Imported Upstream version 2.11.03
tony mancill
10 years ago
0 | |
#define VERSION "2.11.02"
|
|
0 |
#define VERSION "2.11.03"
|
1 | 1 |
#define YEARS "2005-2013"
|
|
0 |
stealth (2.11.03)
|
|
1 |
|
|
2 |
* In Stealth's man-page and manual -perm -xxxx was replaced by -perm /xxxx,
|
|
3 |
as per the POSIX standard.
|
|
4 |
|
|
5 |
-- Frank B. Brokken <f.b.brokken@rug.nl> Sat, 15 Jun 2013 14:34:42 +0200
|
|
6 |
|
0 | 7 |
stealth (2.11.02)
|
1 | 8 |
|
2 | 9 |
* Stealth returns 0 for options --help and --version
|
575 | 575 |
|
576 | 576 |
tt(CHECK LOG = remote/ls.root \)nl()
|
577 | 577 |
tt( /usr/bin/find / \)nl()
|
578 | |
tt( -xdev -perm +6111 -type f -exec /bin/ls -l {} \;)
|
|
578 |
tt( -xdev -perm /6111 -type f -exec /bin/ls -l {} \;)
|
579 | 579 |
|
580 | 580 |
All suid/gid/executable files on the same device as the root-directory (/)
|
581 | 581 |
on the client computer are listed with their permissions, owner and size
|
|
585 | 585 |
|
586 | 586 |
tt(CHECK remote/sha1.root \)nl()
|
587 | 587 |
tt( /usr/bin/find / \)nl()
|
588 | |
tt( -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;)
|
|
588 |
tt( -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;)
|
589 | 589 |
|
590 | 590 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
591 | 591 |
the root-directory (/) on the client computer are determined. The resulting
|
|
601 | 601 |
Example:nl()
|
602 | 602 |
tt(NOTEST CHECK LOG = remote/sha1.root \)nl()
|
603 | 603 |
tt( /usr/bin/find / \)nl()
|
604 | |
tt( -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;)
|
|
604 |
tt( -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;)
|
605 | 605 |
|
606 | 606 |
|
607 | 607 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
290 | 290 |
COMMENT(CAREFUL: EXTRA BLANK REQUIRD IN THE YODL FILE BEHIND \ )
|
291 | 291 |
verb(
|
292 | 292 |
CHECK LOG = remote/ls.root /usr/bin/find / \
|
293 | |
-xdev -perm +6111 -type f -exec /bin/ls -l {} \;
|
|
293 |
-xdev -perm /6111 -type f -exec /bin/ls -l {} \;
|
294 | 294 |
)
|
295 | 295 |
All suid/gid/executable files on the same device as the root-directory (/)
|
296 | 296 |
on the client computer are listed with their permissions, owner and size
|
|
299 | 299 |
|
300 | 300 |
This long command could be formulated shorter using a tt(DEFINE):
|
301 | 301 |
verb(
|
302 | |
DEFINE LSFIND -xdev -perm +6111 -type f -exec /bin/ls -l {} \;
|
|
302 |
DEFINE LSFIND -xdev -perm /6111 -type f -exec /bin/ls -l {} \;
|
303 | 303 |
CHECK remote/ls.root /usr/bin/find / ${LSFIND}
|
304 | 304 |
)
|
305 | 305 |
|
306 | 306 |
Another example:
|
307 | 307 |
verb(
|
308 | |
DEFINE SHA1SUM -xdev -perm +6111 -type f -exec /usr/bin/sha1sum {} \;
|
|
308 |
DEFINE SHA1SUM -xdev -perm /6111 -type f -exec /usr/bin/sha1sum {} \;
|
309 | 309 |
CHECK remote/sha1.root /usr/bin/find / ${SHA1SUM}
|
310 | 310 |
)
|
311 | 311 |
The SHA1 checksums of all suid/gid/executable files on the same device as
|
28 | 28 |
Example:
|
29 | 29 |
verb(
|
30 | 30 |
DEFINE SSH /usr/bin/ssh frankbash@localhost -q
|
31 | |
DEFINE EXECSHA1 -xdev -perm +111 -type f -exec /usr/bin/sha1sum {} \;
|
|
31 |
DEFINE EXECSHA1 -xdev -perm /111 -type f -exec /usr/bin/sha1sum {} \;
|
32 | 32 |
)
|
33 | 33 |
The symbols defined by tt(DEFINE) directives may consist of
|
34 | 34 |
letters, digits and the underscore character (tt(_)).
|
21 | 21 |
-exec /usr/bin/sha1sum {} \;
|
22 | 22 |
LABEL \nconfiguration files under /etc
|
23 | 23 |
CHECK LOG = remote/etcfiles /usr/bin/find /etc
|
24 | |
-type f -not -perm +6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
|
24 |
-type f -not -perm /6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
25 | 25 |
-exec /usr/bin/sha1sum {} \;
|
26 | 26 |
LOCAL /usr/bin/scp -q root@client:/usr/bin/sha1sum /root/tmp
|
27 | 27 |
LABEL \nCheck the client's sha1sum program
|
|
34 | 34 |
-exec /usr/bin/sha1sum {} \;
|
35 | 35 |
LABEL \nconfiguration files under /etc
|
36 | 36 |
CHECK LOG = remote/etcfiles /usr/bin/find /etc
|
37 | |
-type f -not -perm +6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
|
37 |
-type f -not -perm /6111 -not -regex "/etc/\(adjtime\|mtab\)"
|
38 | 38 |
-exec /usr/bin/sha1sum {} \;
|
39 | 39 |
)
|
40 | 40 |
|
141 | 141 |
verb(
|
142 | 142 |
LABEL \nconfiguration files under /etc
|
143 | 143 |
CHECK LOG = remote/etcfiles \
|
144 | |
/usr/bin/find /etc -type f -not -perm +6111 \
|
|
144 |
/usr/bin/find /etc -type f -not -perm /6111 \
|
145 | 145 |
-not -regex "/etc/\(adjtime\|mtab\)" \
|
146 | 146 |
-exec /usr/bin/sha1sum {} \;
|
147 | 147 |
)
|
26 | 26 |
|
27 | 27 |
LABEL \nconfiguration files under /etc
|
28 | 28 |
CHECK LOG = remote/etcfiles \
|
29 | |
/usr/bin/find /etc -type f -not -perm +6111 \
|
|
29 |
/usr/bin/find /etc -type f -not -perm /6111 \
|
30 | 30 |
-not -regex "/etc/\(adjtime\|mtab\)" \
|
31 | 31 |
-exec /usr/bin/sha1sum {} \;
|
32 | 32 |
|