/usr/lib/tiger/scripts/check_xinetd is in tiger 1:3.2.3-10.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2003 Michael Sconzo, Javier Fernandez-Sanguino Peña
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 1, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# check_xinetd - 02/11/2003
#
# Checks which xinetd services are enabled or disabled.
#
# 11/08/2007 - jfs - Change message calls so that they can be filtered
# (Debian bug #411534)
# 11/19/2003 - jfs - Added more verbose check if the configuration file
# does not exist. Fix syntax error. Thanks to Ryan Bradetich.
# 08/19/2003 - jfs - Allow override of XINETDCONF and fix error
# 08/12/2003 - jfs - Now write messages for disabled services too. Also
# fixed some errors.
# 08/11/2003 - jfs - Fixed dependancies. Now uses XINETDCONF instead of
# hardcoding the location. Added additional checks
# to avoid errors and use message instead of echo.
#
#-----------------------------------------------------------------------------
# TODO:
#
# - xinetd checks should determine if insecure services are active or
# running as root when not needed.
# - check if the xinetd configuration file is writable
# - check if the xinetd files under the xinetd directory are writable
# - it could also check vs the tiger's provided operating system's
# XINETDFILE to determine changes in services just as check_inetd does
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds GREP AWK LS || exit 1
haveallfiles BASEDIR || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
haveallcmds GREP AWK LS || exit 1
# TODO add XINETDCONF to haveallfiles when it's defined in the config
# scripts for all systems
haveallfiles BASEDIR || exit 1
echo
echo "# Performing check of 'xinetd' related services..."
check_xinetconfig()
{
xinetd_dir="$1"
$LS $xinetd_dir |
while read file
do
if [ "`$GREP -i 'disable' $xinetd_dir/$file | $AWK '{print $NF}'`" = "no" ] ;
then
service=`$GREP -w 'server' $file | $GREP '=' | $AWK '{print $NF}'`
message INFO xnet004i "" "Service $file is enabled using: $service."
else
message INFO xnet005i "" "Service $file is disabled."
fi
done
}
[ -z "$XINETDCONF" ] && XINETDCONF="/etc/xinetd.conf"
if [ -r "$XINETDCONF" ] ; then
$GREP 'includedir' $XINETDCONF | $AWK '{print $NF}' |
while read xinetd_directory
do
if [ -d "$xinetd_directory" ]
then
check_xinetconfig $xinetd_directory
else
message ERROR xnet002e "" "The location included in $XINETDCONF is not a directory"
fi
done
else
if [ ! -f "$XINETDCONF" ] ; then
message ERROR xnet001e "" "It appears that xinetd is not installed, cannot find file $XINETDCONF."
else
message ERROR xnet003e "" "Cannot read file $XINETDCONF."
fi
fi
|