File seccheck-2.0-newpromisccheck.patch of Package seccheck.611

diff -purN seccheck-2.0.orig/security-daily.sh seccheck-2.0/security-daily.sh
--- seccheck-2.0.orig/security-daily.sh	2003-09-30 14:39:40.000000000 +0200
+++ seccheck-2.0/security-daily.sh	2003-09-30 15:10:59.000000000 +0200
@@ -406,14 +406,38 @@ if [ -s /etc/exports ] ; then
                 cat "$OUT"
         fi
 fi
-# promisc check
+
+# new promisc check
+# rewrite of promisc check to catch all cases even from other hosts if
+# script runs on a central syslog host. Thomas Biege <thomas@suse.de>
+
+# local devices
 > $OUT
-/sbin/ifconfig|/usr/bin/grep PROMISC 1> /dev/null && /sbin/ifconfig|\
-	/usr/bin/grep -C 2 PROMISC | grep -v '   [RT]X p'> $OUT
+
+for IF in $(grep "$(date +"%b %e")" /var/log/messages \
+          | grep "$HOSTNAME kernel: device .* entered promiscuous mode" \
+          | awk -F' ' '{print $7}')
+do
+        ifconfig $IF | grep -C 2 PROMISC | grep -v '   [RT]X p' >> $OUT
+done
 if [ -s "$OUT" ] ; then
-    printf "\nChecking devices for promiscious mode.\n"
-    cat "$OUT"
+	printf "\nChecking local devices for promiscious mode.\n"
+	cat "$OUT"
 fi
+
+# remote devices
+> $OUT
+for LL in $(grep "$(date +"%b %e")" /var/log/messages \
+          | grep "kernel: device .* entered promiscuous mode" \
+	  | grep -v "$HOSTAME")
+do
+        echo "$LL" >> $OUT
+done
+if [ -s "$OUT" ] ; then
+	printf "\nChecking remote devices for promiscious mode. (raw log entries)\n"
+	cat "$OUT"
+fi
+
 # list loaded modules
 > $OUT
 test -e /proc/modules && { lsmod 2> /dev/null | grep -v '^Module .* Used by$' | awk '{print$1}' | sort > $OUT