[Autosec-devel] pmids check,1.5,1.6
Brought to you by:
red0x
Menu
▾
▴
[Autosec-devel] pmids check,1.5,1.6
|
From: <re...@us...> - 2003-11-18 03:21:42
|
Update of /cvsroot/autosec/pmids In directory sc8-pr-cvs1:/tmp/cvs-serv13301 Modified Files: check Log Message: Added uptime, who's logged in, and iptables statistics Index: check =================================================================== RCS file: /cvsroot/autosec/pmids/check,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** check 29 Sep 2002 18:57:37 -0000 1.5 --- check 18 Nov 2003 03:21:23 -0000 1.6 *************** *** 1,5 **** #!/bin/bash ! #Poor Man's IDS v1.6 by red0x # # User changeable options --- 1,5 ---- #!/bin/bash ! #Poor Man's IDS v1.7 by red0x # # User changeable options *************** *** 23,27 **** rm -f $outfile echo "Subject: Security Audit for $me.$dom" > $outfile ! echo "## PMIDS-1.6 CHECK invoked as $0" >> $outfile echo "## Sanity: working dir: $prefix" >> $outfile echo "## Checking scripts: " >> $outfile --- 23,27 ---- rm -f $outfile echo "Subject: Security Audit for $me.$dom" > $outfile ! echo "## PMIDS-1.7 CHECK invoked as $0" >> $outfile echo "## Sanity: working dir: $prefix" >> $outfile echo "## Checking scripts: " >> $outfile *************** *** 35,38 **** --- 35,54 ---- echo "" >> $outfile echo "Security Audit at: $dtime" >> $outfile + echo >> $outfile + + echo "Database dates: " >> $outfile + echo -n " db.bz2: " >> $outfile + echo `ls -lt db.bz2 | cut -f 20-23 -d ' '` >> $outfile + echo -n " dir.db.bz2: " >> $outfile + echo `ls -lt dir.db.bz2 | cut -f 20-23 -d ' '` >> $outfile + echo >> $outfile + + echo "#############################" >> $outfile + echo -n " Uptime: " >> $outfile + `which uptime` >> $outfile + `which who` >> $outfile + echo "#############################" >> $outfile + echo >> $outfile + echo "#############################" >> $outfile *************** *** 58,62 **** echo "#############################" >> $outfile ! /usr/bin/last -a > tmp.file grep "crash" < tmp.file >> $outfile rm -f tmp.file --- 74,78 ---- echo "#############################" >> $outfile ! /bin/last -a > tmp.file grep "crash" < tmp.file >> $outfile rm -f tmp.file *************** *** 69,73 **** echo "#############################" >> $outfile ! /usr/bin/last -a | grep root > tmp.file grep [.] < tmp.file >> $outfile # we are checking for .'s in a host name or ip address rm -f tmp.file --- 85,89 ---- echo "#############################" >> $outfile ! /bin/last -a | grep root > tmp.file grep [.] < tmp.file >> $outfile # we are checking for .'s in a host name or ip address rm -f tmp.file *************** *** 81,87 **** #kernel version number, not an ip address or hostname # and don't match X logins ! /usr/bin/last -a | grep [.] | grep -v "reboot" | grep -v ":0.0" >> $outfile echo "Done!" >> $outfile echo >> $outfile echo "#############################" >> $outfile --- 97,108 ---- #kernel version number, not an ip address or hostname # and don't match X logins ! /bin/last -a | grep [.] | grep -v "reboot" | grep -v ":0.0" >> $outfile echo "Done!" >> $outfile echo >> $outfile + echo "#############################" >> $outfile + echo "Listing iptables hits " >> $outfile + echo "#############################" >> $outfile + /sbin/iptables -vnL >> $outfile + echo "Dont!" >> $outfile echo "#############################" >> $outfile *************** *** 104,108 **** echo "#############################" >> $outfile ! for dir in $suidckdirs do $fd $dir -perm +4000 >> $outfile --- 125,129 ---- echo "#############################" >> $outfile ! for dir in $suidckdirs; do $fd $dir -perm +4000 >> $outfile *************** *** 122,126 **** $uarchive $prefix/dir.db.bz2 ! for dir2 in $dirsck do $lsp $lso $dir2 >> $dckfile --- 143,147 ---- $uarchive $prefix/dir.db.bz2 ! for dir2 in $dirsck; do $lsp $lso $dir2 >> $dckfile *************** *** 137,145 **** echo "Done!" >> $outfile echo >> $outfile ! echo "Poor Man's IDS 1.6 -- Copyright (c) 2001-2003 red0x <red0x [at] users [dot] sourceforge [dot] net>" >> $outfile echo "\$Id$" >> $outfile echo >> $outfile $mail $reporter < $outfile rm $outfile #mv $outfile $outfile.`date +%d-%m-%Y` # Save the old report --- 158,174 ---- echo "Done!" >> $outfile echo >> $outfile ! echo "Poor Man's IDS 1.7 -- Copyright (c) 2001-2003 red0x <red0x [at] users [dot] sourceforge [dot] net>" >> $outfile echo "\$Id$" >> $outfile echo >> $outfile + tstamp=`date +%d-%m-%Y` + $mail $reporter < $outfile + cat $prefix/header.html > $publish/$tstamp.html.pre + cat $outfile >> $publish/$tstamp.html.pre + cat $prefix/footer.html >> $publish/$tstamp.html.pre + sed "s/$/\<br\>/g" $publish/$tstamp.html.pre > $publish/$tstamp.html + chown apache:apache $publish/$tstamp.html + rm $publish/$tstamp.html.pre rm $outfile #mv $outfile $outfile.`date +%d-%m-%Y` # Save the old report |
