" >> ${blMaster}
echo "----------------------------------------------------------" >> ${blMaster}
echo " " >> ${blMaster}

cat ${NetRoutes} >> ${blMaster}
echo "*"

echo "----------------------------------------------------"
echo "Finished Baseline Script"
echo "Master baseline file is /Files/Baseline/blMaster.txt "
echo "----------------------------------------------------"

###############
# Cleaning up #
###############

rm -f ${tmpFind}

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Baseline tool part 2 of 3 - blStart.sh

bluedragon2

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor