Imported Upstream version 2.11.03
tony mancill
10 years ago
| 0 | |
#define VERSION "2.11.02"
|
|
0 |
#define VERSION "2.11.03"
|
| 1 | 1 |
#define YEARS "2005-2013"
|
|
0 |
stealth (2.11.03)
|
|
1 |
|
|
2 |
* In Stealth's man-page and manual -perm -xxxx was replaced by -perm /xxxx,
|
|
3 |
as per the POSIX standard.
|
|
4 |
|
|
5 |
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 15 Jun 2013 14:34:42 +0200
|
|
6 |
|
| 0 | 7 |
stealth (2.11.02)
|
| 1 | 8 |
|
| 2 | 9 |
* Stealth returns 0 for options --help and --version
|
| 575 | 575 |
|
| 576 | 576 |
tt(CHECK LOG = remote/ls.root \)nl()
|
| 577 | 577 |
tt( /usr/bin/find / \)nl()
|
| 578 | |
tt( -xdev -perm +6111 -type f -exec /bin/ls -l {} \;)
|
|
578 |
tt( -xdev -perm /6111 -type f -exec /bin/ls -l {} \;)
|
| 579 | 579 |
|
| 580 | 580 |
All suid/gid/executable files on the same device as the root-directory (/)
|
| 581 | 581 |
on the client computer are listed with their permissions, owner and size
|
|
| 585 | 585 |
|
| 586 | 586 |
tt(CHECK remote/sha1.root \)nl()
|
| 587 | 587 |
tt( /usr/bin/find / \)nl()
|
| 588 | |
tt( -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;)
|
|
588 |
tt( -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;)
|
| 589 | 589 |
|
| 590 | 590 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
| 591 | 591 |
the root-directory (/) on the client computer are determined. The resulting
|
|
| 601 | 601 |
Example:nl()
|
| 602 | 602 |
tt(NOTEST CHECK LOG = remote/sha1.root \)nl()
|
| 603 | 603 |
tt( /usr/bin/find / \)nl()
|
| 604 | |
tt( -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;)
|
|
604 |
tt( -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;)
|
| 605 | 605 |
|
| 606 | 606 |
|
| 607 | 607 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
| 290 | 290 |
COMMENT(CAREFUL: EXTRA BLANK REQUIRD IN THE YODL FILE BEHIND \ )
|
| 291 | 291 |
verb(
|
| 292 | 292 |
CHECK LOG = remote/ls.root /usr/bin/find / \
|
| 293 | |
-xdev -perm +6111 -type f -exec /bin/ls -l {} \;
|
|
293 |
-xdev -perm /6111 -type f -exec /bin/ls -l {} \;
|
| 294 | 294 |
)
|
| 295 | 295 |
All suid/gid/executable files on the same device as the root-directory (/)
|
| 296 | 296 |
on the client computer are listed with their permissions, owner and size
|
|
| 299 | 299 |
|
| 300 | 300 |
This long command could be formulated shorter using a tt(DEFINE):
|
| 301 | 301 |
verb(
|
| 302 | |
DEFINE LSFIND -xdev -perm +6111 -type f -exec /bin/ls -l {} \;
|
|
302 |
DEFINE LSFIND -xdev -perm /6111 -type f -exec /bin/ls -l {} \;
|
| 303 | 303 |
CHECK remote/ls.root /usr/bin/find / ${LSFIND}
|
| 304 | 304 |
)
|
| 305 | 305 |
|
| 306 | 306 |
Another example:
|
| 307 | 307 |
verb(
|
| 308 | |
DEFINE SHA1SUM -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;
|
|
308 |
DEFINE SHA1SUM -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;
|
| 309 | 309 |
CHECK remote/sha1.root /usr/bin/find / ${SHA1SUM}
|
| 310 | 310 |
)
|
| 311 | 311 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
| 28 | 28 |
Example:
|
| 29 | 29 |
verb(
|
| 30 | 30 |
DEFINE SSH /usr/bin/ssh frankbash@localhost -q
|
| 31 | |
DEFINE EXECSHA1 -xdev -perm +111 -type f -exec /usr/bin/sha1sum {} \;
|
|
31 |
DEFINE EXECSHA1 -xdev -perm /111 -type f -exec /usr/bin/sha1sum {} \;
|
| 32 | 32 |
)
|
| 33 | 33 |
The symbols defined by tt(DEFINE) directives may consist of
|
| 34 | 34 |
letters, digits and the underscore character (tt(_)).
|
| 21 | 21 |
-exec /usr/bin/sha1sum {} \;
|
| 22 | 22 |
LABEL \nconfiguration files under /etc
|
| 23 | 23 |
CHECK LOG = remote/etcfiles /usr/bin/find /etc
|
| 24 | |
-type f -not -perm +6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
|
24 |
-type f -not -perm /6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
| 25 | 25 |
-exec /usr/bin/sha1sum {} \;
|
| 26 | 26 |
LOCAL /usr/bin/scp -q root@client:/usr/bin/sha1sum /root/tmp
|
| 27 | 27 |
LABEL \nCheck the client's sha1sum program
|
|
| 34 | 34 |
-exec /usr/bin/sha1sum {} \;
|
| 35 | 35 |
LABEL \nconfiguration files under /etc
|
| 36 | 36 |
CHECK LOG = remote/etcfiles /usr/bin/find /etc
|
| 37 | |
-type f -not -perm +6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
|
37 |
-type f -not -perm /6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
| 38 | 38 |
-exec /usr/bin/sha1sum {} \;
|
| 39 | 39 |
)
|
| 40 | 40 |
|
| 141 | 141 |
verb(
|
| 142 | 142 |
LABEL \nconfiguration files under /etc
|
| 143 | 143 |
CHECK LOG = remote/etcfiles \
|
| 144 | |
/usr/bin/find /etc -type f -not -perm +6111 \
|
|
144 |
/usr/bin/find /etc -type f -not -perm /6111 \
|
| 145 | 145 |
-not -regex "/etc/\(adjtime\|mtab\)" \
|
| 146 | 146 |
-exec /usr/bin/sha1sum {} \;
|
| 147 | 147 |
)
|
| 26 | 26 |
|
| 27 | 27 |
LABEL \nconfiguration files under /etc
|
| 28 | 28 |
CHECK LOG = remote/etcfiles \
|
| 29 | |
/usr/bin/find /etc -type f -not -perm +6111 \
|
|
29 |
/usr/bin/find /etc -type f -not -perm /6111 \
|
| 30 | 30 |
-not -regex "/etc/\(adjtime\|mtab\)" \
|
| 31 | 31 |
-exec /usr/bin/sha1sum {} \;
|
| 32 | 32 |
|