This file is indexed.

/usr/lib/tiger/systems/Linux/2/check_lilo is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_lilo:  checks permissions on boot loader config files
#		grub.conf and lilo.conf
# 10.26.2001
# Paul Telford <paul_telford@hp.com>
# 04.25.2002  Javier Fernandez-Sanguino <jfs@computer.org>
# Expanded to check also if there are passwords in the boot loader
# 07/25/2002 jfs       
# Changed TigerInstallDir to .
# Changed -e to -r and 'find' to 'access' in the error msg.
# 10/19/2003 jfs - Applied patch from Ryan Bradetich to work in SuSE systems.
# 11/18/2003 jfs - Fixed typo (Debian bug #221470)
# 01/15/2004 jfs - Fixed dependancies
# 12/27/2004 jfs - Fixed grub.conf naming (Debian bug #286641)
# 03/21/2005 jfs   Only run if running on the x86 architecture
#                  (Debian bug #288737)
# 06/22/2007 jfs   Run if on amd64 (Debian bug #412669)
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}
. $basedir/config

. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds GREP RM UNAME EGREP || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}
#------------------------------------------------------------------------
haveallcmds GREP RM UNAME EGREP || exit 1
haveallfiles BASEDIR WORKDIR || exit 1

machine=`$UNAME -m`
# Only applies to the x86 or amd64 architectures:
[ -z "`echo $machine | $EGREP 'i.86$|^x86_64$'`" ] && exit 0

echo
echo "# Checking boot loader file permissions..."
found="N"

file=/etc/lilo.conf
if [ -r $file ]
then

	found="Y"
	getpermit $file |
	   while read filename rowner rgroup rur ruw rux rgr rgw rgx ror row rox rsuid rsgid rstk
	do

	if [ $rgr -eq 1 -o $rgw -eq 1 -o $rgx -eq 1 ]
	then
                message WARN boot01 "" "The configuration file lilo.conf has group permissions"
	fi
	if [ $ror -eq 1 -o $row -eq 1 -o $rox -eq 1 ]
	then
                message FAIL boot01 "" "The configuration file lilo.conf has other permissions"
        fi

	done

	# Lilo password checks
	if [ -n "`$GREP ^restricted $file`" ] ; then
            if [ -z "`$GREP ^password $file`" ] ; then
                message WARN boot05 "" "The bootloader is restricted but does not seem to have a password configured."
	    fi 
	else
                message WARN boot04 "" "The bootloader lilo is not configured with a password"
	fi

fi

if [ -r /etc/grub.conf ] ; then
   # SuSE uses /etc/grub.conf.
   file=/etc/grub.conf
elif [ -r  /boot/grub/menu.lst ] ; then
   # Debian uses /boot/grub/menu.lst
   file=/boot/grub/menu.lst
else
   # for other Linux systems
   file=/boot/grub/grub.conf
fi 

if [ -r "$file" ]
then

	found="Y"
	getpermit $file |
	   while read filename rowner rgroup rur ruw rux rgr rgw rgx ror row rox rsuid rsgid rstk
	do

	if [ $rgr -eq 1 -o $rgw -eq 1 -o $rgx -eq 1 ]
	then
                message WARN boot02 "" "The configuration file $file has group permissions.  Should be 0600"
	fi
	if [ $ror -eq 1 -o $row -eq 1 -o $rox -eq 1 ]
	then
                message FAIL boot02 "" "The configuration file $file has world permissions.  Should be 0600"
        fi

	done
	# GRUB password checks
        if [ -z "`$GREP ^password $file`" ] ; then
                message WARN boot06 "" "The Grub bootloader does not have a password configured."
	fi 
fi

[ "$found" != 'Y' ] && {
	message WARN boot03w "" "Could not access LILO's or Grub's configuration file"
}

exit 0