______________________________________________________________________________ secheck v0.1 Bram Shirani (bram@aversion.net) http://www.aversion.net/secheck/ secheck@aversion.net ------------------------------------------------------------------------------ USER INPUT IS GREATLY APPRECIATED! LET ME KNOW WHAT YOU WANT TO SEE! secheck is a small shell script written to take a snapshot of a given system nightly for security. It eveolved when I decided to try and combine the outputs of several pre-existing security check programs already in existance, and add some other information I feel useful. This is a alpha alpha alpha release (not because of holes in the code) but because it really doesn't contain anything cool yet. * Currently, secheck does the following: 1. Shows the output of lsof -i |grep LISTEN This will show which ports are open at the snapshot time, along with who has them open, and what program (name) is running on that port. Useful to find who is running bots on your system, who is running bounces, is there something you didn't know was listening on your system, etc. 2. Shows the current users on the system. 3. Shows how much drive space is free (in gb) 4. Shows SUID files on the system 5. Emails the output of all of these to a user specified in check.sh (the wrapper script). * In the future, I plan to include the input from the following programs: 1. chkrootkit 2. logwatch/logcheck (the security violations sections) 3. iplog (DOS and ping scans) * Also planned for future releases: 1. Re-write in Perl 2. Add better documentations/coments ___________ Instalation ----------- 1. unpack the archive with: tar -zxvf secheck-0.01.tar.gz If you're reading this, you've already unpacked the archive. 2. cd into secheck/ 3. chmod +x security.check check.sh 4. edit check.sh and change the email address to the user(s) or email address you want the output mailed to. 5. Run check.sh 6. crontab check.sh with the following entry in your crontab file: crontab -e 0 0 * * * /path/to/check.sh PLEASE MAKE SURE CHECK.SH AND SECURITY.CHECK ARE IN THE SAME DIRECTORY!!! You may also make a symbolic link in /etc/cron.daily (for red hat users) to the check.sh file. Again, if you have any input, system information you would like to see added, please let me know. Please email secheck@aversion.net for questions/comments/additions/etc.