#!/bin/perl # # name : kill_baddies.pl # # SCCS : %P%, # %W%, %E% %U% # # History : # <1> V1.1 (S.Boran) # # Function: 1. report & wipe ALL hosts.equiv, .exrc # 2. report & wipe .rhosts except (see wanted() function) # 3. Also move all files which start with ".." to STRANGE.$FILENAME # 4. Check number of network interfaces (less than 2 except for # datacenter servers) and check that interface is not # in promiscous mode. # # TESTED ON: # Perl 4 + SunOS 4.1.3, 5.2, 5.3, 5.4 # Perl 5 + SunOS 5.4, 5.5 # require "find.pl"; require "ctime.pl"; # normally in /usr/local/lib/perl require "monitor_conf.pl"; # Site specific setup file # --- perl security precautions --- $ENV{'PATH'} = '/usr/bin'; $ENV{'SHELL'} = '/bin/sh'; $ENV{'IFS'} = ''; umask(077); # -rw------- # =======> edit these variables if needed <=============== $debug = ''; # '1'=debug, ''=no debug $hostname=`uname -n`; chop($hostname); chop ($day = &ctime(time)); $day =~ s/^\w+ (\w+ +\d+) .*/\1/; # get date in "Oct 5" format $tmpfile = "/tmp/kill_baddies.$$"; # put results in tmpfile ## Set system specific commands $os=`uname -r`; # Get OS revision if ($os =~ /^4\.1\.\d/) { # It's SunOS 4.1.x print "OS = Sun 4.1.x\n" if $debug; $mail='/usr/ucb/mail'; $get_fs_cmd ="/usr/etc/mount | egrep '/dev/sd' | cut -d' ' -f3"; $ifconfig_cmd ="/usr/etc/ifconfig -a 2>&1 | fgrep UP | fgrep -v lo0"; } elsif ($os =~ /^5\.\d/) { # It's SunOS 5.x print "OS = Sun 5.x\n" if $debug; $mail='/usr/bin/mailx'; $get_fs_cmd ="/usr/sbin/mount | egrep '/dev/dsk/' | cut -d' ' -f1"; $ifconfig_cmd ="/sbin/ifconfig -a 2>&1 | fgrep UP | fgrep -v lo0"; } else { # Unknown OS die "Operating system $os not supported"; } # vvvvvvvvvvvvvvvvvv DON'T edit vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv # --- is ethernet/TR in promiscous mode? -- &check_network_interface(); # ----------------- find host.equiv --------------- if ( -e "/etc/hosts.equiv" ) { &perror("--- Hosts.equiv found & wiped! - contains:"); &perror("------------------------------------------"); `cat /etc/hosts.equiv >> $tmpfile`; unlink("/etc/hosts.equiv"); } else { print "No /etc/hosts.equiv! \n" if $debug; } @filesys = `$get_fs_cmd`; # fill array with fs names chop(@filesys); while (@filesys) { print "@filesys[$#filesys] " if $debug; &find("@filesys[$#filesys]"); # FIND: start back to front pop @filesys; } ### Mail results & clean temporary file if ( -e $tmpfile ) { system "$mail -s '$hostname: Baddies' $user < $tmpfile"; unlink $tmpfile; } else { print "No mail output! \n" if $debug; } exit; # ------------- end of main ----------- sub wanted { # called by &find() # $dir = path $_ = filename # $name = $dir/$_ # If $prune is set to 1 ==> the search tree is to be pruned #($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_); ($dev) = lstat($_); $prune=1 if ($dev != $topdev); # stay on this device if (/^\.exrc$/) { &perror(">>>> $name found & wiped! - contains :"); `cat $name >> $tmpfile`; unlink("$name"); } elsif (/^\.\..+/) { # any file staring with '..' &perror(">>>> Strange file: ($name) found & moved - contains :"); `cat $name >> $tmpfile`; `mv $name $dir/STRANGE.$_` } elsif (/^\.rhosts$/) { # found an .rhosts file @contents = `cat $name`; chop(@contents); print "\n Found $name, Contents: <@contents>\n" if $debug; if (@contents == 1) { # .rhost with one entry print " 1 entry|" if $debug; # if (($hostname =~ /$admin_server_clients/) && (@contents[0] eq $admin_server)) { print " OK!" if $debug; return; # leave this .rhosts file } } # elsif ( ($hostname == $backup_server) # && (@contents == @backup_server_rhosts) ) { # print "$hostname @contents OK!" if $debug; # return; # leave this .rhosts file # } elsif (@contents == 5) { # special case for billy print " 5 entries|" if $debug; ## Allow /home/billy/.rhosts if ( ($name =~ /^\/home\/operator/ ) && (@contents == @o_hosts) ) { print " OK!\n" if $debug; return; # leave this .rhosts file } } elsif (@contents == 8) { # special case for AIX/wabi print " 8 entries|" if $debug; ## On $admin_server allow } # --- ELSE: report & remove file found ---- print "!!!!!! $name found & wiped !!!!" if $debug; &perror("------ $name found & wiped! - contains:"); `cat $name >> $tmpfile`; unlink("$name"); } } sub check_network_interface { @result = `$ifconfig_cmd`; if ($result[0] =~ /PROMISC/) { &perror("WARNING! network interface is promiscous:\n@result"); } if (@result > 1) { ## ignore for data center SNA gateway, who needs multiple interfaces if ($hostname !~ /$multiple_interfaces_ok/) { &perror("WARNING! more than one network interface is " ."active:\n@result"); } } } sub perror { open(OUT, ">>$tmpfile") || die "Cannot append tmp file.\n"; print OUT @_; print @_ if $debug; close(OUT); }