Subject: bin/1490: /etc/security has some problems.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <mrg@eterna.com.au>
List: netbsd-bugs
Date: 09/21/1995 23:00:40
>Number: 1490
>Category: bin
>Synopsis: /etc/security has some problems.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 21 09:05:01 1995
>Last-Modified:
>Originator: matthew green
>Organization:
bozotic softwar foundation
>Release: 18th august 1995.
>Environment:
System: NetBSD splode.eterna.com.au 1.0A NetBSD 1.0A (_splode_) #250: Fri Sep 15 23:39:27 EST 1995 mrg@splode.eterna.com.au:/orb/q/build/src/sys/arch/sparc/compile/_splode_ sparc
>Description:
/etc/security runs some code that depends on certain files existing,
and these aren't files that would always exist.
>How-To-Repeat:
the daily output has some errors:
egrep: /etc/hosts.equiv: No such file or directory
/etc/security: cannot open /etc/exports: no such file
sed: *.secure: No such file or directory
mtree: *.secure: No such file or directory
are three that are fixed below.
>Fix:
Index: security
===================================================================
RCS file: /local/cvs/src/etc/security,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 security
*** security 1995/04/12 16:46:47 1.1.1.1
--- security 1995/09/21 12:52:54
***************
*** 216,223 ****
# Files that should not have + signs.
list="/etc/hosts.equiv /etc/hosts.lpd"
for f in $list ; do
! if egrep '\+' $f > /dev/null ; then
! printf "\nPlus sign in $f file.\n"
fi
done
--- 216,225 ----
# Files that should not have + signs.
list="/etc/hosts.equiv /etc/hosts.lpd"
for f in $list ; do
! if [ -f $f ]; then
! if egrep '\+' $f > /dev/null ; then
! printf "\nPlus sign in $f file.\n"
! fi
fi
done
***************
*** 326,347 ****
fi
# File systems should not be globally exported.
! awk '{
! readonly = 0;
! for (i = 2; i <= NF; ++i) {
! if ($i ~ /-ro/)
! readonly = 1;
! else if ($i !~ /^-/)
! next;
! }
! if (readonly)
! print "File system " $1 " globally exported, read-only."
! else
! print "File system " $1 " globally exported, read-write."
! }' < /etc/exports > $OUTPUT
! if [ -s $OUTPUT ] ; then
! printf "\nChecking for globally exported file systems.\n"
! cat $OUTPUT
fi
# Display any changes in setuid files and devices.
--- 328,351 ----
fi
# File systems should not be globally exported.
! if [ -s /etc/exports ]; then
! awk '{
! readonly = 0;
! for (i = 2; i <= NF; ++i) {
! if ($i ~ /-ro/)
! readonly = 1;
! else if ($i !~ /^-/)
! next;
! }
! if (readonly)
! print "File system " $1 " globally exported, read-only."
! else
! print "File system " $1 " globally exported, read-write."
! }' < /etc/exports > $OUTPUT
! if [ -s $OUTPUT ] ; then
! printf "\nChecking for globally exported file systems.\n"
! cat $OUTPUT
! fi
fi
# Display any changes in setuid files and devices.
***************
*** 496,509 ****
fi
> $OUTPUT
! for file in *.secure; do
! tree=`sed -n -e '3s/.* //p' -e 3q $file`
! mtree -f $file -p $tree > $TMP1
! if [ -s $TMP1 ]; then
! printf "\nChecking $tree:\n" >> $OUTPUT
! cat $TMP1 >> $OUTPUT
! fi
! done
if [ -s $OUTPUT ] ; then
printf "\nChecking system binaries:\n"
cat $OUTPUT
--- 500,516 ----
fi
> $OUTPUT
! files="*.secure"
! if [ x"$files" != 'x*.secure' ]; then
! for file in *.secure; do
! tree=`sed -n -e '3s/.* //p' -e 3q $file`
! mtree -f $file -p $tree > $TMP1
! if [ -s $TMP1 ]; then
! printf "\nChecking $tree:\n" >> $OUTPUT
! cat $TMP1 >> $OUTPUT
! fi
! done
! fi
if [ -s $OUTPUT ] ; then
printf "\nChecking system binaries:\n"
cat $OUTPUT
>Audit-Trail:
>Unformatted: