Listing 2: Safe

#	Safe ----	check system for suid progs & command changes
#
#	@(#)Safe	2.2  7/17/93  /sccs/u/wdr/bin/s.Safe
#
#	developer:	Bill Rieken	4B77	x6027	(408) 241-8319
#
#	function:	check system integrity (boo-boos & badguys)
#
#	usage:	#  Safe
#		$  /letc/Safe
#		$  /usr/local/etc/Safe
#
#		(executed daily at 2am by 'Quiet' from 'cron')
#
#	method:	'find' files with [suid|sgid] [root|sys],
#		save the list in a safe place, and 'diff' with
#		yesterday's list;  'sum' each file in /bin, /etc
#		/usr/bin, keep the checksums in a safe place,
#		and 'diff' with yesterday's checksums;  'diff'
#		/etc/passwd, /usr/spool/cron/crontabs/root, and
#		other important system files; finally execute
#		'fchk' to check file permission changes.
#--------------------------------------------------------------
if [ $# -gt 0 ]	#  should  have  NO  arguments!
then
	cat <<E_USAGE
	USAGE:     $0  2>&1  |  mail  rick  sam  wdr
		       (executed by cron at 1:10am...)
E_USAGE
	exit 1
fi
HOME=/u/wdr;	export HOME	#  keep  in  non-standard  place
SAFE=$HOME/.s;	export SAFE	#  to  fake  out  smart  intruders  :-)

#  determine root crontab file location
if [ `uname -m` = "mc68k" ]
then
	CRON=/usr/lib/crontab	#  UNIX  pc7300  System  5.0
else
	CRON=/usr/spool/cron/crontabs/root    #  UNIX  System  5.2
fi
#------------------------------------------------------------
echo "-------------------------------------------------------"
echo "From `uname -n`: `date` ------- Good morning, Sunshine!"
echo "-------------------------------------------------------"
#------------------------------------------------------------
mv $SAFE/suidlist $SAFE/Osuidlist	#  save  yesterday's  suidlist
echo "Set-[user|group]-id [root|sys] Check:"
find / \( -perm -4000 -user  root \
       -o -perm -2000 -group root \
       -o -perm -4000 -user  sys  \
       -o -perm -2000 -group sys  \) -print >$SAFE/suidlist
chmod 400 $SAFE/suidlist
diff $SAFE/Osuidlist $SAFE/suidlist
#------------------------------------------------------------
mv $SAFE/bin.sum $SAFE/Obin.sum	#  save  yesterday's  bin. sum
echo "/bin checksum Check:"
sum /bin/* >$SAFE/bin.sum
chmod 400 $SAFE/bin.sum
diff $SAFE/Obin.sum $SAFE/bin.sum	#  checksum  other  dir's  too!
#------------------------------------------------------------
mv $SAFE/passwd $SAFE/Opasswd	#  save  yesterday's  passwd
echo "/etc/passwd Check:"
cp /etc/passwd $SAFE/passwd
chmod 400 $SAFE/passwd
diff $SAFE/Opasswd $SAFE/passwd
#------------------------------------------------------------
mv $SAFE/crontab $SAFE/Ocrontab	#  save  yesterday's  crontab
echo "$CRON Check:"
cp $CRON $SAFE/crontab
chmod 400 $SAFE/crontab
diff $SAFE/Ocrontab $SAFE/crontab	#  check  other  files  too!
#------------------------------------------------------------
echo "File Permissions Check:"
/bin/ksh  -c  /u/wdr/bin/fchk	#  pc7300  uses  5.0  sh  w/o  functions!


