#!/bin/sh -
#
#	@(#)security	5.3 (Berkeley) 5/28/91
# $FreeBSD: stable/2.1/etc/security 50952 1999-09-05 11:54:50Z peter $
#
PATH=/sbin:/bin:/usr/bin
LC_ALL=C; export LC_ALL

host=`hostname -s`
echo "Subject: $host security check output"

LOG=/var/log
TMP=/var/run/_secure.$$

umask 027

echo "checking setuid files and devices:"

# don't have ncheck, but this does the equivalent of the commented out block.
# note that one of the original problem, the possibility of overrunning
# the args to ls, is still here...
#
MP=`mount -t ufs | sed 's;/dev/;&r;' | awk '{ print $3 }'`
set $MP
while test $# -ge 1; do
	mount=$1
	shift
	find $mount -xdev -type f \
		\( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
		\( -perm -u+s -or -perm -g+s \) -print0
done | xargs -0 -n 20 ls -lgTd > $TMP

if [ ! -f $LOG/setuid.today ] ; then
	echo "no $LOG/setuid.today"
	cp $TMP $LOG/setuid.today
fi
if cmp $LOG/setuid.today $TMP >/dev/null; then :; else
	echo "$host setuid diffs:"
	diff -b $LOG/setuid.today $TMP
	mv $LOG/setuid.today $LOG/setuid.yesterday
	mv $TMP $LOG/setuid.today
fi
rm -f $TMP

echo ""
echo ""
echo "checking for uids of 0:"
awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
