tiger 1:3.2.3-10 / usr / lib / tiger / scripts / check_sendmail

This file is indexed.

/usr/lib/tiger/scripts/check_sendmail is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_sendmail - 06/14/93
#
# 05/18/2002 jfs Added check on banner (based on Titan's modules/smtpbanner.sh)
# 05/01/2003 jfs Added notes on behaviour, this check will only run if 
#                SENDMAILCF exists (after all, it's a sendmail-only check).
#                Fixed dependancies.
# 11/18/2003 jfs Fixed sintax problem which AIX choked on.
#                Noticed by Dale Martin.
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds SENDMAILS AWK LS SED STRINGS || exit 1
  haveallfiles SENDMAILCF BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Checking sendmail..."

haveallcmds STRINGS GREP SED AWK SORT LS || exit 1
haveallfiles SENDMAILCF BASEDIR WORKDIR || exit 1

check_date()
{
  mailer="$1"
  # TODO: Doing 'strings' on the mailer will not work as advertised
  # and might return false positives/negatives. Also, many mailers
  # might provide a /usr/sbin/sendmail which contains that string
  # (exim, for example, does).

  if [ -r "$mailer" ]; then
    $STRINGS $mailer |
    $GREP '[0-9][0-9]/[0-9][0-9]/[0-9][0-9]' |
    $SED -e 's%^.* *\([0-9][0-9]*/[0-9][0-9]*/[0-9][0-9]*\).*$%\1%' |
    $AWK -F/ '{
      month=$1;
      day=$2;
      year=$3;
      if(month > 12){
      year=$1;
      month=$2;
      day=$3;
    }
    if(year<100)
    year += 1900;
    if(year<10)
    year += 2000;
    printf("%04d %02d %02d\n", year, month, day);
    }' |
    $SORT -r |
    $SED -e 1q | {
      read year month day
      if [ ! -z $year ]
      then 
      [ "$year" -lt 1993 -o \( "$year" -eq 1993 -a "$month" -lt 10 \) ] && {
	message WARN misc010w "" "$mailer appears to be older than November 1993 (apparent date $month/$day/$year), and may contain a security vulnerability."
      }
      fi
    }
  else
    message ERROR misc012e "" "Can not read $mailer.  Test skipped."
  fi
}

{
if [ -r "$SENDMAILCF" ]; then
  $GREP '^Mprog' $SENDMAILCF |
  $SED -e 's/^.*P=\([^, ]*\).*$/\1/'
else
  echo "/bin/sh"
fi
} |
{
  read progmailer

  usingsmrsh=0
  case "$progmailer" in
    */smrsh) usingsmrsh=1;;
  esac

  if [ "$usingsmrsh" = 0 ]; then
    for mailer in $SENDMAILS
    do
      [ -f "$mailer" ] && check_date "$mailer"
    done
  else
    $STRINGS $progmailer |
    $GREP '/[-a-zA-Z0-9_.][-a-zA-Z0-9_./]*' |
    $GREP -v '/.*:/.*' |
    $SED -e 's/[^-a-zA-Z0-9_./]/ /g' |   
    $AWK '{
      for(i=1;i<=NF;i++)
      if(substr($i,1,1) == "/")
      print $i;
    }' |
    $GREP '^/[-/a-zA-Z0-9_.]*$' |
    $GREP -v /bin/sh |
    while read path
    do
      [ -d "$path" ] && {
	$LS "$path" |
	while read file
	do
	  case "$file" in
	    sh|csh|perl|uudecode|sed|grep|awk|cat|ksh|bash|tcsh) {
	      message WARN misc011w "" "Executable \`$file' in 'smrsh' directory \`$path' may create a vulnerability"
	      }
	    ;;
	  esac
	done
      }
    done
  fi	      
}

if [ -r "$SENDMAILCF" ]; then
	version="`$GREP \"^O\ SmtpGreetingMessage=\$j\ Sendmail\ \$v\/\$Z\;\ \$b\" $SENDMAILCF`"
	[ -n "$version" ] &&
	      message WARN netw019w "" "Sendmail avertises its version in $SENDMAILCF, current line: $version"

fi

exit 0

APT Browse - Built by Thomas Orozco.