Bash One liners
for path in `awk '($3 ~ "ext2|ext3") {print $2}' /etc/fstab`;do find $path -xdev -type d -perm -0002 ! -perm -1000 >> /tmp/sticks;done
Where /tmp/sticks contains directory listing one per line with world writeable permissions and no sticky bit set i.e.
/usr/openv/netbackup/logs/user_ops
/usr/openv/netbackup/logs/user_ops/nbjlogs
Read lines in file /tmp/sticks and echo them out
cat /tmp/sticks |while read dlist; do echo "${dlsit}";done
chmod the folders listed in the file by adding sticky bit (prevent other users with write from deleting anything but their own files)
cat /tmp/sticks |while read dlist; do chmod +t "${dlist}";done
Read lines in file and echo them out
while read dlist; do echo "${dlist}";done < <(cat /tmp/sticks)
find files and echo their names
find /tmp -name 'sticks*' |while read tfile; do echo "${tfile}";done
find world readable directories
for PART in `awk '($3 ~ "ext2|ext3") {print $2}' /etc/fstab`;do find $PART -xdev -type d -perm -0002 -a ! -perm -1000 >> /tmp/sticks ;done
for PART in `awk '($3 ~ "ext2|ext3") {print $2}' /etc/fstab`;do find $PART -xdev -type d -perm -0002 -a ! -perm -1000 >> /tmp/sticks ;done
Change world readable directories to have sticky bit set
cat /tmp/sticks |while read dlist; do chmod +t "${dlist}";done
cat /tmp/sticks |while read dlist; do chmod +t "${dlist}";done
rm -rf /etc/exports if not used:
if ! grep ^[^#] /etc/exports;then rm -rf /etc/exports; else mail -s "exports in use on `hostname`" pvalentino@sysxperts.com < /etc/exports;fi
if ! grep ^[^#] /etc/exports;then rm -rf /etc/exports; else mail -s "exports in use on `hostname`" pvalentino@sysxperts.com < /etc/exports;fi
User home directories should be 750 or less:
#!/bin/sh
find `awk -F: '($3 >= 500 && $1 != "nobody") {print $6}' /etc/passwd` -maxdepth 1 -type d -prune \( -perm -g+w -o -perm -o+r -o -perm -o+w -o -perm -o+x \) -ls
#!/bin/sh
find `awk -F: '($3 >= 500 && $1 != "nobody") {print $6}' /etc/passwd` -maxdepth 1 -type d -prune \( -perm -g+w -o -perm -o+r -o -perm -o+w -o -perm -o+x \) -ls
Fix for home dir permissions:
find `awk -F: '($3 >= 500 && $1 != "nobody") {print $6}' /etc/passwd` -maxdepth 1 -type d -prune \( -perm -g+w -o -perm -o+r -o -perm -o+w -o -perm -o+x \) -exec chmod 750 {} \;
find `awk -F: '($3 >= 500 && $1 != "nobody") {print $6}' /etc/passwd` -maxdepth 1 -type d -prune \( -perm -g+w -o -perm -o+r -o -perm -o+w -o -perm -o+x \) -exec chmod 750 {} \;
Test for world writable files:
#!/bin/sh
for PART in `awk '($2!="/data" && $2!="/apps" && !/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev -type f \( -perm -0002 -a ! -perm -1000 \) -ls;
done
#!/bin/sh
for PART in `awk '($2!="/data" && $2!="/apps" && !/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev -type f \( -perm -0002 -a ! -perm -1000 \) -ls;
done
Fix world writable:
#!/bin/sh
for PART in `awk '($2!="/data" && $2!="/apps" && !/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev -type f \( -perm -0002 -a ! -perm -1000 \) -exec chmod o-w {} \;;
done
Fix log permissions:
find /var/log -type f -exec chmod o-rx {} \;
find /var/log -type f -exec chmod o-rx {} \;
Find and log SUID/SGID System executables:
#!/bin/sh
for PART in `awk '(!/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev -type f \( -perm -04000 -o -perm -02000 \) ! -path /bin/su >> /tmp/sgidfiles;mail -s "SUID/SGID files on `hostname` pvalentino@sysxperts.com < /tmp/sgidfiles ;
done
#!/bin/sh
for PART in `awk '(!/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev -type f \( -perm -04000 -o -perm -02000 \) ! -path /bin/su >> /tmp/sgidfiles;mail -s "SUID/SGID files on `hostname` pvalentino@sysxperts.com < /tmp/sgidfiles ;
done
Find unowned files:
#!/bin/bash
for PART in `awk '(!/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev \( -nouser -o -nogroup \) -ls;
done
find $PART -xdev \( -nouser -o -nogroup \) -ls;
done
FIX unowned files:
#!/bin/bash
for PART in `awk '(!/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev \( -nouser -o -nogroup \) -exec chown root:root {} \;;
done
Ubuntu system account shell set to nologin:
rm -rf /tmp/sysaccts; awk -F: '($1!="root" && $1!="halt" && $1!="sync" && $1!="shutdown" && $3<500 && $7!="/bin/false" && $7!="/bin/sh" && $7!="/usr/sbin/nologin") {print $1}' /etc/passwd >> /tmp/sysaccts;cat /tmp/sysaccts |while read slist;do usermod -s /usr/sbin/nologin $slist;done
Redhat system account shell set to nologin:
rm -rf /tmp/sysaccts; awk -F: '($1!="root" && $1!="halt" && $1!="sync" && $1!="shutdown" && $3<500 && $7!="/sbin/nologin") {print $1}' /etc/passwd >> /tmp/sysaccts;cat /tmp/sysaccts |while read slist;do usermod -s /sbin/nologin $slist;done
for PART in `awk '(!/^#/ && $6 != "0") { print $2 }' /etc/fstab`; do
find $PART -xdev \( -nouser -o -nogroup \) -exec chown root:root {} \;;
done
Ubuntu system account shell set to nologin:
rm -rf /tmp/sysaccts; awk -F: '($1!="root" && $1!="halt" && $1!="sync" && $1!="shutdown" && $3<500 && $7!="/bin/false" && $7!="/bin/sh" && $7!="/usr/sbin/nologin") {print $1}' /etc/passwd >> /tmp/sysaccts;cat /tmp/sysaccts |while read slist;do usermod -s /usr/sbin/nologin $slist;done
Redhat system account shell set to nologin:
rm -rf /tmp/sysaccts; awk -F: '($1!="root" && $1!="halt" && $1!="sync" && $1!="shutdown" && $3<500 && $7!="/sbin/nologin") {print $1}' /etc/passwd >> /tmp/sysaccts;cat /tmp/sysaccts |while read slist;do usermod -s /sbin/nologin $slist;done
Posts
No comments:
Post a Comment