#!/bin/sh
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# 03/22/05 mk - Added /etc/ssh/sshd_config and /etc/ntp.conf
# 10/17/05 mk - Added /etc/inet/ntp.conf for Solaris systems
# 05/14/08 mk - Added /etc/login.defs
# 10/31/08 dmz - changed from /bin/bash to /bin/sh
# 10/31/08 dmz - changed an awk parameter from ] to }
# 10/31/08 dmz - removed shadow & password contents from report for security
# 01/27/09 dmz - changed find parameter -depth position so it would not give errors
# 01/27/09 dmz - added chkconfig to show default startup services
# 01/27/09 dmz - added checking of /etc/shadow for password / account settings
# 01/27/09 dmz - added lsof -i -P -n and netstat -tcp -udp -listening
# 01/27/09 dmz - added chage check for account
# 07/14/09 dmz - added pam.d files and remove pw has from cat master.passwd
# - get sudoers, a few syslogs (300lines), last few to logon
# - ifconfig
# 04/07/11 mk - added output of iptables
sys=`hostname`_`date|/usr/bin/awk '{print $2}'`-`date|/usr/bin/awk '{print $3}'`
SCRIPT_START_TIME=`date`
SCRIPT_OS=`uname -s`
os_flavor=`uname -a|awk '{print $2}'`
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#Start the "INTRODUCTION" routine
#
echo
echo
echo " DOES NOT need to be compiled, this is a shell script."
echo " should run on ALL Unix and Linux systems."
echo " This script makes no changes to the system."
echo " WILL provide a clean view of the system's SECURITY POSTURE."
echo
echo
echo
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " C U S T O M E R S E N S I T I V E " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Security Posture Report" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo $SCRIPT_START_TIME >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#
echo "Searching for System Identification"
#
echo "+++++ SYSTEM Identification +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Uname: `uname -a` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Hostname: `hostname` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Domainname: `domainname` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Hostid: `hostid` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Accountability "
#-------------------------------------------------------------------
#
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Account and Log file Attributes"
#
echo >>$sys.rpt 2>>errors.txt
echo "++++++ ACCOUNTING & LOG FILES ATTRIBUTES +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /usr/adm/lpacct,owner daemon,group daemon, 644" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "+ /usr/adm/aculog,owner uucp,group daemon, 664" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/aculog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/aculog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/aculog >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#echo " >>>> Access: Identification and Authentication "
#-------------------------------------------------------------------
#
echo "+++++ IDENTIFICATION & AUTHENTICATION +++++ " >>$sys.rpt 2>>errors.txt
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD FILE LISTING:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
cat /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
# echo "Checking for /etc/shadow file"
#
#echo " " >>$sys.rpt 2>>errors.txt
#echo " " >>$sys.rpt 2>>errors.txt
#echo "+ /ETC/SHADOW FILE LISTING" >>$sys.rpt 2>>errors.txt
#echo " " >>$sys.rpt 2>>errors.txt
# if [ -r /etc/shadow ]
# then
# cat /etc/shadow >>$sys.rpt 2>>errors.txt
# else
# echo "File not found" >>$sys.rpt 2>>errors.txt
# fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /.secure/etc/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD FILE LISTING" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /.secure/etc/passwd ]
then
cat /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/passwd.adjunct file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD.ADJUNCT FILE LISTING" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd.adjunct ]
then
cat /etc/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/master.passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD FILE LISTING:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
#cat /etc/master.passwd >>$sys.rpt 2>>errors.txt
awk < /etc/master.passwd -F: '{print $1,$3,$4,$5,$6,$7,$8,$9,$10}'
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with no Passwords"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ Users with no passwords: +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for empty shadow password parameters (note: no password hashes gathered)"
echo >>$sys.rpt 2>>errors.txt
echo "+++ Empty Shadow Password parameters: +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/shadow ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SHADOW" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/shadow >>$sys.rpt 2>>errors.txt
else
echo "/etc/shadow : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking account chage"
cat /etc/passwd|grep home|grep -v false|cut -d":" -f 1|xargs -n 1 chage -l >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
if [ -r /.secure/etc/passwd ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
if [ -r /etc/security/passwd.adjunct ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/master.passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for I&A HP-UX style"
echo >>$sys.rpt 2>>errors.txt
echo "+++ HP-UX Style User Files +++ " >>$sys.rpt 2>>errors.txt
if [ -d /tcb/files/auth ]
then
SCRIPT_USERFILES=`find /tcb/files/auth -type f -print`
for USERFILE in $SCRIPT_USERFILES
do
ls -lL $USERFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls $USERFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl $USERFILE >>$sys.rpt 2>>errors.txt
fi
done
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Duplicate UIDS"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ DUPLICATE UIDS +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /.secure/etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /.secure/etc/passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/security/passwd.adjunct ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/security/passwd.adjunct|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/master.passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/master.passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with no Shells"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++ USERS WITH NO SHELLS +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /.secure/etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/security/passwd.adjunct ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/master.passwd file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/default/login file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/DEFAULT/LOGIN File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/login ] >>$sys.rpt 2>>errors.txt
then
cat /etc/default/login >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/login : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/default/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/DEFAULT/PASSWD File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/passwd ]
then
cat /etc/default/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/passwd: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/login.defs file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/login.defs File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/login.defs ]
then
cat /etc/login.defs >>$sys.rpt 2>>errors.txt
else
echo "/etc/login.defs: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/pam.d files"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/pam.d File Listings +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/pam.d ]
then
find /etc/pam.d/ -type f -print -exec cat {} \; >>$sys.rpt 2>>errors.txt
else
echo "/etc/pam.d: Directory not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/sudoers file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/sudoers File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/sudoers ]
then
cat /etc/sudoers >>$sys.rpt 2>>errors.txt
else
echo "/etc/sudoers: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Login and password settings from /etc/shadow"
echo "Login and password settings from /etc/shadow" >>$sys.rpt 2>>errors.txt
#
if [ -r /etc/shadow ]
then
awk < /etc/shadow -F: '{print "user: ",$1,"\n sp_lstchg: ",$3,"\n sp_min: ",$4,"\n sp_max: ",$5,"\n sp_warn: ",$6,"\n sp_inact: ",$7," \n sp_expire: ",$8,"\n--------------------\n" }' >>$sys.rpt 2>>errors.txt
else
echo "/etc/shadow: File not found"
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/group file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/GROUP File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
cat /etc/group >>$sys.rpt 2>>errors.txt
else
echo "/etc/group : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Duplicate Group IDs"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++ DUPLICATE GROUP IDs +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
cat /etc/group|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/group file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Groups with no Members "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ GROUPS WITH NO MEMBERS +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
/usr/bin/awk -F: '{if ($4=="") print $1}' /etc/group >>$sys.rpt 2>>errors.txt
else
echo "/etc/group : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/shell file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/SHELLS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Standard shells:sh,csh,ksh,rcsh,rsh " >>$sys.rpt 2>>errors.txt
echo "& /bin/tcsh. Check all other shells " >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/shells file" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/shells ]
then
cat /etc/shells >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/shells file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for SUN EEPROM Settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for SUN EEPROM Security +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
eeprom | grep security >>$sys.rpt 2>>errors.txt
echo "Checking for IRIX NVRAM Settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for IRIX NVRAM Security +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
nvram -v >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Running Process Information"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ RUNNING PROCESSES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ps -ef >>$sys.rpt 2>>errors.txt
ps -xafw >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Configured Services"
#
echo >>$sys.rpt 2>>errors.txt
chkconfig –list | grep on >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Root Environment"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT ENVIRONMENT +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
set >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#echo " Getting Files In Root Path"
#
#echo >>$sys.rpt 2>>errors.txt
#echo "+++++ FILES IN ROOT PATH +++++ " >>$sys.rpt 2>>errors.txt
#echo >>$sys.rpt 2>>errors.txt
#-------------------------------------------------------------------
#echo " >>>> Access: Discressionary Access Controls "
#-------------------------------------------------------------------
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking the Umask "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The UMASK should be 022, 027, or 077 +++++" >>$sys.rpt 2>>errors.txt
echo "This is the UMASK: `umask`" >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files without user ownership (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WITHOUT USER OWNERSHIP +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Files with no associated uid in /etc/passwd:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -nouser -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files without group ownership (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WITHOUT GROUP OWNERSHIP +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Files with no associated uid in /etc/passwd:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -nogroup -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking File Systems and their Capabilities"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILE SYSTEMS & THEIR CAPABILITIES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
df -k >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/MNTTAB File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/mnttab ]
then
cat /etc/mnttab >>$sys.rpt 2>>errors.txt
else
echo "/etc/mnttab : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ /ETC/DEFAULT/FS File Listing +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/fs ]
then
cat /etc/default/fs >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/fs : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Directories that should be Mode 511 or 711"
#
echo >>$sys.rpt 2>>errors.txt
echo "++ DIRECTORIES THAT SHOULD BE MODE 511 or 711 ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /bin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /bin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /bin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/bin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/bin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/ucb >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/ucb >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/ucb >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /lib >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /lib >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /lib >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Files that should have the Sticky bit set "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES SHOULD HAVE THE STICKY BIT SET +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /tmp, owner root, check for the sticky bit " >>$sys.rpt 2>>errors.txt
ls -lLd /tmp >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/tmp, owner root, check for the sticky bit " >>$sys.rpt 2>>errors.txt
ls -lLd /usr/tmp >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Owner Group & Mode Attributes"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ OWNER GROUP & MODE ATTRIBUTES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/spool/mail file 'BSD', mode 777:" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/mail >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/mail >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/mail >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/mail file 'ATT', mode 775:" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/mail >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/mail >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/mail >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/etc/yp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/etc/yp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/etc/yp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/etc/yp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /var/spool/yp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /var/spool/yp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/spool/yp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/spool/yp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /export/root, mode 700" >>$sys.rpt 2>>errors.txt
ls -lLd /export/root >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /export/root >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /export/root >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/utmp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /etc/utmp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/utmp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/utmp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/sm, mode 2755" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/sm >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/sm.bak, mode 2755" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/sm.bak >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm.bak >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm.bak >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/state, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/state >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/state >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/state >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/motd, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/motd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/motd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/motd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/mtab, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/mtab >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/mtab >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/mtab >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/syslog.pid, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/syslog.pid >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking Ownerships and Permissions on UUCP Files "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Ownership and Permissions of UUCP Files +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uucp, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/cu, owner bin, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/cu >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/cu >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/cu >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uudecode, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuencode, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuname, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuname >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuname >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuname >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uusend, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uusend >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uusend >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uusend >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uustat, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uustat >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uustat >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uustat >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuto, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuto >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuto >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuto >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uux, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uux >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uux >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uux >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucppublic, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L-devices, owner uucp, group daemon, mode 444" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.sys, owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.aliases, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.cmds, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/SEQF, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/SQFILE owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/USERFILE owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Systems owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucico, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuclean, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuxqt, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Devices, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Dialcodes, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Dialers, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L-dialcodes, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L_stat, owner uucp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L_sub, owner uucp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Maxuuscheds, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Maxuuxqts, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Permissions, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Poll, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/remote.unknown, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucheck, owner uucp, mode 110" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucleanup, owner uucp, mode 110" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.admin, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.clean, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.day, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.hour, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.hr, owner uucp, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.poll, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.wk, owner uucp, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uulog, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uupick, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uusched, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uusub, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuto, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Uutry, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/.XQTDIR, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/ERRLOG, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/LOGFILE, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/SYSLOG, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Admin, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Corrupt, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Log, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Old, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Sequence, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Status, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Workspace, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking user home directories"
#
echo >>$sys.rpt 2>>errors.txt
echo " ++ HOME DIRECTORY LISTING ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
HOMEDIRS=`ls /home`
for HOME_ENTRY in $HOMEDIRS
do
ls -l /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable Directories that are not linked (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ WORLD WRITABLE DIRS / NOT LINKED ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr -depth -type d -type l -perm -2 -print >>wwnldirs
find /etc -depth -type d -type l -perm -2 -print >>wwnldirs
find /bin -depth -type d -type l -perm -2 -print >>wwnldirs
find /lib -depth -type d -type l -perm -2 -print >>wwnldirs
find /sbin -depth -type d -type l -perm -2 -print >>wwnldirs
echo >>$sys.rpt 2>>errors.txt
cat wwnldirs >>$sys.rpt 2>>errors.txt
rm wwnldirs
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ WORLD WRITABLE FILES +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr -depth -type f -perm -2 -print >>casefile.lst
find /etc -depth -type f -perm -2 -print >>casefile.lst
find /bin -depth -type f -perm -2 -print >>casefile.lst
find /lib -depth -type f -perm -2 -print >>casefile.lst
find /sbin -depth -type f -perm -2 -print >>casefile.lst
echo >>$sys.rpt 2>>errors.txt
cat casefile.lst >>$sys.rpt 2>>errors.txt
rm casefile.lst
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable .cshrc. .login, and .profiles (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ WORLD WRITABLE .CSHRCs, LOGINs, & .PROFILEs ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .cshrc -perm -2 -print >>wwstartup
find / ! -fstype nfs -depth -name .login -perm -2 -print >>wwstartup
find / ! -fstype nfs -depth -name .profile -perm -2 -print >>wwstartup
echo >>$sys.rpt 2>>errors.txt
cat wwstartup >>$sys.rpt 2>>errors.txt
rm wwstartup
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Core Dump Files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ CORE DUMP FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name core -print> core.case >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Markings - Warning Banner "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/motd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/MOTD File +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "should not be world-writable" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/motd ]
then
ls -lL /etc/motd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/motd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/motd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "motd statement: " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/motd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/motd file not found " >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#
echo "Checking for /etc/issue file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/ISSUE File +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "should not be world-writable" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/issue ]
then
ls -lL /etc/issue >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/issue >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/issue >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "issue statement: " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/issue >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/issue file not found " >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#echo " >>>> Least Privilege "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users that know the Root Password"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ USERs WHO KNOW THE ROOT PASSWORD +++++ " >>$sys.rpt 2>>errors.txt
echo " AND " >>$sys.rpt 2>>errors.txt
echo "+++++ USERs WHO KNOW OTHER USERs PASSWORDS +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/adm/sulog ]
then
tail -30 /usr/adm/sulog >>$sys.rpt 2>>errors.txt
else
echo "The file: /usr/adm/sulog file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/adm/sulog ]
then
tail -30 /var/adm/sulog >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/adm/sulog file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the default SU settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DEFAULT/SU File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/su ]
then
cat /etc/default/su >>$sys.rpt 2>>errors.txt
else
echo " /etc/default/su : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with a UID of 0 "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ USERs WITH A UID=0 'ROOT' +++++ " >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/passwd file" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
awk -F: '{if($3=="0") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/passwd file not found " >>$sys.rpt 2>>errors.txt
fi
echo "Checking the /.secure/etc/passwd file" >>$sys.rpt 2>>errors.txt
if [ -r /.secure/etc/passwd ]
then
echo "/.secure/etc/passwd:" >>$sys.rpt 2>>errors.txt
awk -F: '{if($3=="0") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /.secure/etc/passwd file not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/security/passwd.adjunct file" >>$sys.rpt 2>>errors.txt
if [ -r /etc/security/passwd.adjunct ]
then
awk -F: '{if($3=="0") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/security/passwd.adjunct file not found ">>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/master.passwd file" >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
awk -F: '{if($3=="0") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/master.passwd file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Root SUID Files (FIND)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SUID FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -user root -perm -4000 -print > rootsuid.case
cat rootsuid.case >>$sys.rpt 2>>errors.txt
rm rootsuid.case
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Root SGID Files (FIND)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SGID FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -user root -perm -2000 -print > rootsgid.case
cat rootsgid.case >>$sys.rpt 2>>errors.txt
rm rootsgid.case
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that should not be suid"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES THAT SHOULD NOT BE 'SUID' +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/restore >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/restore >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/restore >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lL /usr/etc/restore >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/etc/restore >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/etc/restore >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Directories that should be Owned by Root"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SHOULD OWN THESE DIRECTORIES +++++ " >>$sys.rpt 2>>errors.txt
echo " /etc, /bin, /dev, and /usr/etc owner root:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /etc >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /bin >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /dev >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/etc >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that should be Owned by Root"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SHOULD OWN THESE FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/acct, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/acct >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/adm/account >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/account >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/wtmp, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/messages, owner root, group system, mode 664" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/messages >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/messages >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/messages >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm shutdownlog, owner root, group system, mode 664" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/timed.log, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/gatelog, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/acucntrl, owner root, group daemon, ---s--x---" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/kmem, owner root, group kmem, mode 640 " >>$sys.rpt 2>>errors.txt
ls -lL /dev/kmem >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/kmem >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/kmem >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/mem, owner root, group mem, mode 640 " >>$sys.rpt 2>>errors.txt
ls -lL /dev/mem >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/mem >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/mem >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/hosts.equiv, owner root, mode 600 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/exports, owner root, mode 644 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/exports >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/exports >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/exports >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/hosts.lpd, owner root, mode 600 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/services, owner root, mode 644 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/services >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/services >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/services >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/passwd file, owner root, group daemon, mode 644:" >>$sys.rpt 2>>errors.txt
ls -lL /etc/passwd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/passwd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/passwd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#echo " The /etc/shadow file, owner root, group daemon, mode 600:" >>$sys.rpt 2>>errors.txt
#ls -lL /etc/shadow >>$sys.rpt 2>>errors.txt
#if [ $SCRIPT_OS = "IRIX" ]
#then
#eagls /etc/shadow >>$sys.rpt 2>>errors.txt
#fi
#if [ $SCRIPT_OS = "HP-UX" ]
#then
#lsacl /etc/shadow >>$sys.rpt 2>>errors.txt
#fi
#echo >>$sys.rpt 2>>errors.txt
echo " The /etc/group file, owner root, group daemon, mode 644:" >>$sys.rpt 2>>errors.txt
ls -lL /etc/group >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/group >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/group >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /bin/passwd file, owner root, mode -rwsr-xr-x:" >>$sys.rpt 2>>errors.txt
ls -lL /bin/passwd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /bin/passwd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /bin/passwd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/printer file, owner root:" >>$sys.rpt 2>>errors.txt
ls -lL /dev/printer >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/printer >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/printer >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking LIB File Permissions"
#
echo >>$sys.rpt 2>>errors.txt
echo "+ /USR/LIB File Permissions + " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
SCRIPT_LIB=`ls /usr/lib`
for LIB_ENTRY in $SCRIPT_LIB
do
ls -ld /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
fi
done
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking MAN File Permissions"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /USR/MAN Files with permissive modes + " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr/man \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
find /usr/share/man \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
find /usr/share/catman \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking CRON settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.DENY Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.deny ]
then
ls -lL /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/cron.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.DENY listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.deny ]
then
cat /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/cron.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.ALLOW Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.allow ]
then
ls -lL /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/cron.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.ALLOW listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.allow ]
then
cat /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/cron.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.DENY Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.deny ]
then
ls -lL /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/at.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.DENY listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.deny ]
then
cat /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/at.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.ALLOW Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.allow ]
then
ls -lL /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/at.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.ALLOW listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.allow ]
then
cat /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/at.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/LOGCHECKER Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/logchecker ]
then
ls -lL /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/ logchecker : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/LOGCHECKER Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/logchecker ]
then
cat /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/ logchecker : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking /etc/profile settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PROFILE listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/profile ]
then
cat /etc/profile >>$sys.rpt 2>>errors.txt
else
echo "/etc/profile: File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that are Writable by Root Only"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WRITABLE BY ROOT ONLY +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/profile file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/profile >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/profile >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/profile >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/environment file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/environment >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/environment >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/environmnent >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/csh.cshrc file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/csh.login file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/csh.login >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/csh.login >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/csh.login >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/group file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/group >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/group >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/group >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Data Continuity "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "O/S version and installed patches "
#
echo >>$sys.rpt 2>>errors.txt
echo "O/S version and installed patches " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
# SUN
showrev -p >>$sys.rpt 2>>errors.txt
# HP-UX
if [ $SCRIPT_OS = "HP-UX" ]
then
swlist -l fileset >>$sys.rpt 2>>errors.txt
fi
# Linux
rpm -qa >>$sys.rpt 2>>errors.txt
# Debian Linux (added June 14, 2007 by MK)
# if [ $SCRIPT_OS = "Linux" ] and [ $os_flavor = "debian" ]
# then
dpkg -l >>$sys.rpt 2>>errors.txt
# fi
# IRIX
versions >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Software versions" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/bin/pkginfo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> AUDIT Checking "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/syslog.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/SYSLOG.CONF File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/syslog.conf ]
then
cat /etc/syslog.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/syslog.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Audit log files "
#
# looking for lastlog, loginlog, utmp, wtmp
# aculog, sulog, xferlog
# messages
# acct, pacct
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Audit Log Listings +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /usr/adm " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /usr/adm`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /var/adm " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /var/adm`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /var/log " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /var/log`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Sample system logs"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ Sample system logs +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /var/log/syslog ]
then
tail -300 /var/log/syslog >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/syslog file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/log/messages ]
then
tail -300 /var/log/messages >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/messages file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/log/auth.log ]
then
tail -300 /var/log/auth.log >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/auth.log file not found " >>$sys.rpt 2>>errors.txt
fi
# need to verify auditing is occuring
#
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of messages log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/messages >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of SYSLOG log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/SYSLOG >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of syslog log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/syslog >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
# looking for access_log that records all http transactions
#
echo " Audit log file for HTTP " >>$sys.rpt 2>>errors.txt
ls -lL /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " Audit Events " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_event >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Class " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_class >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Control " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_control >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit User " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_user >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Warnings " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_warn >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " AuditConfig - getcond " >>$sys.rpt 2>>errors.txt
auditconfig -getcond >>$sys.rpt 2>>$sys.rpt
echo >>$sys.rpt 2>>errors.txt
echo " AuditConfig - chkconf " >>$sys.rpt 2>>errors.txt
auditconfig -chkconf >>$sys.rpt 2>>$sys.rpt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Data Integrity "
#-------------------------------------------------------------------
#
# put test for tripwire here
#
#-------------------------------------------------------------------
#echo " >>>> C2 Option "
#-------------------------------------------------------------------
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for C2 Files"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for C2 Files +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLa /etc/security >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/C2conv >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/C2unconv >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/lib/C2convert >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/audit >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/praudit >>$sys.rpt 2>>errors.txt
##ls -lLg /usr/etc/rpc.pedauthd >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/audit-warm >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/auditd >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/grpadj.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/pwdadj.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/auevents.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/sys/audit.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/sys/label.h >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Networking "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking Networking"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ Networking ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
arp `hostname` >>$sys.rpt 2>>errors.txt
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking for .exrc, & .netrc files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ EXRC & NETRC Files +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo ".netrc files found:" >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .netrc -print >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo ".exrc files found:" >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .exrc -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the network config"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Network Config +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/sbin/ifconfig -a >>$sys.rpt 2>>errors.txt
/bin/netstat -rn >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting iptables firewall configuration"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/sbin/iptables -n -L >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/protocols file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/PROTOCOLS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/protocols ]
then
cat /etc/protocols >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/protocols file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/services file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The Internet Services Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/services ]
then
echo "-- Running Services-- " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
# SUN
/bin/netstat -a >>$sys.rpt 2>>errors.txt
# IRIX
/usr/etc/netstat -a >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "-- Contents of /etc/services --" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/services >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/services file not found " >>$sys.rpt 2>>errors.txt
fi
echo " Performing lsof & other service checks"
echo " Performing lsof & other service checks" >>$sys.rpt 2>>errors.txt
if [ -x /usr/bin/lsof ]
then
lsof -i -P -n >>$sys.rpt 2>>errors.txt
netstat –tcp –udp –listening >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/inetd.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/INETD.CONF File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/inetd.conf ]
then
cat /etc/inetd.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/inetd.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/default/inetinit file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DEFAULT/INETINIT File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/inetinit ]
then
cat /etc/default/inetinit >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/inetinit : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/host.equiv file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/HOSTS.EQUIV File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/hosts.equiv ]
then
cat /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/hosts.equiv file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /.rhosts file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /.RHOSTS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo " should not contain: " >>$sys.rpt 2>>errors.txt
echo " a lone + or ++ " >>$sys.rpt 2>>errors.txt
echo " first char is not a minus sign (-) " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /.rhosts ]
then
cat /.rhosts >>$sys.rpt 2>>errors.txt
else
echo "The file: /.rhosts file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ftpusers file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/FTPUSERS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ftpusers file, entries are denied ftp " >>$sys.rpt 2>>errors.txt
echo "root, nobody, bin, daemon, news, sync, sys, uucp" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ftpusers ]
then
cat /etc/ftpusers >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ftpusers file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ssh/sshd_config file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/ssh/sshd_config File Listing +++++ ">>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ssh/sshd_config file detail the config " >>$sys.rpt 2>>errors.txt
echo "of the ssh server - Look for only protocol 2 " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ssh/sshd_config ]
then
cat /etc/ssh/sshd_config >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ssh/sshd_config file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ntp.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/ntp.conf File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ntp.conf file configures NTPD" >>$sys.rpt 2>>errors.txt
echo "Look for restrictions" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ntp.conf ]
then
cat /etc/ntp.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ntp.conf file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/inet/ntp.conf ]
then
cat /etc/inet/ntp.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/inet/ntp.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking TCP_WRAPPERS configuration"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ TCP Wrappers +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/sbin/tcpd ]
then
ls -lL /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
fi
else
echo "The file: /usr/sbin/tcpd not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts.allow ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.allow >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts.allow >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts.allow not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts.deny ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.deny >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts.deny >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts.deny not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking hosts.lpd "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/hosts.lpd file listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/hosts.lpd ]
then
cat /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
else
echo "/etc/hosts.lpd : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " X-Windows & Getting the /etc/X*.hosts file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ X - Windows +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -x /usr/openwin/bin/xhost ]
then
/usr/openwin/bin/xhost >>$sys.rpt 2>>errors.txt
fi
if [ -x /usr/bin/X11/xhost ]
then
/usr/bin/X11/xhost >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/X*.hosts Files +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/X*.hosts >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " RPC & Getting the rpcinfo results "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Remote Procedure Calls (RPC) +++++ " >>$sys.rpt 2>>errors.txt
echo " Look for rexd & ypupdated These allow remote users to" >>$sys.rpt 2>>errors.txt
echo " execute commands" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
rpcinfo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " NFS & Getting the /etc/exports file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ List of all File systems that are exported" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
showmount -e >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/EXPORTS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/exports ]
then
cat /etc/exports >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/exports file not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DFS/DFSTAB File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/dfs/dfstab ]
then
cat /etc/dfs/dfstab >>$sys.rpt 2>>errors.txt
else
echo "/etc/dfs/dfstab : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking Sendmail "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking Send mail for unwanted commands +++++" >>$sys.rpt 2>>errors.txt
echo " cmds : wiz, debug, kill " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
telnet localhost 25 >>tempfile 2>>temp2file <<-EOF
wiz
debug
kill
quit
EOF
cat tempfile >>$sys.rpt 2>>errors.txt
cat temp2file >>$sys.rpt 2>>errors.txt
rm tempfile
rm temp2file
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/MAIL/SENDMAIL.CF File Listing +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/mail/sendmail.cf ]
then
cat /etc/mail/sendmail.cf >>$sys.rpt 2>>errors.txt
else
echo "/etc/mail/sendmail: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Last few logged on"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ Last to logon +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
last >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> ASET "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking ASET settings"
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking asetenv"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/ASETENV PERMISSIONS +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/asetenv ]
then
ls -lL /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
fi
else
echo "/usr/aset/asetenv : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/ASETENV FILE LISTING +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/asetenv ]
then
cat /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
else
echo "/usr/aset/asetenv : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking userlist"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/USERLIST FILE LISTING +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/userlist ]
then
ls -lL /usr/aset/userlist >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/aset/userlist >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/aset/userlist >>$sys.rpt 2>>errors.txt
fi
else
echo "/usr/aset/userlist : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "NORMAL END OF JOB "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ NORMAL END OF JOB +++++ " >>$sys.rpt 2>>errors.txt
SCRIPT_END_TIME=`date`
echo $SCRIPT_END_TIME >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " C U S T O M E R S E N S I T I V E " >>$sys.rpt 2>>errors.txt
rm errors.txt
rm core.case
# Remove SCRIPT from the system
if [ -r unix-script ]
then
rm unix-script
fi
if [ -r UNIX-SCRIPT ]
then
rm UNIX-SCRIPT
fi
exit 0
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# 03/22/05 mk - Added /etc/ssh/sshd_config and /etc/ntp.conf
# 10/17/05 mk - Added /etc/inet/ntp.conf for Solaris systems
# 05/14/08 mk - Added /etc/login.defs
# 10/31/08 dmz - changed from /bin/bash to /bin/sh
# 10/31/08 dmz - changed an awk parameter from ] to }
# 10/31/08 dmz - removed shadow & password contents from report for security
# 01/27/09 dmz - changed find parameter -depth position so it would not give errors
# 01/27/09 dmz - added chkconfig to show default startup services
# 01/27/09 dmz - added checking of /etc/shadow for password / account settings
# 01/27/09 dmz - added lsof -i -P -n and netstat -tcp -udp -listening
# 01/27/09 dmz - added chage check for account
# 07/14/09 dmz - added pam.d files and remove pw has from cat master.passwd
# - get sudoers, a few syslogs (300lines), last few to logon
# - ifconfig
# 04/07/11 mk - added output of iptables
sys=`hostname`_`date|/usr/bin/awk '{print $2}'`-`date|/usr/bin/awk '{print $3}'`
SCRIPT_START_TIME=`date`
SCRIPT_OS=`uname -s`
os_flavor=`uname -a|awk '{print $2}'`
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#Start the "INTRODUCTION" routine
#
echo
echo
echo " DOES NOT need to be compiled, this is a shell script."
echo " should run on ALL Unix and Linux systems."
echo " This script makes no changes to the system."
echo " WILL provide a clean view of the system's SECURITY POSTURE."
echo
echo
echo
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " C U S T O M E R S E N S I T I V E " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Security Posture Report" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo $SCRIPT_START_TIME >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#
echo "Searching for System Identification"
#
echo "+++++ SYSTEM Identification +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Uname: `uname -a` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Hostname: `hostname` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Domainname: `domainname` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ Hostid: `hostid` " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Accountability "
#-------------------------------------------------------------------
#
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Account and Log file Attributes"
#
echo >>$sys.rpt 2>>errors.txt
echo "++++++ ACCOUNTING & LOG FILES ATTRIBUTES +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /usr/adm/lpacct,owner daemon,group daemon, 644" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/lpacct >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "+ /usr/adm/aculog,owner uucp,group daemon, 664" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/aculog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/aculog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/aculog >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#echo " >>>> Access: Identification and Authentication "
#-------------------------------------------------------------------
#
echo "+++++ IDENTIFICATION & AUTHENTICATION +++++ " >>$sys.rpt 2>>errors.txt
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD FILE LISTING:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
cat /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
# echo "Checking for /etc/shadow file"
#
#echo " " >>$sys.rpt 2>>errors.txt
#echo " " >>$sys.rpt 2>>errors.txt
#echo "+ /ETC/SHADOW FILE LISTING" >>$sys.rpt 2>>errors.txt
#echo " " >>$sys.rpt 2>>errors.txt
# if [ -r /etc/shadow ]
# then
# cat /etc/shadow >>$sys.rpt 2>>errors.txt
# else
# echo "File not found" >>$sys.rpt 2>>errors.txt
# fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /.secure/etc/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD FILE LISTING" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /.secure/etc/passwd ]
then
cat /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/passwd.adjunct file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD.ADJUNCT FILE LISTING" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd.adjunct ]
then
cat /etc/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/master.passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD FILE LISTING:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
#cat /etc/master.passwd >>$sys.rpt 2>>errors.txt
awk < /etc/master.passwd -F: '{print $1,$3,$4,$5,$6,$7,$8,$9,$10}'
else
echo "File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with no Passwords"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ Users with no passwords: +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for empty shadow password parameters (note: no password hashes gathered)"
echo >>$sys.rpt 2>>errors.txt
echo "+++ Empty Shadow Password parameters: +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/shadow ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SHADOW" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/shadow >>$sys.rpt 2>>errors.txt
else
echo "/etc/shadow : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking account chage"
cat /etc/passwd|grep home|grep -v false|cut -d":" -f 1|xargs -n 1 chage -l >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
if [ -r /.secure/etc/passwd ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
if [ -r /etc/security/passwd.adjunct ]
then
echo " " >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if($2=="") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/master.passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for I&A HP-UX style"
echo >>$sys.rpt 2>>errors.txt
echo "+++ HP-UX Style User Files +++ " >>$sys.rpt 2>>errors.txt
if [ -d /tcb/files/auth ]
then
SCRIPT_USERFILES=`find /tcb/files/auth -type f -print`
for USERFILE in $SCRIPT_USERFILES
do
ls -lL $USERFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls $USERFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl $USERFILE >>$sys.rpt 2>>errors.txt
fi
done
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Duplicate UIDS"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ DUPLICATE UIDS +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /.secure/etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /.secure/etc/passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/security/passwd.adjunct ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/security/passwd.adjunct|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/master.passwd|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "/etc/master.passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with no Shells"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++ USERS WITH NO SHELLS +++ " >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /.secure/etc/passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /.SECURE/ETC/PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "/.secure/etc/passwd : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/security/passwd.adjunct ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/SECURITY/PASSWD.ADJUNCT" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "/etc/security/passwd.adjunct : File not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/master.passwd ]
then
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/MASTER.PASSWD" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
awk -F: '{if ($7=="") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/master.passwd file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/default/login file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/DEFAULT/LOGIN File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/login ] >>$sys.rpt 2>>errors.txt
then
cat /etc/default/login >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/login : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/default/passwd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/DEFAULT/PASSWD File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/passwd ]
then
cat /etc/default/passwd >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/passwd: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/login.defs file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/login.defs File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/login.defs ]
then
cat /etc/login.defs >>$sys.rpt 2>>errors.txt
else
echo "/etc/login.defs: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/pam.d files"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/pam.d File Listings +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/pam.d ]
then
find /etc/pam.d/ -type f -print -exec cat {} \; >>$sys.rpt 2>>errors.txt
else
echo "/etc/pam.d: Directory not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/sudoers file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /etc/sudoers File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/sudoers ]
then
cat /etc/sudoers >>$sys.rpt 2>>errors.txt
else
echo "/etc/sudoers: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Login and password settings from /etc/shadow"
echo "Login and password settings from /etc/shadow" >>$sys.rpt 2>>errors.txt
#
if [ -r /etc/shadow ]
then
awk < /etc/shadow -F: '{print "user: ",$1,"\n sp_lstchg: ",$3,"\n sp_min: ",$4,"\n sp_max: ",$5,"\n sp_warn: ",$6,"\n sp_inact: ",$7," \n sp_expire: ",$8,"\n--------------------\n" }' >>$sys.rpt 2>>errors.txt
else
echo "/etc/shadow: File not found"
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/group file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/GROUP File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
cat /etc/group >>$sys.rpt 2>>errors.txt
else
echo "/etc/group : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Duplicate Group IDs"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++ DUPLICATE GROUP IDs +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
cat /etc/group|/usr/bin/awk -F: '{print $1, " ", $3}' \
|sort +1|uniq -d -f 1 >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/group file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Groups with no Members "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ GROUPS WITH NO MEMBERS +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/group ]
then
/usr/bin/awk -F: '{if ($4=="") print $1}' /etc/group >>$sys.rpt 2>>errors.txt
else
echo "/etc/group : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/shell file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/SHELLS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Standard shells:sh,csh,ksh,rcsh,rsh " >>$sys.rpt 2>>errors.txt
echo "& /bin/tcsh. Check all other shells " >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/shells file" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/shells ]
then
cat /etc/shells >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/shells file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for SUN EEPROM Settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for SUN EEPROM Security +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
eeprom | grep security >>$sys.rpt 2>>errors.txt
echo "Checking for IRIX NVRAM Settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for IRIX NVRAM Security +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
nvram -v >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Running Process Information"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ RUNNING PROCESSES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ps -ef >>$sys.rpt 2>>errors.txt
ps -xafw >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Configured Services"
#
echo >>$sys.rpt 2>>errors.txt
chkconfig –list | grep on >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting Root Environment"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT ENVIRONMENT +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
set >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
#echo " Getting Files In Root Path"
#
#echo >>$sys.rpt 2>>errors.txt
#echo "+++++ FILES IN ROOT PATH +++++ " >>$sys.rpt 2>>errors.txt
#echo >>$sys.rpt 2>>errors.txt
#-------------------------------------------------------------------
#echo " >>>> Access: Discressionary Access Controls "
#-------------------------------------------------------------------
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking the Umask "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The UMASK should be 022, 027, or 077 +++++" >>$sys.rpt 2>>errors.txt
echo "This is the UMASK: `umask`" >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files without user ownership (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WITHOUT USER OWNERSHIP +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Files with no associated uid in /etc/passwd:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -nouser -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files without group ownership (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WITHOUT GROUP OWNERSHIP +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Files with no associated uid in /etc/passwd:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -nogroup -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking File Systems and their Capabilities"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILE SYSTEMS & THEIR CAPABILITIES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
df -k >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/MNTTAB File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/mnttab ]
then
cat /etc/mnttab >>$sys.rpt 2>>errors.txt
else
echo "/etc/mnttab : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo >>$sys.rpt 2>>errors.txt
echo "+++ /ETC/DEFAULT/FS File Listing +++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/fs ]
then
cat /etc/default/fs >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/fs : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Directories that should be Mode 511 or 711"
#
echo >>$sys.rpt 2>>errors.txt
echo "++ DIRECTORIES THAT SHOULD BE MODE 511 or 711 ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /bin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /bin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /bin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/bin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/bin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/ucb >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/ucb >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/ucb >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /lib >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /lib >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /lib >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Files that should have the Sticky bit set "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES SHOULD HAVE THE STICKY BIT SET +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /tmp, owner root, check for the sticky bit " >>$sys.rpt 2>>errors.txt
ls -lLd /tmp >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/tmp, owner root, check for the sticky bit " >>$sys.rpt 2>>errors.txt
ls -lLd /usr/tmp >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Owner Group & Mode Attributes"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ OWNER GROUP & MODE ATTRIBUTES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/spool/mail file 'BSD', mode 777:" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/mail >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/mail >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/mail >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/mail file 'ATT', mode 775:" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/mail >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/mail >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/mail >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /usr/etc/yp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/etc/yp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/etc/yp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/etc/yp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /var/spool/yp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /var/spool/yp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/spool/yp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/spool/yp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /export/root, mode 700" >>$sys.rpt 2>>errors.txt
ls -lLd /export/root >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /export/root >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /export/root >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/utmp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /etc/utmp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/utmp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/utmp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/sm, mode 2755" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/sm >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/sm.bak, mode 2755" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/sm.bak >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm.bak >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm.bak >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/state, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/state >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/state >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/state >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/motd, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/motd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/motd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/motd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/mtab, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/mtab >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/mtab >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/mtab >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/syslog.pid, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /etc/syslog.pid >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /etc/sm >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/sm >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking Ownerships and Permissions on UUCP Files "
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Ownership and Permissions of UUCP Files +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uucp, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/cu, owner bin, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/cu >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/cu >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/cu >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uudecode, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uudecode >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuencode, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuencode >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuname, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuname >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuname >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuname >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uusend, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uusend >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uusend >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uusend >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uustat, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uustat >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uustat >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uustat >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uuto, owner bin, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uuto >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uuto >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uuto >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/bin/uux, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/bin/uux >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/bin/uux >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/bin/uux >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucppublic, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucppublic >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L-devices, owner uucp, group daemon, mode 444" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L-devices >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.sys, owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.sys >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.aliases, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.aliases >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L.cmds, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L.cmds >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/SEQF, owner uucp, group daemon, mode 640" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/SEQF >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/SQFILE owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/SQFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/USERFILE owner uucp, group daemon, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/USERFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Systems owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Systems >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucico, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucico >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuclean, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuclean >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuxqt, owner uucp, group daemon, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuxqt >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Devices, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Devices >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Dialcodes, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Dialcodes >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Dialers, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Dialers >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L-dialcodes, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L-dialcodes >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L_stat, owner uucp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L_stat >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/L_sub, owner uucp, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/L_sub >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Maxuuscheds, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Maxuuscheds >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Maxuuxqts, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Maxuuxqts >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Permissions, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Permissions >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Poll, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Poll >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/remote.unknown, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/remote.unknown >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucheck, owner uucp, mode 110" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucheck >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uucleanup, owner uucp, mode 110" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uucleanup >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.admin, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.admin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.clean, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.clean >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.day, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.day >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.hour, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.hour >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.hr, owner uucp, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.hr >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.poll, owner uucp, mode 444" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.poll >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uudemon.wk, owner uucp, mode 400" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uudemon.wk >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uulog, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uulog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uupick, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uupick >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uusched, owner uucp, mode 4111" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uusched >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uusub, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uusub >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/uuto, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/uuto >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/Uutry, owner uucp, mode 555" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/Uutry >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/.XQTDIR, owner uucp, mode 755" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/.XQTDIR >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/ERRLOG, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/ERRLOG >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/LOGFILE, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/LOGFILE >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/SYSLOG, owner uucp, group daemon, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/SYSLOG >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Admin, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Admin >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Corrupt, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Corrupt >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Log, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Old, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Old >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Sequence, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Sequence >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Status, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Status >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/spool/uucp/.Workspace, owner uucp, mode 777" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/spool/uucp/.Workspace >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking user home directories"
#
echo >>$sys.rpt 2>>errors.txt
echo " ++ HOME DIRECTORY LISTING ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
HOMEDIRS=`ls /home`
for HOME_ENTRY in $HOMEDIRS
do
ls -l /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /home/$HOME_ENTRY >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable Directories that are not linked (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ WORLD WRITABLE DIRS / NOT LINKED ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr -depth -type d -type l -perm -2 -print >>wwnldirs
find /etc -depth -type d -type l -perm -2 -print >>wwnldirs
find /bin -depth -type d -type l -perm -2 -print >>wwnldirs
find /lib -depth -type d -type l -perm -2 -print >>wwnldirs
find /sbin -depth -type d -type l -perm -2 -print >>wwnldirs
echo >>$sys.rpt 2>>errors.txt
cat wwnldirs >>$sys.rpt 2>>errors.txt
rm wwnldirs
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ WORLD WRITABLE FILES +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr -depth -type f -perm -2 -print >>casefile.lst
find /etc -depth -type f -perm -2 -print >>casefile.lst
find /bin -depth -type f -perm -2 -print >>casefile.lst
find /lib -depth -type f -perm -2 -print >>casefile.lst
find /sbin -depth -type f -perm -2 -print >>casefile.lst
echo >>$sys.rpt 2>>errors.txt
cat casefile.lst >>$sys.rpt 2>>errors.txt
rm casefile.lst
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for World Writable .cshrc. .login, and .profiles (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ WORLD WRITABLE .CSHRCs, LOGINs, & .PROFILEs ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .cshrc -perm -2 -print >>wwstartup
find / ! -fstype nfs -depth -name .login -perm -2 -print >>wwstartup
find / ! -fstype nfs -depth -name .profile -perm -2 -print >>wwstartup
echo >>$sys.rpt 2>>errors.txt
cat wwstartup >>$sys.rpt 2>>errors.txt
rm wwstartup
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Core Dump Files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ CORE DUMP FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name core -print> core.case >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Markings - Warning Banner "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for /etc/motd file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/MOTD File +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "should not be world-writable" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/motd ]
then
ls -lL /etc/motd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/motd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/motd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "motd statement: " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/motd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/motd file not found " >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#
echo "Checking for /etc/issue file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/ISSUE File +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "should not be world-writable" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/issue ]
then
ls -lL /etc/issue >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/issue >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/issue >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "issue statement: " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/issue >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/issue file not found " >>$sys.rpt 2>>errors.txt
fi
#
#-------------------------------------------------------------------
#echo " >>>> Least Privilege "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users that know the Root Password"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ USERs WHO KNOW THE ROOT PASSWORD +++++ " >>$sys.rpt 2>>errors.txt
echo " AND " >>$sys.rpt 2>>errors.txt
echo "+++++ USERs WHO KNOW OTHER USERs PASSWORDS +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/adm/sulog ]
then
tail -30 /usr/adm/sulog >>$sys.rpt 2>>errors.txt
else
echo "The file: /usr/adm/sulog file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/adm/sulog ]
then
tail -30 /var/adm/sulog >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/adm/sulog file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the default SU settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DEFAULT/SU File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/su ]
then
cat /etc/default/su >>$sys.rpt 2>>errors.txt
else
echo " /etc/default/su : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Users with a UID of 0 "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ USERs WITH A UID=0 'ROOT' +++++ " >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/passwd file" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/passwd ]
then
awk -F: '{if($3=="0") print $1}' /etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/passwd file not found " >>$sys.rpt 2>>errors.txt
fi
echo "Checking the /.secure/etc/passwd file" >>$sys.rpt 2>>errors.txt
if [ -r /.secure/etc/passwd ]
then
echo "/.secure/etc/passwd:" >>$sys.rpt 2>>errors.txt
awk -F: '{if($3=="0") print $1}' /.secure/etc/passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /.secure/etc/passwd file not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/security/passwd.adjunct file" >>$sys.rpt 2>>errors.txt
if [ -r /etc/security/passwd.adjunct ]
then
awk -F: '{if($3=="0") print $1}' /etc/security/passwd.adjunct >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/security/passwd.adjunct file not found ">>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "Checking the /etc/master.passwd file" >>$sys.rpt 2>>errors.txt
if [ -r /etc/master.passwd ]
then
awk -F: '{if($3=="0") print $1}' /etc/master.passwd >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/master.passwd file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Root SUID Files (FIND)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SUID FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -user root -perm -4000 -print > rootsuid.case
cat rootsuid.case >>$sys.rpt 2>>errors.txt
rm rootsuid.case
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Root SGID Files (FIND)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SGID FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -user root -perm -2000 -print > rootsgid.case
cat rootsgid.case >>$sys.rpt 2>>errors.txt
rm rootsgid.case
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that should not be suid"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES THAT SHOULD NOT BE 'SUID' +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/restore >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/restore >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/restore >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
ls -lL /usr/etc/restore >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/etc/restore >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/etc/restore >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Directories that should be Owned by Root"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SHOULD OWN THESE DIRECTORIES +++++ " >>$sys.rpt 2>>errors.txt
echo " /etc, /bin, /dev, and /usr/etc owner root:" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /etc >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /bin >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /dev >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLd /usr/etc >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that should be Owned by Root"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ ROOT SHOULD OWN THESE FILES +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/acct, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lLd /usr/adm/acct >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/adm/account >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/account >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/wtmp, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/wtmp >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/messages, owner root, group system, mode 664" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/messages >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/messages >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/messages >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm shutdownlog, owner root, group system, mode 664" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/shutdownlog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/timed.log, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/timed.log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/adm/gatelog, owner root, group system, mode 644" >>$sys.rpt 2>>errors.txt
ls -lL /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/gatelog >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /usr/lib/uucp/acucntrl, owner root, group daemon, ---s--x---" >>$sys.rpt 2>>errors.txt
ls -lL /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/uucp/acucntrl >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/kmem, owner root, group kmem, mode 640 " >>$sys.rpt 2>>errors.txt
ls -lL /dev/kmem >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/kmem >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/kmem >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/mem, owner root, group mem, mode 640 " >>$sys.rpt 2>>errors.txt
ls -lL /dev/mem >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/mem >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/mem >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/hosts.equiv, owner root, mode 600 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/exports, owner root, mode 644 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/exports >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/exports >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/exports >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/hosts.lpd, owner root, mode 600 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /etc/services, owner root, mode 644 " >>$sys.rpt 2>>errors.txt
ls -lL /etc/services >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/services >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/services >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/passwd file, owner root, group daemon, mode 644:" >>$sys.rpt 2>>errors.txt
ls -lL /etc/passwd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/passwd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/passwd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#echo " The /etc/shadow file, owner root, group daemon, mode 600:" >>$sys.rpt 2>>errors.txt
#ls -lL /etc/shadow >>$sys.rpt 2>>errors.txt
#if [ $SCRIPT_OS = "IRIX" ]
#then
#eagls /etc/shadow >>$sys.rpt 2>>errors.txt
#fi
#if [ $SCRIPT_OS = "HP-UX" ]
#then
#lsacl /etc/shadow >>$sys.rpt 2>>errors.txt
#fi
#echo >>$sys.rpt 2>>errors.txt
echo " The /etc/group file, owner root, group daemon, mode 644:" >>$sys.rpt 2>>errors.txt
ls -lL /etc/group >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/group >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/group >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /bin/passwd file, owner root, mode -rwsr-xr-x:" >>$sys.rpt 2>>errors.txt
ls -lL /bin/passwd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /bin/passwd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /bin/passwd >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " /dev/printer file, owner root:" >>$sys.rpt 2>>errors.txt
ls -lL /dev/printer >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /dev/printer >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /dev/printer >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking LIB File Permissions"
#
echo >>$sys.rpt 2>>errors.txt
echo "+ /USR/LIB File Permissions + " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
SCRIPT_LIB=`ls /usr/lib`
for LIB_ENTRY in $SCRIPT_LIB
do
ls -ld /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls -d /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/lib/$LIB_ENTRY >>$sys.rpt 2>>errors.txt
fi
done
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking MAN File Permissions"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /USR/MAN Files with permissive modes + " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
find /usr/man \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
find /usr/share/man \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
find /usr/share/catman \( -depth -perm -2 -o -perm -20 -o -perm -200 -o -perm -1 -o -perm -10 -o -perm -100 -o -perm -4000 -o -perm -2000 -o -perm -1000 \) -type f -print -exec ls -lL {} \; >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking CRON settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.DENY Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.deny ]
then
ls -lL /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/cron.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.DENY listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.deny ]
then
cat /etc/cron.d/cron.deny >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/cron.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.ALLOW Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.allow ]
then
ls -lL /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/cron.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/CRON.ALLOW listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/cron.allow ]
then
cat /etc/cron.d/cron.allow >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/cron.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.DENY Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.deny ]
then
ls -lL /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/at.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.DENY listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.deny ]
then
cat /etc/cron.d/at.deny >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/at.deny : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.ALLOW Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.allow ]
then
ls -lL /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/at.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/AT.ALLOW listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/at.allow ]
then
cat /etc/cron.d/at.allow >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/at.allow : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/LOGCHECKER Permissions +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/logchecker ]
then
ls -lL /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
fi
else
echo "/etc/cron.d/ logchecker : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/CRON.D/LOGCHECKER Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/cron.d/logchecker ]
then
cat /etc/cron.d/logchecker >>$sys.rpt 2>>errors.txt
else
echo "/etc/cron.d/ logchecker : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking /etc/profile settings"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+ /ETC/PROFILE listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/profile ]
then
cat /etc/profile >>$sys.rpt 2>>errors.txt
else
echo "/etc/profile: File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for files that are Writable by Root Only"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ FILES WRITABLE BY ROOT ONLY +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/profile file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/profile >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/profile >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/profile >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/environment file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/environment >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/environment >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/environmnent >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/csh.cshrc file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/csh.cshrc >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/csh.login file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/csh.login >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/csh.login >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/csh.login >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " The /etc/group file, writable by root only" >>$sys.rpt 2>>errors.txt
ls -lL /etc/group >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/group >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/group >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Data Continuity "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "O/S version and installed patches "
#
echo >>$sys.rpt 2>>errors.txt
echo "O/S version and installed patches " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
# SUN
showrev -p >>$sys.rpt 2>>errors.txt
# HP-UX
if [ $SCRIPT_OS = "HP-UX" ]
then
swlist -l fileset >>$sys.rpt 2>>errors.txt
fi
# Linux
rpm -qa >>$sys.rpt 2>>errors.txt
# Debian Linux (added June 14, 2007 by MK)
# if [ $SCRIPT_OS = "Linux" ] and [ $os_flavor = "debian" ]
# then
dpkg -l >>$sys.rpt 2>>errors.txt
# fi
# IRIX
versions >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "Software versions" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/bin/pkginfo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> AUDIT Checking "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Getting the /etc/syslog.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/SYSLOG.CONF File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/syslog.conf ]
then
cat /etc/syslog.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/syslog.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for Audit log files "
#
# looking for lastlog, loginlog, utmp, wtmp
# aculog, sulog, xferlog
# messages
# acct, pacct
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Audit Log Listings +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /usr/adm " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /usr/adm`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /var/adm " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /var/adm`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/adm/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
echo " Audit log files located in /var/log " >>$sys.rpt 2>>errors.txt
SCRIPT_LOGS=`ls /var/log`
for LOG_FILE in $SCRIPT_LOGS
do
ls -lL /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /var/log/$LOG_FILE >>$sys.rpt 2>>errors.txt
fi
done
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Sample system logs"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ Sample system logs +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /var/log/syslog ]
then
tail -300 /var/log/syslog >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/syslog file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/log/messages ]
then
tail -300 /var/log/messages >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/messages file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /var/log/auth.log ]
then
tail -300 /var/log/auth.log >>$sys.rpt 2>>errors.txt
else
echo "The file: /var/log/auth.log file not found " >>$sys.rpt 2>>errors.txt
fi
# need to verify auditing is occuring
#
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of messages log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/messages >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of SYSLOG log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/SYSLOG >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Tail - 100 of syslog log file " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
tail -100 /var/adm/syslog >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#
# looking for access_log that records all http transactions
#
echo " Audit log file for HTTP " >>$sys.rpt 2>>errors.txt
ls -lL /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/local/etc/http/log >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo " Audit Events " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_event >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Class " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_class >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Control " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_control >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit User " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_user >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " Audit Warnings " >>$sys.rpt 2>>errors.txt
cat /etc/security/audit_warn >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " AuditConfig - getcond " >>$sys.rpt 2>>errors.txt
auditconfig -getcond >>$sys.rpt 2>>$sys.rpt
echo >>$sys.rpt 2>>errors.txt
echo " AuditConfig - chkconf " >>$sys.rpt 2>>errors.txt
auditconfig -chkconf >>$sys.rpt 2>>$sys.rpt
echo >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Data Integrity "
#-------------------------------------------------------------------
#
# put test for tripwire here
#
#-------------------------------------------------------------------
#echo " >>>> C2 Option "
#-------------------------------------------------------------------
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking for C2 Files"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking for C2 Files +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lLa /etc/security >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/C2conv >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/C2unconv >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/lib/C2convert >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/audit >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/praudit >>$sys.rpt 2>>errors.txt
##ls -lLg /usr/etc/rpc.pedauthd >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/audit-warm >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/etc/auditd >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/grpadj.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/pwdadj.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/auevents.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/sys/audit.h >>$sys.rpt 2>>errors.txt
#ls -lLg /usr/include/sys/label.h >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> Networking "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking Networking"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " ++ Networking ++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
arp `hostname` >>$sys.rpt 2>>errors.txt
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking for .exrc, & .netrc files (Find)"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ EXRC & NETRC Files +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo ".netrc files found:" >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .netrc -print >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo ".exrc files found:" >>$sys.rpt 2>>errors.txt
find / ! -fstype nfs -depth -name .exrc -print >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the network config"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Network Config +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/sbin/ifconfig -a >>$sys.rpt 2>>errors.txt
/bin/netstat -rn >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting iptables firewall configuration"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
/sbin/iptables -n -L >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/protocols file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/PROTOCOLS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/protocols ]
then
cat /etc/protocols >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/protocols file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/services file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The Internet Services Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/services ]
then
echo "-- Running Services-- " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
# SUN
/bin/netstat -a >>$sys.rpt 2>>errors.txt
# IRIX
/usr/etc/netstat -a >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "-- Contents of /etc/services --" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/services >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/services file not found " >>$sys.rpt 2>>errors.txt
fi
echo " Performing lsof & other service checks"
echo " Performing lsof & other service checks" >>$sys.rpt 2>>errors.txt
if [ -x /usr/bin/lsof ]
then
lsof -i -P -n >>$sys.rpt 2>>errors.txt
netstat –tcp –udp –listening >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/inetd.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/INETD.CONF File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/inetd.conf ]
then
cat /etc/inetd.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/inetd.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/default/inetinit file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DEFAULT/INETINIT File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/default/inetinit ]
then
cat /etc/default/inetinit >>$sys.rpt 2>>errors.txt
else
echo "/etc/default/inetinit : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/host.equiv file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/HOSTS.EQUIV File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/hosts.equiv ]
then
cat /etc/hosts.equiv >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/hosts.equiv file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /.rhosts file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /.RHOSTS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo " should not contain: " >>$sys.rpt 2>>errors.txt
echo " a lone + or ++ " >>$sys.rpt 2>>errors.txt
echo " first char is not a minus sign (-) " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /.rhosts ]
then
cat /.rhosts >>$sys.rpt 2>>errors.txt
else
echo "The file: /.rhosts file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ftpusers file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/FTPUSERS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ftpusers file, entries are denied ftp " >>$sys.rpt 2>>errors.txt
echo "root, nobody, bin, daemon, news, sync, sys, uucp" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ftpusers ]
then
cat /etc/ftpusers >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ftpusers file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ssh/sshd_config file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/ssh/sshd_config File Listing +++++ ">>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ssh/sshd_config file detail the config " >>$sys.rpt 2>>errors.txt
echo "of the ssh server - Look for only protocol 2 " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ssh/sshd_config ]
then
cat /etc/ssh/sshd_config >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ssh/sshd_config file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Getting the /etc/ntp.conf file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/ntp.conf File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "The /etc/ntp.conf file configures NTPD" >>$sys.rpt 2>>errors.txt
echo "Look for restrictions" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/ntp.conf ]
then
cat /etc/ntp.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/ntp.conf file not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/inet/ntp.conf ]
then
cat /etc/inet/ntp.conf >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/inet/ntp.conf file not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking TCP_WRAPPERS configuration"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ TCP Wrappers +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/sbin/tcpd ]
then
ls -lL /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/sbin/tcpd >>$sys.rpt 2>>errors.txt
fi
else
echo "The file: /usr/sbin/tcpd not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts.allow ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.allow >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.allow >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.allow >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts.allow >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts.allow not found " >>$sys.rpt 2>>errors.txt
fi
if [ -r /etc/hosts.deny ]
then
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/hosts.deny >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /etc/hosts.deny >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /etc/hosts.deny >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
cat /etc/hosts.deny >>$sys.rpt 2>>errors.txt
else
echo >>$sys.rpt 2>>errors.txt
echo "The file: /etc/hosts.deny not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking hosts.lpd "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /etc/hosts.lpd file listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/hosts.lpd ]
then
cat /etc/hosts.lpd >>$sys.rpt 2>>errors.txt
else
echo "/etc/hosts.lpd : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " X-Windows & Getting the /etc/X*.hosts file"
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ X - Windows +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -x /usr/openwin/bin/xhost ]
then
/usr/openwin/bin/xhost >>$sys.rpt 2>>errors.txt
fi
if [ -x /usr/bin/X11/xhost ]
then
/usr/bin/X11/xhost >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/X*.hosts Files +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
ls -lL /etc/X*.hosts >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " RPC & Getting the rpcinfo results "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Remote Procedure Calls (RPC) +++++ " >>$sys.rpt 2>>errors.txt
echo " Look for rexd & ypupdated These allow remote users to" >>$sys.rpt 2>>errors.txt
echo " execute commands" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
rpcinfo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " NFS & Getting the /etc/exports file"
#
echo >>$sys.rpt 2>>errors.txt
echo "+++++ List of all File systems that are exported" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
showmount -e >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/EXPORTS File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/exports ]
then
cat /etc/exports >>$sys.rpt 2>>errors.txt
else
echo "The file: /etc/exports file not found " >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo "+++++ The /ETC/DFS/DFSTAB File Listing +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/dfs/dfstab ]
then
cat /etc/dfs/dfstab >>$sys.rpt 2>>errors.txt
else
echo "/etc/dfs/dfstab : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking Sendmail "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ Checking Send mail for unwanted commands +++++" >>$sys.rpt 2>>errors.txt
echo " cmds : wiz, debug, kill " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
telnet localhost 25 >>tempfile 2>>temp2file <<-EOF
wiz
debug
kill
quit
EOF
cat tempfile >>$sys.rpt 2>>errors.txt
cat temp2file >>$sys.rpt 2>>errors.txt
rm tempfile
rm temp2file
echo >>$sys.rpt 2>>errors.txt
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo "+++++ /ETC/MAIL/SENDMAIL.CF File Listing +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /etc/mail/sendmail.cf ]
then
cat /etc/mail/sendmail.cf >>$sys.rpt 2>>errors.txt
else
echo "/etc/mail/sendmail: File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Last few logged on"
#
echo " " >>$sys.rpt 2>>errors.txt
echo "+++++ Last to logon +++++ " >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
last >>$sys.rpt 2>>errors.txt
#
#-------------------------------------------------------------------
#echo " >>>> ASET "
#-------------------------------------------------------------------
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "Checking ASET settings"
#
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking asetenv"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/ASETENV PERMISSIONS +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/asetenv ]
then
ls -lL /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
fi
else
echo "/usr/aset/asetenv : File not found" >>$sys.rpt 2>>errors.txt
fi
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/ASETENV FILE LISTING +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/asetenv ]
then
cat /usr/aset/asetenv >>$sys.rpt 2>>errors.txt
else
echo "/usr/aset/asetenv : File not found" >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo " Checking userlist"
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ /USR/ASET/USERLIST FILE LISTING +++++" >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
if [ -r /usr/aset/userlist ]
then
ls -lL /usr/aset/userlist >>$sys.rpt 2>>errors.txt
if [ $SCRIPT_OS = "IRIX" ]
then
eagls /usr/aset/userlist >>$sys.rpt 2>>errors.txt
fi
if [ $SCRIPT_OS = "HP-UX" ]
then
lsacl /usr/aset/userlist >>$sys.rpt 2>>errors.txt
fi
else
echo "/usr/aset/userlist : File not found " >>$sys.rpt 2>>errors.txt
fi
#* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#
echo "NORMAL END OF JOB "
#
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " +++++ NORMAL END OF JOB +++++ " >>$sys.rpt 2>>errors.txt
SCRIPT_END_TIME=`date`
echo $SCRIPT_END_TIME >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo >>$sys.rpt 2>>errors.txt
echo " C U S T O M E R S E N S I T I V E " >>$sys.rpt 2>>errors.txt
rm errors.txt
rm core.case
# Remove SCRIPT from the system
if [ -r unix-script ]
then
rm unix-script
fi
if [ -r UNIX-SCRIPT ]
then
rm UNIX-SCRIPT
fi
exit 0
No comments:
Post a Comment