3 # $Header: scan_suid,v 3.0 89/10/18 15:15:57 lwall Locked $
5 # Look for new setuid root files.
7 chdir '/usr/adm/private/memories' || die "Can't cd to memories: $!\n";
9 ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
10 $blksize,$blocks) = stat('oldsuid');
13 $tmp = $ctime - $atime;
14 if ($tmp <= 0 || $tmp >= 10) {
15 print "WARNING: somebody has read oldsuid!\n";
17 $tmp = $ctime - $mtime;
18 if ($tmp <= 0 || $tmp >= 10) {
19 print "WARNING: somebody has modified oldsuid!!!\n";
22 $lasttime = time - 60 * 60 * 24; # one day ago
26 #if defined(mc300) || defined(mc500) || defined(mc700)
27 open(Find, 'find / -perm -04000 -print |') ||
28 die "scan_find: can't run find";
30 open(Find, 'find / \( -fstype nfs -prune \) -o -perm -04000 -ls |') ||
31 die "scan_find: can't run find";
34 open(suid, '>newsuid.tmp');
38 #if defined(mc300) || defined(mc500) || defined(mc700)
39 $x = `/bin/ls -il $_`;
42 ($inode,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
46 ($inode,$blocks,$perm,$links,$owner,$group,$size,$month,$day,$time,$name)
50 if ($perm =~ /[sS]/ && $owner eq 'root') {
51 ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
52 $blksize,$blocks) = stat($name);
53 $foo = sprintf("%10s%3s %-8s %-8s%9s %3s %2s %s %s\n",
54 $perm,$links,$owner,$group,$size,$month,$day,$name,$inode);
56 if ($ctime > $lasttime) {
57 if ($ctime > $thistime) {
58 print "Future file: $foo";
68 print `sort +7 -8 newsuid.tmp >newsuid 2>&1`;
69 $foo = `/bin/diff oldsuid newsuid 2>&1`;
70 print "Differences in suid info:\n",$foo if $foo;
71 print `mv oldsuid oldoldsuid 2>&1; mv newsuid oldsuid 2>&1`;
72 print `touch oldsuid 2>&1;sleep 2 2>&1;chmod o+w oldsuid 2>&1`;
73 print `rm -f newsuid.tmp 2>&1`;
75 @ct = split(/\n/,$ct);
80 unless ($foo =~ "^>.*$tmp\n") { $ct .= "$tmp\n"; }
83 print "Inode changed since last time:\n",$ct if $ct;