SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Slackware Security Checker

Modified by Jeffrey Denton <dentonj@sastk.org>

Originally written by

(c) 1999,2000 by Marc Heuse <marc@suse.de>

The Slackware Security Checker is a set of several shellscripts which check the local security of the system on a regular basis.

Three main scripts are executed: 

        security-daily          is started daily by cron
        security-weekly         is started once a week by cron
        security-monthly        is started once a month by cron

The daily script runs at midnight, and only if changes to the last run (the night before) are found, a mail with the differences will be sent. The weekly script runs every monday at 1:00am, and only if changes to the last run (the week before) are found, a mail with the differences will be sent.
The monthly script runs every on every 1st of the month and sends the full last daily and weekly report via email.

# Interesting - remove
#Please note that you can change the receiver of the seccheck mails from root #to anyone else if you add an entry like this one to /etc/rc.config: #SECCHK_USER="firewall" # exchange firewall is an admin user's account name

The following daily checks are done:
/etc/passwd check : length/number/contents of fields, accounts with same uid

accounts with uid/gid of 0 or 1 beside root and bin /etc/shadow check : length/number/contents of fields, accounts with no password /etc/group check : length/number/contents of fields user root checks : secure umask and PATH /etc/ftpusers : checks if important system users are put there /etc/mail/aliases : checks for mail aliases which execute programs 

 .rhosts check     : checks if users' .rhosts file contain + signs
 homedirectory     : checks if homedirectories are writable or owned by
                        someone else
 dot-files check   : checks many dot-files in the homedirectories if they
                        are writable or owned by someone else
 mailbox check     : checks if user mailboxes are owned by user and unreadable

NFS export check : exports should not be exported globaly NFS import check : NFS mounts should have the "nosuid" option set 

 promisc check     : checks if network cards are in promiscious mode
 list modules      : just lists loaded modules
# list sockets      : just lists open ports

The following weekly checks are done:
# password check : runs john to crack the password file, user will get an # email notice to change his password asap suid/sgid check : lists all suid and sgid files exec group write : lists all executables which are group/world writeable writable check : lists all files which are world writable (incl. above) device check : lists all devices

The following monthly things are done:
The monthly file is not a diff like the daily/weekly ones but the full reports in one file.

If you have questions or find bugs, mail them to dentonj@sastk.org. If you like this script, please let Marc know. Just remember that if you ask him any questions about bugs, he will more than likely tell you that the fix for your problem is to install SuSE.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.