______________________________________________________________________________ secheck v0.3 http://secheck.sourceforge.net/ secheck-support@aversion.net ------------------------------------------------------------------------------ USER INPUT IS GREATLY APPRECIATED! LET ME KNOW WHAT YOU WANT TO SEE! secheck-support@aversion.net bram@aversion.net ________________ Manditory Intro ---------------- secheck is a small shell script written to take a snapshot of a given system nightly for security. It eveolved when I decided to try and combine the outputs of several pre-existing security check programs, and add some other information I feel useful. This release currently takes what I had originally intended for secheck, and incorporates some new ideas by users who have been very helpful with feedback and even bits of code. Here's a breakout of what is contained in other files: For upcoming features, please see 'todo' For an explanation of items included in your email, along with why *I* felt they are important to include, see doc/HOWTO-read. By all means, if you think they're worthless, or have ideas on what *you'd* like to see, shoot an email to secheck-support@aversion.net or bram@aversion.net For a list of known compatibility issues (across distro's) see doc/README.distro ________ Features -------- * Currently, secheck does the following: 1. Show open ports on the system 2. Shows the current users on the system. 3. Shows how much drive space is free (in gb) 4. Shows SUID and SGID files on the system 5. Checks for users with root accounts 6. Checks for passwordless accounts 7. Shows system processes 8. Shows who has su'd to root (also includes sudo) 9. Optional: shows denied packets through ipchains/iptables 11. Shows all files with no owner 12. Show the differences between a basline copy of: /etc/passwd, /etc/shadow, /etc/group, and /etc/inetd.conf with the current version. 10. Emails the output of all of these to a user specified in check.sh (the wrapper script). ___________ Instalation ----------- ** I have written a small install.sh script which should handle all installation. Here's basiclly what it does, minus the crontab'ing 1. cp secheck-* /usr/local/etc/ && cd to /usr/local/etc/secheck 2. unpack the archive with: tar -xvf secheck-0.01.tar 3. cd into /usr/local/etc/secheck/ 4. chmod +x security.check secheck 5. edit secheck and change the email address to the user(s) or email address you want the output mailed to. 6. Run secheck 7. crontab secheck When you are finished, your layout should look like this: /root/secheck-*(version number) /root/secheck-*/secheck /root/secheck-*/security.check /root/secheck-*/other docs, README, INSTALL, etc /usr/local/etc/secheck/secheck /usr/local/etc/secheck/security.check /root/.secheck/baslinefiles If that isn't the case.. you may need to cp a few files here and there, and I will have it fixed in the next release. ____________ Crontab Help ------------ crontab -e To check at midnight every night... 0 0 * * * /usr/local/etc/secheck/secheck I check every hour with: 00 * * * * /usr/local/etc/secheck/secheck **** PLEASE MAKE SURE SECURITY.CHECK IS IN /usr/local/etc/secheck/ !!!!!! You may also make a symbolic link in /etc/cron.daily (for red hat users) to the check.sh file. ln -s /usr/local/etc/secheck/secheck /etc/cron.daily/00-secheck Again, if you have any input, system information you would like to see added, please let me know. Please email secheck-support@aversion.net for questions/comments/additions/etc.