Root под Прицелом

who=`tail -1 /var/adm/sulog | cut -f6 -d " "` file=$who@`date +%T"-"%m%d%y sleep 1 HISTFILE=/var/adm/hist/$file HITSIZE=128 export HISTFILE HISTSIZE

#!/usr/bin/ksh
#Name: security.chk

#Written by Rhonda Thorne

#Date 02/98

#Purpose is to report via email any su's to root on a daily basis
 

echo "Here are the su to root list for yesterday" >> /tmp/sec.list

grep `date +%m/%d` /var/adm/sulog|grep -e "-root" >> /tmp/sec.list

mailx -s "su list" sysadmin2 < /tmp/sec.list

rm /tmp/sec.list

#!/usr/bin/ksh
#Name: passwd.chk

#Written by Rhonda Thorne

#Date 04/98

#This script is to check the /etc/passwd file for duplicate root UID 

#entries (root back doors)
 

count=`grep :0:3:/etc/passwd|wc -l`

if [ $count -gt 1 ]
 then
 echo "Passwd file has a root back door. INVESTIGATE!" > \
 /tmp/passwd.lst
 echo "Here is the su to root list" >> \
 /tmp/passwd.lst
 grep `date +%m/%d` /var/adm/sulog|grep -e "-root" >> \
 /tmp/passwd.lst
 mailx sysadmin-page < /tmp/passwd.lst
 else
 exit

fi

rm /tmp/passwd.lst