bluedragon2
IS-IT--Management
#!/bin/sh -u
FindErrors=${WorkDir}/FindErrors
rm -f ${FindErrors}
LsFind='./LsFind'
cat <<-! 1> ${LsFind}
#!/bin/sh
echo \${1} \`ls -dlL "\${2}"\`
exit 0
!
LsGrepFind='./LsGrepFind'
cat <<-! 1> ${LsGrepFind}
#!/bin/sh
echo \${1} \`ls -dlL "\${3}"\` | grep \${2}
exit 0
!
chown 0:0 ${LsFind} ${LsGrepFind}
chmod 0700 ${LsFind} ${LsGrepFind}
# Search: Search for the location of world writable files
# Criteria: Must be world writable File
fWwritable='(
( -type f -perm -0002 ! -name /dev/null )
( ! -exec '${LsFind}' fWwritable {} ; )
)'
# Search: Search for the location of world writable directories
# Criteria: Must be world writable directory
fWwdir='(
( -type d -perm -0002 )
( ! -exec '${LsFind}' fWwdir {} ; )
)'
# Search: Search for the location of all mib files.
# Criteria: * must end with .mib and be a regular file
fMibfile='(
( -name *.mib )
( -type f )
( ! -exec '${LsGrepFind}' fMibfile / {} ; )
)'
# Search: Search for any directory objects that have the sticky-bit
# ("t"
assigned.
# Criteria: * must be a directory
# * have the world-write permission AND the "sticky" bit not set
fSticky='(
( -type d -name tmp -o -name temp -o -name pkg -o -name uucppublic )
( -perm -0002 ! -perm -1000 )
( ! -exec '${LsFind}' fSticky {} ; )
)'
# Search: Search for any directory objects that have the sticky-bit
# ("t" assigned.
# Criteria: * must be a directory
# * have ther "sticky" bit set AND either of the following
# conditions:
# directory is owned by a non-privileged user
# OR
# directory is owned by a non-privileged group
fSticky2='(
( -type d )
( ( -perm -1000 ) ( -user +20 -o -group +19 ) )
( ! -exec '${LsFind}' fSticky2 {} ; )
)'
# Search: Search for any object that has the set-GID
# bits ("s" set
# Criteria: * must have the "set-GID" bit set
fSgid='(
( -type f )
( -perm -2000 )
( ! -exec '${LsFind}' fSgid {} ; )
)'
# Search: Search for any object that has the set-UID or the set-GID
# bits ("s" set, inclusively.
# Criteria: * must either have the "set-UID" or "set-GID" bits set
fSuid='(
( -type f )
( -perm -4000 )
( ! -exec '${LsFind}' fSuid {} ; )
)'
# Search: System Logs
fSystemLogs='(
( -type f )
( -name btmp -o -name messages*
-o -name wtmp -o -name *.Log
-o -name *.log -o -name syslog
-o -name loginlog -o -name sulog -o -name cronlog )
-a ( -perm -0020 -o -perm -0010 -o -perm -0002 -o -perm -0001 )
( ! -exec '${LsFind}' fSystemLogs {} ; )
)'
# Search: Search for any object that has uneven permissions
# assigned.
# Criteria: * must have the group-exec permission set AND NOT owner-exec OR
# * must have the group-write permission set AND NOT owner-write OR
# * must have the group-read permission set AND NOT owner-read OR
# * must have the world-exec permission set AND NOT owner-exec OR
# * must have the world-write permission set AND NOT owner-write OR
# * must have the world-read permission set AND NOT owner-read OR
# * must have the world-exec permission set AND NOT group-exec OR
# * must have the world-write permission set AND NOT group-write OR
# * must have the world-read permission set AND NOT group-read OR
#
fUneven='(
( ( -type f ( ( -user -21 -o -group -20 ) -a -perm -0002 ) )
-a ( ( ! -perm -0100 -perm -0010 )
-o ( ! -perm -0200 -perm -0020 )
-o ( ! -perm -0400 -perm -0040 )
-o ( ! -perm -0100 -perm -0001 )
-o ( ! -perm -0200 -perm -0002 )
-o ( ! -perm -0400 -perm -0004 )
-o ( ! -perm -0010 -perm -0001 )
-o ( ! -perm -0020 -perm -0002 )
-o ( ! -perm -0040 -perm -0004 ) ) )
( ! -exec '${LsFind}' fUneven {} ; )
)'
# Search: Search for any object that has an owner whose UID is not
# registered in /etc/passwd. Search for any object that
# has a group-owner whose GID is not registered in /etc/group.
# Criteria: * must either have no valid owner or no valid group
fUnowned='(
( -nouser -o -nogroup )
( ! -exec '${LsFind}' fUnowned {} ; )
)'
DIRs=`ls -lL / | grep "^d" | egrep -v "proc$|vol$|xfn$|cdrom$|mnt$" | awk '{print "/"$9}'`
find ${DIRs} \( -fstype ufs \) \( ! -local -prune \) -o \( -local \( ${fWwritable} -o ${fWwdir} -o ${fMibfile} -o ${fSticky} -o ${fSticky2} -o ${fSgid} -o ${fSuid} -o ${fSystemLogs} -o ${fUneven} -o ${fUnowned} \) \) 1> ${tmpFind} 2> ${FindErrors}
rm -f ${LsFind} ${LsGrepFind} ${FindErrors}
exit 0
FindErrors=${WorkDir}/FindErrors
rm -f ${FindErrors}
LsFind='./LsFind'
cat <<-! 1> ${LsFind}
#!/bin/sh
echo \${1} \`ls -dlL "\${2}"\`
exit 0
!
LsGrepFind='./LsGrepFind'
cat <<-! 1> ${LsGrepFind}
#!/bin/sh
echo \${1} \`ls -dlL "\${3}"\` | grep \${2}
exit 0
!
chown 0:0 ${LsFind} ${LsGrepFind}
chmod 0700 ${LsFind} ${LsGrepFind}
# Search: Search for the location of world writable files
# Criteria: Must be world writable File
fWwritable='(
( -type f -perm -0002 ! -name /dev/null )
( ! -exec '${LsFind}' fWwritable {} ; )
)'
# Search: Search for the location of world writable directories
# Criteria: Must be world writable directory
fWwdir='(
( -type d -perm -0002 )
( ! -exec '${LsFind}' fWwdir {} ; )
)'
# Search: Search for the location of all mib files.
# Criteria: * must end with .mib and be a regular file
fMibfile='(
( -name *.mib )
( -type f )
( ! -exec '${LsGrepFind}' fMibfile / {} ; )
)'
# Search: Search for any directory objects that have the sticky-bit
# ("t"
assigned.# Criteria: * must be a directory
# * have the world-write permission AND the "sticky" bit not set
fSticky='(
( -type d -name tmp -o -name temp -o -name pkg -o -name uucppublic )
( -perm -0002 ! -perm -1000 )
( ! -exec '${LsFind}' fSticky {} ; )
)'
# Search: Search for any directory objects that have the sticky-bit
# ("t"
assigned.# Criteria: * must be a directory
# * have ther "sticky" bit set AND either of the following
# conditions:
# directory is owned by a non-privileged user
# OR
# directory is owned by a non-privileged group
fSticky2='(
( -type d )
( ( -perm -1000 ) ( -user +20 -o -group +19 ) )
( ! -exec '${LsFind}' fSticky2 {} ; )
)'
# Search: Search for any object that has the set-GID
# bits ("s"
set# Criteria: * must have the "set-GID" bit set
fSgid='(
( -type f )
( -perm -2000 )
( ! -exec '${LsFind}' fSgid {} ; )
)'
# Search: Search for any object that has the set-UID or the set-GID
# bits ("s"
set, inclusively.# Criteria: * must either have the "set-UID" or "set-GID" bits set
fSuid='(
( -type f )
( -perm -4000 )
( ! -exec '${LsFind}' fSuid {} ; )
)'
# Search: System Logs
fSystemLogs='(
( -type f )
( -name btmp -o -name messages*
-o -name wtmp -o -name *.Log
-o -name *.log -o -name syslog
-o -name loginlog -o -name sulog -o -name cronlog )
-a ( -perm -0020 -o -perm -0010 -o -perm -0002 -o -perm -0001 )
( ! -exec '${LsFind}' fSystemLogs {} ; )
)'
# Search: Search for any object that has uneven permissions
# assigned.
# Criteria: * must have the group-exec permission set AND NOT owner-exec OR
# * must have the group-write permission set AND NOT owner-write OR
# * must have the group-read permission set AND NOT owner-read OR
# * must have the world-exec permission set AND NOT owner-exec OR
# * must have the world-write permission set AND NOT owner-write OR
# * must have the world-read permission set AND NOT owner-read OR
# * must have the world-exec permission set AND NOT group-exec OR
# * must have the world-write permission set AND NOT group-write OR
# * must have the world-read permission set AND NOT group-read OR
#
fUneven='(
( ( -type f ( ( -user -21 -o -group -20 ) -a -perm -0002 ) )
-a ( ( ! -perm -0100 -perm -0010 )
-o ( ! -perm -0200 -perm -0020 )
-o ( ! -perm -0400 -perm -0040 )
-o ( ! -perm -0100 -perm -0001 )
-o ( ! -perm -0200 -perm -0002 )
-o ( ! -perm -0400 -perm -0004 )
-o ( ! -perm -0010 -perm -0001 )
-o ( ! -perm -0020 -perm -0002 )
-o ( ! -perm -0040 -perm -0004 ) ) )
( ! -exec '${LsFind}' fUneven {} ; )
)'
# Search: Search for any object that has an owner whose UID is not
# registered in /etc/passwd. Search for any object that
# has a group-owner whose GID is not registered in /etc/group.
# Criteria: * must either have no valid owner or no valid group
fUnowned='(
( -nouser -o -nogroup )
( ! -exec '${LsFind}' fUnowned {} ; )
)'
DIRs=`ls -lL / | grep "^d" | egrep -v "proc$|vol$|xfn$|cdrom$|mnt$" | awk '{print "/"$9}'`
find ${DIRs} \( -fstype ufs \) \( ! -local -prune \) -o \( -local \( ${fWwritable} -o ${fWwdir} -o ${fMibfile} -o ${fSticky} -o ${fSticky2} -o ${fSgid} -o ${fSuid} -o ${fSystemLogs} -o ${fUneven} -o ${fUnowned} \) \) 1> ${tmpFind} 2> ${FindErrors}
rm -f ${LsFind} ${LsGrepFind} ${FindErrors}
exit 0