File seccheck-2.0-misc.patch of Package seccheck.968

--- seccheck-2.0/crontab.security.misc	Sun Dec 10 18:31:04 2000
+++ seccheck-2.0/crontab.security	Mon Nov 18 17:16:54 2002
@@ -1,3 +1,4 @@
+RUN_FROM_CRON=yes
 #
 # SuSE Security Checks
 #
--- seccheck-2.0/security-control.sh.misc	Mon Nov 18 17:16:54 2002
+++ seccheck-2.0/security-control.sh	Mon Nov 18 17:16:54 2002
@@ -11,9 +11,8 @@
 
 test -z "$SECCHK_USER" && SECCHK_USER="root"
 
-CRON=`ps ax|grep $PPID|grep -v grep| grep -i cron`
-if test "$START_SECCHK" != yes -a ! -z "$CRON"; then
-  echo "seccheck disabled by START_SECCHK" 
+if test "$START_SECCHK" != yes -a "$RUN_FROM_CRON" = yes; then
+  #echo "seccheck disabled by START_SECCHK" 
   exit 0
 fi
 
@@ -21,15 +20,19 @@
     /bin/echo "Syntax: $0 "'daily|weekly|monthly'
     exit 1
 }
-function disclaimer () {
-    /bin/echo
-    /bin/echo "DISCLAIMER"
-    /bin/echo
-    /bin/echo "Please note that these security checks are neither complete nor reliable."
-    /bin/echo "Any attacker with proper experience and root access to your system can"
-    /bin/echo "deceive *any* security check!"
-    /bin/echo
-}
+
+BLURB="
+
+This is an automated mail by the seccheck tool. If you want to disable
+this service, set START_SECCHK=no in /etc/sysconfig/seccheck.
+
+DISCLAIMER
+   
+Please note that these security checks are neither complete nor reliable.
+Any attacker with proper experience and root access to your system can
+deceive *any* security check!
+
+"
 
 test -z "$1" && syntax
 
@@ -41,7 +44,7 @@
 test -z "$MAILER" && echo "Can not find a suitable mailer!"
 test -z "$MAILER" && exit 1
 test -z "$SEC_BIN" && SEC_BIN="/usr/lib/secchk"
-test -z "$SEC_DATA" && SEC_VAR="/var/lib/secchk"
+test -z "$SEC_VAR" && SEC_VAR="/var/lib/secchk"
 export MAILER
 SEC_DATA="$SEC_VAR/data"
 OUT1="$SEC_VAR/security-report-daily.new"
@@ -69,13 +72,17 @@
  /bin/sh "$SEC_BIN/security-daily.sh" 1> "$OUT1"
  /usr/bin/diff -q -w "$OLD1" "$OUT1" 1> /dev/null || (
     {
-      echo "To: $SECCHK_USER"
-      echo -e "Subject: Local Daily Security for `hostname`: Changes\n"
-      echo "Daily security check $VERSION by Marc Heuse <marc@suse.de>"
-      echo "This is an automated mail by the seccheck tool. If you want to disable this"
-      echo "service, just type \"mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save\"."
-      disclaimer
-      echo -e "Changes in your daily security configuration of `hostname`:\n"
+	cat <<-EOF
+	To: $SECCHK_USER
+	Subject: Local Daily Security for `hostname`: Changes
+
+	Daily security check $VERSION by Marc Heuse <marc@suse.de>
+	$BLURB
+
+	Changes in your daily security configuration of `hostname`:
+
+EOF
+
       /usr/bin/diff -u -w "$OLD1" "$OUT1" | sed 's/^@@.*/\
 * Changes (+: new entries, -: removed entries):\
 	/' | egrep '^[+*-]|^$' |sed 's/^+++/NEW:/' | sed 's/^---/OLD:/' | sed 's/^[+-]/& /'
@@ -89,13 +96,16 @@
  /bin/sh "$SEC_BIN/security-weekly.sh" 1> "$OUT2"
  if [ -s "$OUT2" ]; then
     {
-      echo "To: $SECCHK_USER"
-      echo -e "Subject: Local Weekly Security for `hostname`: Changes\n"
-      echo "Weekly security check $VERSION by Marc Heuse <marc@suse.de>"
-      echo "This is an automated mail by the seccheck tool. If you want to disable this"
-      echo "service, just type \"mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save\"."
-      disclaimer
-      echo -e "Changes in your weekly security configuration of `hostname`:\n"
+      	cat <<-EOF
+	To: $SECCHK_USER
+	Subject: Local Weekly Security for `hostname`: Changes
+
+	Weekly security check $VERSION by Marc Heuse <marc@suse.de>
+	$BLURB
+
+	Changes in your weekly security configuration of `hostname`:
+
+EOF
       cat "$OUT2"
     } | $MAILER "$SECCHK_USER"
     mv "$OUT2" "$OLD2"
@@ -107,13 +117,16 @@
  test -s "$OLD1" || /bin/sh "$SEC_BIN/security-daily.sh" 1> "$OLD1"
  test -e "$SEC_DATA/devices" || /bin/sh "$SEC_BIN/security-weekly.sh" 1> "$OLD2"
  {
-      echo "To: $SECCHK_USER"
-      echo -e "Subject: Local Monthly Security for `hostname`: Complete\n"
-      echo "Monthly security check $VERSION by Marc Heuse <marc@suse.de>"
-      echo "This is an automated mail by the seccheck tool. If you want to disable this"
-      echo "service, just type \"mv /etc/cron.d/seccheck /etc/cron.d_seccheck.save\"."
-      disclaimer
-      echo -e "Complete monthly listing of `hostname`:\n"
+ 	cat <<-EOF
+	To: $SECCHK_USER
+	Subject: Local Monthly Security for `hostname`: Complete
+
+	Monthly security check $VERSION by Marc Heuse <marc@suse.de>
+	$BLURB
+
+	Monthly security check $VERSION by Marc Heuse <marc@suse.de>
+
+EOF
       /bin/sh "$SEC_BIN/security-monthly.sh"
  } | tee "$OLD3" | $MAILER "$SECCHK_USER"
 )
--- seccheck-2.0/security-daily.sh.misc	Mon Nov 18 17:16:54 2002
+++ seccheck-2.0/security-daily.sh	Mon Nov 18 17:32:27 2002
@@ -33,16 +33,16 @@
                 printf("Line %d is a blank line.\n", NR);
                 next;
         }
-        if (NF != 7)
-                printf("Line %d has the wrong number of fields.\n", NR);
         if ($1 ~ /^[+-]$/)
                 next;
+        if (NF != 7)
+                printf("Line %d has the wrong number of fields.\n", NR+1);
         if ($1 == "")
                 printf("Line %d has an empty login field.\n", NR);
         else if ($1 !~ /^[A-Za-z0-9][A-Za-z0-9_\.-]*$/)
                 printf("Login %s has non-alphanumeric characters.\n", $1);
-        if (length($1) > 8)
-                printf("Login %s has more than 8 characters.\n", $1);
+        if (length($1) > 32)
+                printf("Login %s has more than 32 characters.\n", $1);
         if ($2 == "")
                 printf("Login %s has no password.\n", $1);
         else if ($2 !~ /^[x*!]+$/)
@@ -95,16 +95,16 @@
                 printf("Line %d is a blank line.\n", NR);
                 next;
         }
-        if (NF != 9)
-                printf("Line %d has the wrong number of fields.\n", NR);
         if ($1 ~ /^[+-]$/)
                 next;
+        if (NF != 9)
+                printf("Line %d has the wrong number of fields.\n", NR+1);
         if ($1 == "")
                 printf("Line %d has an empty login field.\n", NR);
         else if ($1 !~ /^[A-Za-z0-9][A-Za-z0-9_-]*$/)
                 printf("Login %s has non-alphanumeric characters.\n", $1);
-        if (length($1) > 8)
-                printf("Login %s has more than 8 characters.\n", $1);
+        if (length($1) > 32)
+                printf("Login %s has more than 32 characters.\n", $1);
         if ($2 == "")
                 printf("Login %s has no password.\n", $1);
 	if ($2 != "" && length($2) != 13 && length($2) != 34 &&
@@ -133,11 +133,11 @@
         if ($1 ~ /^[+-]$/)
                 next;
         if (NF != 4)
-                printf("Line %d has the wrong number of fields.\n", NR);
+                printf("Line %d has the wrong number of fields.\n", NR+1);
         if ($1 !~ /^[A-za-z0-9][A-za-z0-9_-]*$/)
                 printf("Group %s has non-alphanumeric characters.\n", $1);
-        if (length($1) > 8)
-                printf("Group %s has more than 8 characters.\n", $1);
+        if (length($1) > 32)
+                printf("Group %s has more than 32 characters.\n", $1);
         if ($3 !~ /[0-9]*/)
                 printf("Login %s has a negative group id.\n", $1);
         if (length($4) > 0 && $3 < 3)
@@ -313,7 +313,7 @@
 awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
 while read uid homedir; do
         if [ -d ${homedir}/ ] ; then
-                file=`ls -ldbg ${homedir}|sed 's/[%\]/_/g'`
+                file=`ls -ldb ${homedir}|sed 's/[%\]/_/g'`
                 printf "$uid $file\n"
         fi
 done |
@@ -360,7 +360,7 @@
         for f in $list ; do
                 file=${homedir}/${f}
                 if [ -f "$file" ] ; then
-                        printf "$uid $f `ls -ldcbg $file|sed 's/[%\]/_/g'`\n"
+                        printf "$uid $f `ls -ldcb $file|sed 's/[%\]/_/g'`\n"
                 fi
         done
 done |
--- seccheck-2.0/security-monthly.sh.misc	Sun Jul  1 23:28:01 2001
+++ seccheck-2.0/security-monthly.sh	Mon Nov 18 17:16:54 2002
@@ -5,7 +5,7 @@
 #
 ####
 
-. /etc/rc.config
+. /etc/sysconfig/seccheck
 
 export PATH="/sbin:/usr/sbin:/bin:/usr/bin"
 umask 077
--- seccheck-2.0/security-weekly.sh.misc	Mon Jul  2 00:30:42 2001
+++ seccheck-2.0/security-weekly.sh	Mon Nov 18 17:19:36 2002
@@ -8,7 +8,7 @@
 # TODO /etc /home /home/.* permissions
 #
 
-. /etc/rc.config
+. /etc/sysconfig/seccheck
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 umask 077
@@ -53,10 +53,13 @@
 if [ -x /usr/sbin/john -a -x /usr/sbin/unshadow ]; then
     echo > $SEC_VAR/dict
     cat /usr/dict/* /var/lib/john/password.lst 2> /dev/null | sort | uniq >> $SEC_VAR/dict
-    unshadow /etc/passwd /etc/shadow > $SEC_VAR/passwd
-    nice -n 1 john -single "$SEC_VAR/passwd" 1> /dev/null 2>&1
-    nice -n 1 john -rules -w:$SEC_VAR/dict "$SEC_VAR/passwd" 1> /dev/null 2>&1
-    john -show "$SEC_VAR/passwd" | sed -n 's/:.*//p' > "$OUT"
+
+    # Copy passwd file. Use unique name to avoid races when john takes very long
+    SEC_PASSWD=$SEC_VAR/passwd.$$
+    unshadow /etc/passwd /etc/shadow > $SEC_PASSWD
+    nice -n 1 john -single "$SEC_PASSWD" 1> /dev/null 2>&1
+    nice -n 1 john -rules -w:$SEC_VAR/dict "$SEC_PASSWD" 1> /dev/null 2>&1
+    john -show "$SEC_PASSWD" | sed -n 's/:.*//p' > "$OUT"
     if [ -s "$OUT" ] ; then
         for i in `cat "$OUT"`; do
              $MAILER "$i" << _EOF_
@@ -76,7 +79,7 @@
 else
     echo -e "\nPassword security checking not possible, package "john" not installed."
 fi
-rm -f $SEC_VAR/passwd
+rm -f $SEC_PASSWD
 
 # neverlogin check
 $SEC_BIN/checkneverlogin > "$OUT"
@@ -86,7 +89,7 @@
 fi
 
 # suid/sgid check
-( nice -n 1 find $MNT \( -perm -04000 -o -perm -02000 \) -mount -type f | sort | xargs ls -cdl --full-time -- > "$SEC_DATA/sbit.new" ) 2> /dev/null
+( nice -n 1 find $MNT \( -perm -04000 -o -perm -02000 \) -mount -type f | sort | xargs ls -cdl --time-style=long-iso -- > "$SEC_DATA/sbit.new" ) 2> /dev/null
 diff -uw "$SEC_DATA/sbit" "$SEC_DATA/sbit.new" | \
 	egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$OUT"
 if [ -s "$OUT" ] ; then
@@ -97,7 +100,7 @@
 rm -f "$SEC_DATA/sbit.new"
 
 # writeable executable check
-( nice -n 1 find $MNT \( -perm -30 -o -perm -3 \) -mount -type f | sort | xargs ls -cdl --full-time -- > "$SEC_DATA/write-bin.new" ) 2> /dev/null
+( nice -n 1 find $MNT \( -perm -30 -o -perm -3 \) -mount -type f | sort | xargs ls -cdl --time-style=long-iso -- > "$SEC_DATA/write-bin.new" ) 2> /dev/null
 diff -uw "$SEC_DATA/write-bin" "$SEC_DATA/write-bin.new" | \
 	egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$OUT"
 if [ -s "$OUT" ] ; then
openSUSE Build Service is sponsored by