-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmisc.chk
More file actions
executable file
·173 lines (149 loc) · 4.08 KB
/
misc.chk
File metadata and controls
executable file
·173 lines (149 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
:
#
# Usage: misc.chk
#
# This shell script checks a variety of miscellaneous potential
# security problems that really don't belong anywhere else.
#
# Right now this looks for to see if tftp & rexd are enabled,
# to check if the uudecode alias is in the mail alias file and
# not commented out, and if uudecode can create a SUID file.
#
# Mechanism: tftp.chk will try to get /etc/motd from the localhost.
# Not much too it; just connect and try to get it. For rexd, just
# look in the /etc/{inetd.conf,servers} file to see if it's enabled (e.g.,
# not commented out).
#
# Warning: it may take a minute or so to complete the test, since tftp
# might take a while to get the test file, or it may take a while to time
# out the connection (which is what usually happens if the test fails.)
#
# Location of stuff:
TFTP=/usr/ucb/tftp
GREP=/bin/grep
ECHO=/bin/echo
TEST=/bin/test
AWK=/bin/awk
SED=/bin/sed
RM=/bin/rm
UUDECODE=/usr/bin/uudecode
CMP=/bin/cmp
# shells to look for in inetd.conf:
all_shell_dirs="/bin /usr/bin /usr/local/bin"
all_shells="sh csh ksh tcsh bash zsh"
for dir in $all_shell_dirs ; do
for shell in $all_shells ; do
if $TEST -f $dir/$shell ; then
shells=$shells" "$dir/$shell
break
fi
done
done
# look for uudecode alias in $aliases
aliases=/usr/lib/aliases
uu=decode
# look for rexd in $inetd; this file could be "/etc/servers", too!
if $TEST -f "/etc/inetd.conf" ; then
inetd="/etc/inetd.conf"
elif $TEST -f "/usr/etc/inetd.conf" ; then
inetd="/usr/etc/inetd.conf"
elif $TEST -f "/etc/servers" ; then
inetd="/etc/servers"
fi
# else give up!
rexd=rexd
# tmp and target file
TARGET=/etc/motd
TMP=./tmp.$$
# Read from $inetd to see if daemons are running.
# Comments are lines starting with a "#", so ignore.
# Checking for rexd:
#
# If sysV based
if $TEST "$inetd" = "/etc/servers" ; then
if $TEST -n "`$AWK '{if($1~/^#/)next;else if(\"'$rexd'\"==$3)print}' $inetd`" ; then
$ECHO Warning! $rexd is enabled in $inetd!
fi
# 3rd field is program?
files=`$AWK '{if ($1 ~ /^#/) next; else print $3}' $inetd`
# else BSD (e.g. the right way :-))
else
if $TEST -n "`$AWK '{if ($1 ~ /^#/) next; else if (\"'$rexd'\" == $NF) print}' $inetd`" ; then
$ECHO Warning! $rexd is enabled in $inetd!
fi
# 6th field is program:
files=`$AWK '{if ($1 ~ /^#/) next; else print $6}' $inetd`
fi
# Check to see if anything started $inetd is writable or is
# the same size as a user shell:
if $TEST -n "$files" ; then
for i in $files ; do
# use chk_strings if paranoid; e.g. "chk_strings $i"
if $TEST -r $i ; then
# ./is_able $i w w
if ./is_writable $i ; then
$ECHO "Warning! File $i (in $inetd) is _World_ writable!"
fi
for shell in $shells ; do
if $TEST -z "`$CMP $shell $i 2> /dev/null`"
then
$ECHO Warning! Shell $shell is \(hidden\?\) in $inetd as $i!
fi
done
fi
done
fi
# Checking for uudecode alias:
res=`$SED -n '/^[^#]*|*"'$uu'"/p' $aliases`
if $TEST -n "$res"
then
$ECHO Warning! $uu is enabled in $aliases!
fi
if $TEST -f $TMP ; then
# $ECHO "You've got to be kidding. Tmp file $TMP already exists!"
exit 1
fi
# uucode stuff -- thanks to pete shipley...
$UUDECODE << EOD_
begin 4755 ./foobar.$$
end
EOD_
if $TEST -n "`./is_able $UUDECODE s s`" ; then
$ECHO Warning! $UUDECODE is SUID!
fi
if $TEST -n "`./is_able ./foobar.$$ s s`"; then
$ECHO Warning! $UUDECODE creates setuid files!
fi
$RM -f ./foobar.$$
# The rest is all for tftp stuff:
#
# Get the local hostname...
if $TEST -s /bin/hostname ; then
HOSTNAME=`/bin/hostname`
elif $TEST -s /bin/uname ; then
HOSTNAME=`/bin/uname -n`
elif $TEST -s /usr/bin/uuname ; then
HOSTNAME=`/usr/bin/uuname -l`
fi
if $TEST -z "$HOSTNAME" ; then
HOSTNAME="foobar"
fi
if $TEST -z "$HOSTNAME" ; then
# $ECHO "Unable to find hostname"
exit 1
fi
# Do the dirty work -- check tftp for the localhost, if it was found;
# this might take a bit, since tftp might have to time out.
{
$TFTP << _XXX_
connect $HOSTNAME
get $TARGET $TMP
quit
_XXX_
} > /dev/null 2> /dev/null
if $TEST -s $TMP ; then
$ECHO "Warning! tftp is enabled on $HOSTNAME!"
fi
$RM -f $TMP
exit 0
# end of script