1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
# create several DEFINEs
DEFINE CLIENT localhost
DEFINE SETUID -xdev -type f -perm /u+s,g+s \( -user root -or -group root \)
# set up the non-default USE variables
USE BASE /root/stealth/${CLIENT}
USE EMAIL root@${CLIENT}
# USE MAILER /usr/local/bin/stealthmail
USE MAILER /usr/bin/mail
USE MAILARGS -s "${CLIENT} STEALTH report"
USE SSH /usr/bin/ssh root@${CLIENT} /bin/bash -i
LABEL \nroot setuid/setgid files
CHECK LOG = remote/setuid \
/usr/bin/find / ${SETUID} -exec /usr/bin/sha1sum {} \;
LABEL \nfiles in /usr/local/etc
CHECK remote/etcsha1 \
/usr/bin/find /usr/local/etc -xdev -type f -exec /usr/bin/sha1sum {} \;
|
