Commit Graph

76 Commits

Author SHA1 Message Date
atatat bc451d0928 The check_rootdotfiles section mucks with the PATH setting, but
never puts it back properly.  As such, jobs run later that expect
there to be a path will lose badly (eg, run lintpkgsrc -i from
security.local).  Let's just re-export the PATH.
2002-06-10 16:04:48 +00:00
lukem 1dfde69630 Support shell metacharacters (`*', '?', '[') in /etc/changelist lines,
including checks for "backups that exist when actual file is deleted", a la
the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks.
This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
2002-05-21 13:50:46 +00:00
lukem 9fe1ef5dc8 Add nullfs to the list of file system types to skip during the "big finds".
Fix from Alan Barrett in [misc/14957].
2001-12-18 00:44:20 +00:00
lukem 949fa9ae03 remove blank lines from the lists of files to backup_and_diff 2001-11-09 09:01:20 +00:00
lukem 11336572c3 add -dgq to check_pkgs ls(1). suggested by @@@ 2001-10-18 16:08:24 +00:00
taca 4f34915dce Add -T option to ls(1) when -l option is specified.
This fixes none-changed files under ${backup_dir}/pkgs as bellow:

======
/var/backups/pkgs diffs (OLD < > NEW)
======
159c159
< -rw-r--r--  1 root  wheel     528 Apr 19 01:11 ja-less-332/+CONTENTS
---
> -rw-r--r--  1 root  wheel     528 Apr 19  2001 ja-less-332/+CONTENTS
2001-10-18 14:50:17 +00:00
lukem 98228effd2 Use "nodiff" instead of "nomail" for the tag which is used to exclude
files from having the changes diff generated.  Suggested by Michael Graff.
2001-10-15 03:00:22 +00:00
lukem 74cf1ec6f4 minor optimisation suggested by christos 2001-10-14 00:42:31 +00:00
lukem 6c2d977e6f A few more changes, from more discussions with Andrew Brown.
- Resurrect /etc/changelist, even if it's an "empty" file by default,
  because it's easier to use than /etc/mtree/special.local for adding
  a couple of simple files. Back by popular demand (hi @@@! :-)
- Add /etc/rc.d/* to the list of "dynamic" files; this notices changes
  in user-added scripts
- Only calculate the mtree -I nomail list once, and re-use
- Use "cat foo | while read file" instead of "for file in `cat foo`" ;
  handles whitespace better...
2001-10-13 14:22:11 +00:00
lukem 96a1608ee4 Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.
Features:
- Add a bunch of stuff to /etc/mtree/special to enable removal of
  /etc/changelist:
	- files which we want to monitor for changes but don't want to
	  see the diffs of (master.passwd, ssh_host_key, ...) are
	  tagged with "nomail"
	- files which we don't want to monitor are tagged with "exclude"
	  (such as netgroup.db, kvm.db, ...)
	- monitor /etc/mtree/special.local, /root/.ssh/*
	- remove /etc/changelist, and a bunch of XXX comments
	- use mtree(8)'s -D, -I, and -E to generate lists of files to
	  actually do the changelist stuff on.
	- support /etc/mtree/special.local as an optional user-provided
	  version of /etc/mtree/special (effectively, an enhanced
	  /etc/changelist)
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
  including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
  the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts

Details:
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
  with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
  in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
  from the old `top level' /var/backups mechanism to the `full path'
  mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
  and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math
2001-10-12 05:18:23 +00:00
lukem a938c1418c minor whitespace fix 2001-10-05 01:06:17 +00:00
lukem 8c4fc91c36 replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir" 2001-10-03 15:41:25 +00:00
cjs 350cdd6a80 Since we store the output of ls for use later, make sure that we have TZ=UTC.
(Otherwise time zone changes cause us to believe that files have changed
when they have not.)
2001-10-03 07:04:32 +00:00
lukem f263bbb1eb - clean up a couple of comments
- reformat some awk blocks
- replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"
2001-10-03 00:12:17 +00:00
atatat 9202500182 Add a chunk of code to check the installed pkgs list by making a list
of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.

Greg Woods gets points for coming up with the idea.

Luke Mewburn asked me to do it, and provided lots of criticism along
the way.
2001-10-01 02:21:20 +00:00
lukem 5a212acf6e remove acd (non existant), add ld (for hw raid logical drives) 2001-09-24 03:19:43 +00:00
perry 5f93a646a5 add raid, remove cd drives and floppy drives from the nightly disk
permissions checks.

note: This whole thing needs to be rototilled. And yes, I'm
volunteering to do it.
2001-09-23 19:51:20 +00:00
perry 247041e342 Update the password sanity checking thusly:
1) If a password entry is of the form \*[A-z-]+, do not complain that
   the account is off but has a valid password. Thus you can do
   passwords like *ssh to indicate ssh only logins.
   We should come up with a standard scheme for what various *keywords mean.
   Note that if the field length is 13, 20 or 34 you'll still get
   bitched at.
   This code should be cleaned up. (So should the password scheme.)
2) If the entry is for "toor", don't complain that the account is off
   but has a valid shell. We ship with toor:*:, there is no point in
   complaining about it.

Part of the campaign against spurious security warning output.
2001-09-23 19:10:25 +00:00
perry 215d097e45 run mtree on the special file using the new -l option, so it will not
complain about things like files set 444 instead of 644.

part of the campaign against spurious output in the nightly security run.
2001-09-22 04:06:23 +00:00
simonb e60403a3f9 Remove rz/tz support for pmax, switch to MI SCSI. 2001-08-26 11:55:38 +00:00
lukem 684e89f355 use mktemp(1) to create temporary directories, and ensure that cleanup traps
are setup asap.
2001-06-18 10:54:02 +00:00
lukem bd7fad6c47 use symbolic signal names instead of numbers 2001-06-14 07:50:06 +00:00
atatat 6534ee3cfb When backing files listed in /etc/changelist, instead of truncating
to the basename of the file, use the whole path with $backup_dir
prepended, in effect mirrorring the directory tree.  This eliminates
the possibility of a name collision.

Closes pr bin/12727.
2001-05-10 14:19:27 +00:00
atatat 4e1cbd39fe Allow embedded hyphens in user names (and group names), just not as the
first or last character.
2001-05-10 14:10:15 +00:00
atatat 2811b1707a Provide the capability of storing backups via RCS instead of just a
"current" and a "last" (which is useless if you wanna know what you
changed last week).  Set the default to on.
2001-04-04 03:17:19 +00:00
hubertf efc93d040b Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf).

Fixes PR 12267.
2001-03-15 02:23:47 +00:00
atatat a99a7deee1 Allow md5 passwords of length 34 as passwords 2001-03-12 16:48:13 +00:00
jdolecek 4ceebb1156 Introduce max_grouplen - this determines the maximum permitted length
of group names, similarily to max_loginlen
2001-02-11 09:55:09 +00:00
abs 6258e0bf60 Add a new variable 'backup_dir', which can be used to change the backup
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
2001-01-09 17:30:29 +00:00
lukem 0c70e530af use ${foo##*/} instead of `basename $foo`. as suggested (with minor variation)
by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>
2000-10-07 07:36:56 +00:00
christos b4266bbcb7 PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames
that start with -.
2000-09-10 21:27:50 +00:00
sommerfeld 9928e1fe95 Fix pr9320: improve umask checking for root's dotfiles.
Now even notices bogus umasks like 044
2000-07-02 22:27:47 +00:00
ad fb3a33ff99 We may as well allow local additions to /etc/security, since it gets done
for the other periodic checks.
2000-05-26 17:08:21 +00:00
itojun 13c8f7a2df check /etc/mail/aliases on check_aliases.
/etc/aliases will be checked as well, if exists (for backward compatibility).
2000-05-05 18:28:53 +00:00
fair 065c791de8 Add skeyaudit to /etc/security (with a variable to disable) per PR 5871 2000-04-24 23:46:37 +00:00
christos e597a72d0b Use cat -f to avoid denial of service attacks by people who make .rhosts
files fifos.
2000-01-15 01:15:12 +00:00
perry 4220708c27 We already had logic not to try to grab the disklabels of md's and
fd's -- add cd's to the list.
1999-09-05 15:11:42 +00:00
hubertf 8b10c79f68 Use standard variable "$0" for the whole line instead of the non-standard,
undocumented "$LINE".

Submitted in PR 7041 by Greg A. Woods <woods@weird.com>
1999-07-22 00:47:50 +00:00
kleink 357a0baaf8 Get rid of old-style chown operands. 1999-04-23 08:20:28 +00:00
wrstuden ee6f8c2579 Add a commented-out duplicate id checker which doesn't exclude toor, and
add a comment saying how to switch it on.
1999-03-17 19:11:05 +00:00
wrstuden d32be9a273 Modify duplicate user id check to exclude "toor". Any other uid 0
accounts will generate a message with that (those) account names, root, and
toor present in the list.
1999-03-17 02:58:11 +00:00
fair 7153b55a87 Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home
directories with -maproot=nobody on the server. The argument to be
made is that if NetBSD's root can't read these files, it shouldn't
try to check them.
1999-03-16 06:18:17 +00:00
abs dade5b2993 Handle + in master.passwd (From PR#4802).
Also, handle + in group and allow max_loginlen to be configurable.
1999-02-18 18:53:32 +00:00
tv 850ab15c3b Nix "Login %s is off but still has a valid shell" warning for 20-character
encrypted passwords generated by the NEWSALT option to passwd(1).
1998-09-14 19:42:42 +00:00
lukem 3a3b03bdd7 * if $check_disklabels=YES, backup and compare of disklabels of current disks.
should detect added or removed disks as well. backup labels go in
  /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the
  changelist style backups have .current or .backup suffixes
* minor whitespace, formatting, and comment cleanup
1998-08-25 13:47:29 +00:00
lukem 8f59ce8e35 include rc.subr and use appropriately 1998-01-26 12:02:43 +00:00
mycroft dae4e5df82 Deal with files in the changelist that are added or removed.
* When a file is removed, move its .current file to .backup.
* When a file is added, create its .current file.
* In either case, send a diff against /dev/null.
Mostly from Jim Bernard in PR 4183, with the removal case fixed.
1997-10-08 16:13:44 +00:00
lukem 90ec96df78 - use 'ftpd -C user' to check the format of /etc/ftpusers.
closes [security/4061]
- rename $MPPATH to $MPBYPATH, to clarify its use
1997-09-23 14:36:56 +00:00
lukem f09b5e36c7 - don't print "Checking setuid files and devices:" if no problems
found (solves [security/4047])
- minor cleanup (rename a couple of variables, etc)
1997-09-18 05:16:19 +00:00
lukem 89fa41e9da - correct use of generated temporary files.
- clean up comments and generated output.
- clean up $SECUREDIR if SIGINT or SIGQUIT received.
- .rhosts may have to be world readable in NFS environments, so allow it to be.
- update list of disks to check for reasonable permissions
- don't show differences in /etc/master.passwd, as the encrypted strings may
  be sent. From reading comments earlier in the script, this was the intention
  anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994].
- when checking /etc/ftpusers, skip comment lines and only match full
  usernames.
  XXX: this should be enhanced to check lines of the enhanced ftpusers format.
1997-08-22 09:40:17 +00:00