Commit Graph

110 Commits

Author SHA1 Message Date
christos 6f0af47a9f too much quoting. pointed by anon ymous 2011-03-02 17:00:28 +00:00
christos 4f848eee4b `` -> $() 2010-12-27 03:38:52 +00:00
jmmv 53cb2117e8 Deprecate the pkgdb_dir settings from daily.conf and security.conf in
favor of the PKG_DBDIR variable in /etc/pkg_install.conf.  The purpose
of this is to only have to define the location of the packages database
in a single place and have all other system components pick it up.

pkgdb_dir is still honored if defined and the scripts will spit out a
warning in that case, asking the administrator to migrate to the
PKG_DBDIR setting.  We can't remove this compatibility workaround until,
at least, after NetBSD 6 is released.
2010-02-05 16:29:02 +00:00
jmmv 497b5f8044 Add the fetch_pkg_vulnerabilities option to the daily script to keep the
packages vulnerability database up to date.  This will only fetch the
file from the server if it has changed since the last run.

Add the check_pkg_vulnerabilities and check_pkg_signatures options to the
security script to check that the installed packages are sane.

All of these options are enabled by default but they will only run if
there is, at least, one installed package.
2010-01-19 22:08:11 +00:00
haad a4e585254c Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@. 2009-01-27 10:32:18 +00:00
dholland d08cb6cf65 Handle non-trivial NIS compat entries (like +joe:::::::::) in the password
file. Fixes (my own) PR bin/33138.

reviewed: christos
2007-11-23 15:51:27 +00:00
adrianp 67b08a07ec The location of the pkg_info binary can now be specified in /etc/security.conf.
The default remains as /usr/sbin/pkg_info.  This should fix PR# 36746.
2007-08-27 19:57:02 +00:00
tron b21dec1752 Add code to monitor the disk wedges (see dk(4)) configured on the
system. Based on a patch contributed by Andreas Wrede in PR misc/36747.
2007-08-09 07:50:58 +00:00
martti d405da7f9d Use "mktemp -d -t xxx" to create the temporary directories. This will use
TMPDIR environment variable if set, otherwise use /tmp.  (misc/35544)
2007-06-06 13:30:47 +00:00
jnemeth f2e950685d PR/36058 -- fix check for group/other writable home directories from
Jukka Salmi
2007-03-27 08:37:58 +00:00
tron 820a357648 Improve security check for "/etc/exports":
1.) Properly handle line continuation and network exports.
2.) Make the report more compact.

Patch contributed by Jukka Salmi in PR bin/24583.
2006-09-26 08:32:40 +00:00
jmcneill 64b4f9dcf8 PR #26490: /etc/security is not aware of sha1 passwords 2006-09-23 04:07:01 +00:00
lukem 6d23caf285 Implement check_devices_ignore_paths, which is a list of paths to
avoid traversing during check_devices.
2006-05-25 02:38:10 +00:00
veego f43a65b85e Don't try to backup a 'nfs' disklabel, which will happen because of the
recent iostat changes.
Patch supplied in pr# 33274 by Geoff C. Wing.
2006-04-17 07:38:53 +00:00
rpaulo 17c8f9e65d PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan. 2006-01-29 23:17:24 +00:00
peter 271ad04cd9 Allow an underscore as first character and embedded underscores & dots
for login and group names.

Fixes PR misc/29913 from Arto Selonen.
2005-04-11 15:46:42 +00:00
jdolecek 8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
kim f7dc8a9650 When checking /etc/exports, account for "-network=XXX" as restricting
the mount (i.e. it is not considered globally exported).

Fixes PR: 26890
2004-11-21 19:00:12 +00:00
erh 7da8bb106d PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.
2004-09-28 15:03:58 +00:00
lukem 610ee5bd6f Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M".
This allows users to override mtree/special entries in mtree/special.local,
which is useful if you've replaced a directory with a symlink (for example).
This effectively makes $check_mtree_follow_symlinks=YES pointless, but
I'm retaining that for compatibility reasons.

Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex),
which has existed for a long time but only failed with our awk; GNU awk seems
to have permitted this.  (This meant that the duplicate UID check was broken
when using our awk.)

Rename some temp files to more accurately reflect their purpose, to
aid debugging.
2004-07-23 06:12:16 +00:00
kim 4d55452261 Catch STDERR from /etc/security.local (not just STDOUT). 2004-04-09 17:33:35 +00:00
jmmv 3c8a1444d9 Introduce and use the rcvar_manpage variable, which contains the manual page
name where the user should look at for documentation about rcvar.  It defaults
to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.

This variable is useful to let the daily, weekly, monthly and security scripts
tune the warning message shown when any of the variables they handle is not
properly set.

Closes PR misc/23908.
2004-04-02 13:13:47 +00:00
jdolecek ba30c144ea add missing && in the home directory group writability condition;
gawk somehow coped even without (defaults to && ?), but nawk printed
bogus warnings (defaults to || ?)
2004-02-09 09:04:13 +00:00
jhawk 6a6c54a1d0 Provide a workaround for PR bin/12900.
When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty,
a "Device not configured" error is returned.

Filter mtree's stderr to ignore this error.

If fdesc is fixed to not behave in this fashion, this workaround can
be removed; bin/12900 should remain open until that time.
2003-11-19 20:28:19 +00:00
jhawk 3460455823 In check_varmail (mailbox ownership/permissions check):
Make ls -A explicit, to help n debugging when not run as root
    (-A is implied when ls is run as root)
  Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)
2003-11-18 03:30:40 +00:00
jhawk ea872628e6 XXX: note pairwise cascaded test inversion in permit_star.
Add checkyesno check_homes_permit_usergroups to allow group writability
  when the groupname matches the username.  Defaults to off.
2003-11-18 03:23:53 +00:00
jhawk 6a61a211cf Suppress output when running security.local if it produces no output.
/etc/security should produce no output (and thus suppress the report)
when nothing is wrong.

While we're here, use printf instead of two echos, like the rest of
the script.
2003-10-01 04:29:03 +00:00
jhawk 1d79603c81 Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
2003-02-21 22:47:51 +00:00
jhawk 687107d3c0 Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.
2003-02-13 02:42:06 +00:00
jhawk 1a4c8c0295 Add some flexibility to /etc/security, by way of security.conf options:
check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).
2003-02-13 01:55:10 +00:00
wiz 1035faff1d writable, not writeable. 2003-01-06 20:30:28 +00:00
elric 8efcaddaf6 Added .k5login to the list of files that are checked in each user's
home directory.

Addresses PR: security/18000
2002-08-20 07:53:51 +00:00
itojun 74377e4ab2 md5/bcrypt password starts with $[12], so use ^ in regex 2002-06-18 22:43:53 +00:00
itojun b9d4a3192a recognize md5/bcrypt password. noted by: Eric Jacoboni <jaco@teaser.fr> 2002-06-18 22:21:43 +00:00
atatat bc451d0928 The check_rootdotfiles section mucks with the PATH setting, but
never puts it back properly.  As such, jobs run later that expect
there to be a path will lose badly (eg, run lintpkgsrc -i from
security.local).  Let's just re-export the PATH.
2002-06-10 16:04:48 +00:00
lukem 1dfde69630 Support shell metacharacters (`*', '?', '[') in /etc/changelist lines,
including checks for "backups that exist when actual file is deleted", a la
the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks.
This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
2002-05-21 13:50:46 +00:00
lukem 9fe1ef5dc8 Add nullfs to the list of file system types to skip during the "big finds".
Fix from Alan Barrett in [misc/14957].
2001-12-18 00:44:20 +00:00
lukem 949fa9ae03 remove blank lines from the lists of files to backup_and_diff 2001-11-09 09:01:20 +00:00
lukem 11336572c3 add -dgq to check_pkgs ls(1). suggested by @@@ 2001-10-18 16:08:24 +00:00
taca 4f34915dce Add -T option to ls(1) when -l option is specified.
This fixes none-changed files under ${backup_dir}/pkgs as bellow:

======
/var/backups/pkgs diffs (OLD < > NEW)
======
159c159
< -rw-r--r--  1 root  wheel     528 Apr 19 01:11 ja-less-332/+CONTENTS
---
> -rw-r--r--  1 root  wheel     528 Apr 19  2001 ja-less-332/+CONTENTS
2001-10-18 14:50:17 +00:00
lukem 98228effd2 Use "nodiff" instead of "nomail" for the tag which is used to exclude
files from having the changes diff generated.  Suggested by Michael Graff.
2001-10-15 03:00:22 +00:00
lukem 74cf1ec6f4 minor optimisation suggested by christos 2001-10-14 00:42:31 +00:00
lukem 6c2d977e6f A few more changes, from more discussions with Andrew Brown.
- Resurrect /etc/changelist, even if it's an "empty" file by default,
  because it's easier to use than /etc/mtree/special.local for adding
  a couple of simple files. Back by popular demand (hi @@@! :-)
- Add /etc/rc.d/* to the list of "dynamic" files; this notices changes
  in user-added scripts
- Only calculate the mtree -I nomail list once, and re-use
- Use "cat foo | while read file" instead of "for file in `cat foo`" ;
  handles whitespace better...
2001-10-13 14:22:11 +00:00
lukem 96a1608ee4 Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features:
- Add a bunch of stuff to /etc/mtree/special to enable removal of
  /etc/changelist:
	- files which we want to monitor for changes but don't want to
	  see the diffs of (master.passwd, ssh_host_key, ...) are
	  tagged with "nomail"
	- files which we don't want to monitor are tagged with "exclude"
	  (such as netgroup.db, kvm.db, ...)
	- monitor /etc/mtree/special.local, /root/.ssh/*
	- remove /etc/changelist, and a bunch of XXX comments
	- use mtree(8)'s -D, -I, and -E to generate lists of files to
	  actually do the changelist stuff on.
	- support /etc/mtree/special.local as an optional user-provided
	  version of /etc/mtree/special (effectively, an enhanced
	  /etc/changelist)
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
  including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
  the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts

Details:
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
  with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
  in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
  from the old `top level' /var/backups mechanism to the `full path'
  mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
  and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math
2001-10-12 05:18:23 +00:00
lukem a938c1418c minor whitespace fix 2001-10-05 01:06:17 +00:00
lukem 8c4fc91c36 replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir" 2001-10-03 15:41:25 +00:00
cjs 350cdd6a80 Since we store the output of ls for use later, make sure that we have TZ=UTC.
(Otherwise time zone changes cause us to believe that files have changed
when they have not.)
2001-10-03 07:04:32 +00:00
lukem f263bbb1eb - clean up a couple of comments
- reformat some awk blocks
- replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
2001-10-03 00:12:17 +00:00
atatat 9202500182 Add a chunk of code to check the installed pkgs list by making a list
of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.

Greg Woods gets points for coming up with the idea.

Luke Mewburn asked me to do it, and provided lots of criticism along
the way.
2001-10-01 02:21:20 +00:00
lukem 5a212acf6e remove acd (non existant), add ld (for hw raid logical drives) 2001-09-24 03:19:43 +00:00