File: check

package info (click to toggle)
tiger 2.2.4-22
  • links: PTS
  • area: main
  • in suites: woody
  • size: 2,188 kB
  • ctags: 240
  • sloc: sh: 8,388; ansic: 2,109; makefile: 141; perl: 106
file content (107 lines) | stat: -rwxr-xr-x 2,496 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# SunOS/5/check - 06/14/93
#
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds GREP SED || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------

status=`/usr/kvm/eeprom |
        $GREP '^secur.*=' |
        $GREP -v 'badlogins' |
	$SED -e 's/^secur.*=\(.*\)$/\1/'`

[ ! -n "$status" -o "$status" = "none" ] && {
  message WARN no-id "" "The PROM monitor is not in secure mode."
}

#
# nfs:nfsportmon information due to Caspar Dik via comp.unix.solaris
#

nfsportmon=0
$SED -e 's/\*.*$//' -e '/^$/d' -e 's/=/ = /' /etc/system |
{
  while read _set var eq value
  do
    case "$var" in
      "nfs:nfs_portmon") nfsportmon="$value";;
    esac
  done

  [ "$nfsportmon" = 0 ] && {
    message WARN misc008w "" "NFS port checking disabled in kernel."
  }
}

if $SGREP "/sbin/sh.*/dev/console" /etc/rcS; then
  message WARN misc014w "" "/etc/rcS contains a vulnerability.  See explanation for details."
fi

[ -f /var/sadm/install/contents ] && {
  $EGREP '^/dev' /var/sadm/install/contents |
  while read file type x x x mode owner group pkg
  do
    [ "$type" = 'c' ] && {
      case "$file" in
	*clone*:ie|*clone*:le|*clone*:qe) {
	  [ "$mode" != 0600 ] && {
	    message WARN misc016w "" "$file is defined with mode \`$mode' in /var/sadm/install/contents; should be \`0600'."
	  }
	  [ "$owner" != root ] && {
	    message WARN misc017w "" "$file is defined with owner \`$owner' in /var/sadm/install/contents; should be \`root'."
	  }
	}
        ;;
      esac
    }
  done
}