[p5sagit/p5-mst-13.2.git] / eg / scan / scan_suid

#!/usr/bin/perl -P

# $Header: scan_suid,v 4.0 91/03/20 01:14:00 lwall Locked $

# Look for new setuid root files.

chdir '/usr/adm/private/memories' || die "Can't cd to memories: $!\n";

($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
   $blksize,$blocks) = stat('oldsuid');
if ($nlink) {
    $lasttime = $mtime;
    $tmp = $ctime - $atime;
    if ($tmp <= 0 || $tmp >= 10) {
	print "WARNING: somebody has read oldsuid!\n";
    }
    $tmp = $ctime - $mtime;
    if ($tmp <= 0 || $tmp >= 10) {
	print "WARNING: somebody has modified oldsuid!!!\n";
    }
} else {
    $lasttime = time - 60 * 60 * 24;	# one day ago
}
$thistime = time;

#if defined(mc300) || defined(mc500) || defined(mc700)
open(Find, 'find / -perm -04000 -print |') ||
	die "scan_find: can't run find";
#else
open(Find, 'find / \( -fstype nfs -prune \) -o -perm -04000 -ls |') ||
	die "scan_find: can't run find";
#endif

open(suid, '>newsuid.tmp');

while (<Find>) {

#if defined(mc300) || defined(mc500) || defined(mc700)
    $x = `/bin/ls -il $_`;
    $_ = $x;
    s/^ *//;
    ($inode,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
      = split;
#else
    s/^ *//;
    ($inode,$blocks,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
      = split;
#endif

    if ($perm =~ /[sS]/ && $owner eq 'root') {
	($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
	   $blksize,$blocks) = stat($name);
	$foo = sprintf("%10s%3s %-8s %-8s%9s %3s %2s %s %s\n",
		$perm,$links,$owner,$group,$size,$month,$day,$name,$inode);
	print suid $foo;
	if ($ctime > $lasttime) {
	    if ($ctime > $thistime) {
		print "Future file: $foo";
	    }
	    else {
		$ct .= $foo;
	    }
	}
    }
}
close(suid);

print `sort +7 -8 newsuid.tmp >newsuid 2>&1`;
$foo = `/bin/diff oldsuid newsuid 2>&1`;
print "Differences in suid info:\n",$foo if $foo;
print `mv oldsuid oldoldsuid 2>&1; mv newsuid oldsuid 2>&1`;
print `touch oldsuid 2>&1;sleep 2 2>&1;chmod o+w oldsuid 2>&1`;
print `rm -f newsuid.tmp 2>&1`;

@ct = split(/\n/,$ct);
$ct = '';
$* = 1;
while ($#ct >= 0) {
    $tmp = shift(@ct);
    unless ($foo =~ "^>.*$tmp\n") { $ct .= "$tmp\n"; }
}

print "Inode changed since last time:\n",$ct if $ct;
Commit	Line	Data
378cc40b	1	#!/usr/bin/perl -P
378cc40b	2
fe14fcc3	3	# $Header: scan_suid,v 4.0 91/03/20 01:14:00 lwall Locked $
378cc40b	4
	5	# Look for new setuid root files.
	6
a687059c	7	chdir '/usr/adm/private/memories' \|\| die "Can't cd to memories: $!\n";
378cc40b	8
	9	($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
	10	$blksize,$blocks) = stat('oldsuid');
	11	if ($nlink) {
	12	$lasttime = $mtime;
	13	$tmp = $ctime - $atime;
	14	if ($tmp <= 0 \|\| $tmp >= 10) {
	15	print "WARNING: somebody has read oldsuid!\n";
	16	}
	17	$tmp = $ctime - $mtime;
	18	if ($tmp <= 0 \|\| $tmp >= 10) {
	19	print "WARNING: somebody has modified oldsuid!!!\n";
	20	}
	21	} else {
	22	$lasttime = time - 60 * 60 * 24; # one day ago
	23	}
	24	$thistime = time;
	25
	26	#if defined(mc300) \|\| defined(mc500) \|\| defined(mc700)
	27	open(Find, 'find / -perm -04000 -print \|') \|\|
	28	die "scan_find: can't run find";
	29	#else
	30	open(Find, 'find / \( -fstype nfs -prune \) -o -perm -04000 -ls \|') \|\|
	31	die "scan_find: can't run find";
	32	#endif
	33
	34	open(suid, '>newsuid.tmp');
	35
	36	while (<Find>) {
	37
	38	#if defined(mc300) \|\| defined(mc500) \|\| defined(mc700)
	39	$x = `/bin/ls -il $_`;
	40	$_ = $x;
	41	s/^ *//;
	42	($inode,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
	43	= split;
	44	#else
	45	s/^ *//;
	46	($inode,$blocks,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
	47	= split;
	48	#endif
	49
	50	if ($perm =~ /[sS]/ && $owner eq 'root') {
	51	($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
	52	$blksize,$blocks) = stat($name);
	53	$foo = sprintf("%10s%3s %-8s %-8s%9s %3s %2s %s %s\n",
	54	$perm,$links,$owner,$group,$size,$month,$day,$name,$inode);
	55	print suid $foo;
	56	if ($ctime > $lasttime) {
	57	if ($ctime > $thistime) {
	58	print "Future file: $foo";
	59	}
	60	else {
	61	$ct .= $foo;
	62	}
	63	}
	64	}
	65	}
	66	close(suid);
	67
	68	print `sort +7 -8 newsuid.tmp >newsuid 2>&1`;
	69	$foo = `/bin/diff oldsuid newsuid 2>&1`;
	70	print "Differences in suid info:\n",$foo if $foo;
	71	print `mv oldsuid oldoldsuid 2>&1; mv newsuid oldsuid 2>&1`;
72	print `touch oldsuid 2>&1;sleep 2 2>&1;chmod o+w oldsuid 2>&1`;
73	print `rm -f newsuid.tmp 2>&1`;
74
75	@ct = split(/\n/,$ct);
76	$ct = '';
77	$* = 1;
78	while ($#ct >= 0) {
79	$tmp = shift(@ct);
80	unless ($foo =~ "^>.*$tmp\n") { $ct .= "$tmp\n"; }
81	}
82
83	print "Inode changed since last time:\n",$ct if $ct;
84