File seccheck-2.0-newpromisccheck.patch of Package seccheck.611
diff -purN seccheck-2.0.orig/security-daily.sh seccheck-2.0/security-daily.sh
--- seccheck-2.0.orig/security-daily.sh 2003-09-30 14:39:40.000000000 +0200
+++ seccheck-2.0/security-daily.sh 2003-09-30 15:10:59.000000000 +0200
@@ -406,14 +406,38 @@ if [ -s /etc/exports ] ; then
cat "$OUT"
fi
fi
-# promisc check
+
+# new promisc check
+# rewrite of promisc check to catch all cases even from other hosts if
+# script runs on a central syslog host. Thomas Biege <thomas@suse.de>
+
+# local devices
> $OUT
-/sbin/ifconfig|/usr/bin/grep PROMISC 1> /dev/null && /sbin/ifconfig|\
- /usr/bin/grep -C 2 PROMISC | grep -v ' [RT]X p'> $OUT
+
+for IF in $(grep "$(date +"%b %e")" /var/log/messages \
+ | grep "$HOSTNAME kernel: device .* entered promiscuous mode" \
+ | awk -F' ' '{print $7}')
+do
+ ifconfig $IF | grep -C 2 PROMISC | grep -v ' [RT]X p' >> $OUT
+done
if [ -s "$OUT" ] ; then
- printf "\nChecking devices for promiscious mode.\n"
- cat "$OUT"
+ printf "\nChecking local devices for promiscious mode.\n"
+ cat "$OUT"
fi
+
+# remote devices
+> $OUT
+for LL in $(grep "$(date +"%b %e")" /var/log/messages \
+ | grep "kernel: device .* entered promiscuous mode" \
+ | grep -v "$HOSTAME")
+do
+ echo "$LL" >> $OUT
+done
+if [ -s "$OUT" ] ; then
+ printf "\nChecking remote devices for promiscious mode. (raw log entries)\n"
+ cat "$OUT"
+fi
+
# list loaded modules
> $OUT
test -e /proc/modules && { lsmod 2> /dev/null | grep -v '^Module .* Used by$' | awk '{print$1}' | sort > $OUT