/usr/lib/tiger/systems/Linux/2/config is in tiger 1:3.2.3-10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 | # -*- sh -*-
#
# tiger - A UN*X security checking system
# Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# Linux/2/config - (based on Sun/5/config) 06/14/93
# Developed by Advanced Research Corporation (R)
#
#-----------------------------------------------------------------------------
# Linux/1/config - 04/20/99
# Linux/2/config - 04/20/99
# Linux/2/config - 10/09/99
# Added the new check_neverlogin script
# Linux/2/config - 08/07/2002 - jfs change in LSGROUPS
# Linux/2/config - 11/25/2002 - jfs added PROCDIR and APACHECONFDIR
# also added code to determine Linux distribution
# Linux/2/config - 04/15/2002 - jfs added check for LSGROUP variable based
# on fileutils version
# Linux/2/config - 06/20/2002 - jfs
# Added patch provided by Ryan Bradetich to consider the
# case of RedHat's 7.1 fileutils:
# $ ls --version
# ls (GNU fileutils) 4.0.36
# Linux/2/config - 08/11/2003 - jfs - Added TCPD to exported variables and
# included HOSTALLOW and HOSTDENY
# Linux/2/config - 08/13/2003 - jfs - Removed LSCRIPTDIR since it is no
# longer needed.
# Linux/2/config - 08/14/2003 - jfs - Added IFCONFIG
# Linux/2/config - 08/29/2003 - jfs - TESTEXEC needs to be defined first
# for findcmd() to work
# Linux/2/config - 09/19/2003 - jfs - Define UUID (otherwise the new check
# of script permissions in initdefs will not work)
# Linux/2/config - 11/19/2003 - jfs - Define REALPATH and SNEFRU to $BINDIR
# and removed paths from findcmd() (patch from Ryan Bradetich)
# Linux/2/config - 01/11/2004 - rbrad - Add OMNIBACK_CELLSERVER and NTPCONF
# Linux/2/config - 01/15/2004 - jfs - Add XINETDCONF and INETDCONF
# Linux/2/config - 03/31/2005 - jfs - Changed GROUPC to GROUPSS
# Linux/2/config - 04/17/2005 - jfs - Added IPTABLES and CMP
# Linux/2/config - 05/20/2006 - jfs - Use TAIL properly (POSIX 1003.2-1992)
# Linux/2/config - 04/25/2009 - jfs - Use apache2 directory if available in Debian
# Linux/2/config - 01/14/2011 - jfs - Add /dev/shm and /lib/init/rw
# to the writable filesystems (common tmpfs) (Debian bug #317329)
# Linux/2/config - 12/08/2011 - jfs - Add /run/, /run/shm and /run/lock
# to the list of potentially writable filesystems as these
# are commonly used as tmpfs (Debian bug #633060)
#
#-----------------------------------------------------------------------------
#UUID=`/usr/bin/id | /bin/sed -e 's/uid=\([0-9][0-9]*\).*$/\1/'`
UUID=`id -u`
USERNAME=`whoami`
# This will work in most shells
[ "$UUID" = "" ] && UUID=$UID
[ "$USERNAME" = "" ] && USERNAME=$USER
# Last resort
[ "$UUID" = "" -a ! "$USERNAME" = "" ] && {
# Try this and see it works
UUID=`grep ^$USERNAME: /etc/passwd |awk -F : '{print $3}'`
}
export UUID
[ "$USERNAME" != "root" ] && {
echo " " 1>&2
echo "This script should be run from a super-user account." 1>&2
echo " " 1>&2
# We don't need to bail out here, but most scripts will not run
# properly, however
# exit 1
}
findcmd()
{
CMD=$1
SRCH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
SAVEIFS=$IFS
IFS=:
set $SRCH
IFS=$SAVEIFS
for dir
do
[ $TESTEXEC $dir/$CMD ] && {
echo $dir/$CMD
return
}
done
}
# First of all, determine our distribution (might affect tests
# below)
LXDISTRIBUTION="unknown"
[ -f /etc/redhat-release ] && LXDISTRIBUTION="redhat"
[ -f /etc/debian_version ] && LXDISTRIBUTION="debian"
[ -f /etc/SuSE-release ] && LXDISTRIBUTION="redhat"
[ -f /etc/immunix-release ] && LXDISTRIBUTION="inmunix"
[ -f /etc/mandrake-release ] && LXDISTRIBUTION="mandrake"
[ -f /etc/turbolinux-release ] && LXDISTRIBUTION="turbolinux"
export LXDISTRIBUTION
TESTEXEC=-x
TESTLINK=-L
export TESTLINK TESTEXEC
RM=`findcmd rm`
AWK=`findcmd awk`
CAT=`findcmd cat`
LS=`findcmd ls`
CUT=`findcmd cut`
WC=`findcmd wc`
TEE=`findcmd tee`
COLUMN=`findcmd column`
CMP=`findcmd cmp`
GREP=`findcmd grep`
EGREP=`findcmd egrep`
SED=`findcmd sed`
SORT=`findcmd sort`
COMM=`findcmd comm`
TAIL=`findcmd tail`
TCPD=`findcmd tcpd`
HOSTALLOW=/etc/hosts.allow
HOSTDENY=/etc/hosts.deny
IFCONFIG=`findcmd ifconfig`
IP=`findcmd ip`
NETSTAT=`findcmd netstat`
IPTABLES=`findcmd iptables`
HEAD=`findcmd head`
MV=`findcmd mv`
TR=`findcmd tr`
JOIN=`findcmd join`
GROUPSS=`findcmd groups`
FILECMD=`findcmd file`
UNIQ=`findcmd uniq`
BASENAME=`findcmd basename`
CHMOD=`findcmd chmod`
CHOWN=`findcmd chown`
LN=`findcmd ln`
PASTE=`findcmd paste`
DIFF=`findcmd diff`
ID=`findcmd id`
EXPAND=`findcmd expand`
# We use sendmail better than mail since we use it to
# send appropriate headers
MAILER=`findcmd sendmail`
[ -z "$MAILER" ] && MAILER=`findcmd mail`
LSOF=`findcmd lsof`
MD5SUM=`findcmd md5sum`
if [ -f "$BINDIR/realpath" ]; then
REALPATH=$BINDIR/realpath
else
REALPATH=`findcmd realpath`
fi
PWD=`findcmd pwd`
# Package management tools
DPKG=`findcmd dpkg`
APT=`findcmd apt-get`
RPM=`findcmd rpm`
AUTORPM=`findcmd autorpm`
# Silent grep
SGREP="$EGREP -s"
X=`$EGREP -s : /etc/passwd 2>&1 | $TAIL -n 1`
[ "$X" != "" ] && {
SGREP="$GREP -s"
X=`$GREP -s : /etc/passwd 2>&1 | $TAIL -n 1`
[ "$X" != "" ] && {
SGREP="$BASEDIR/util/sgrep"
}
}
if [ -f "$BINDIR/snefru" ]; then
SNEFRU=$BINDIR/snefru
else
SNEFRU=`findcmd snefru`
fi
MD5=`findcmd md5`
[ -z "$MD5" -a -n "$MD5SUM" ] && MD5=$MD5SUM
PWCK=`findcmd pwck`
[ -n "$PWCK" ] && PWCK="$PWCK -r"
GRPCK=`findcmd grpck`
[ -n "$GRPCK" ] && GRPCK="$GRPCK -r"
CHAGE=`findcmd chage`
MESG=`findcmd mesg`
LASTLOG=`findcmd lastlog`
TEST=`findcmd test`
LSGROUP="-l"
# -L to show file instead of symlink
LSLINK="-L"
export CAT LS LSGROUP LSLINK RM AWK GREP EGREP SGREP SED
export SORT COMM TAIL MV TR JOIN GROUPSS FILECMD UNIQ BASENAME HEAD
export CHMOD CHOWN LN PASTE LSOF MD5SUM CUT COLUMN CMP
export SNEFRU MD5 REALPATH PWCK GRPCK CHAGE MESG DIFF WC
export PWD DPKG RPM AUTORPM APT ID EXPAND LASTLOG TEST TEE
export TCPD HOSTALLOW HOSTDENY IFCONFIG IP IPTABLES NETSTAT
UNAME=`findcmd uname`
HOSTNAME=`findcmd hostname`
GETHOSTNAME=`findcmd hostname`
EXPR=`findcmd expr`
STRINGS=`findcmd strings`
FIND=`findcmd find`
FINDXDEV=-xdev
FMT=`findcmd fmt`
GETFS=`findcmd mount`
CC=`findcmd cc || findcmd gcc`
PS=`findcmd ps`
DATE=`findcmd date`
DATECMD="$DATE +%y%m%d"
TIMECMD="$DATE +%H:%M"
export UNAME HOSTNAME EXPR STRINGS FIND FINDXDEV GETHOSTNAME
export FMT GETFS CC PS DATE DATECMD TIMECMD
WAIT=wait
# Configuration files
SENDMAILS="/usr/sbin/sendmail"
SENDMAILCF="/etc/sendmail.cf"
if [ -f /etc/mail/sendmail.cf ]
then
SENDMAILCF="/etc/mail/sendmail.cf"
fi
export SENDMAILS SENDMAILCF
LOGINDEF="/etc/login.defs"
PAMLOGINDEF="/etc/pam.d/login"
export LOGINDEF PAMLOGINDEF
# For Apache server configuration
APACHECONFDIR="/etc/httpd/conf/"
if [ "$LXDISTRIBUTION" = "debian" ] ; then
# Old Apache
APACHECONFDIR="/etc/apache/"
# Use new Apache if available
if [ -d /etc/apache2 ] ; then
APACHECONFDIR="/etc/apache2/"
fi
fi
[ "$LXDISTRIBUTION" = "suse" ] && APACHECONFDIR="/etc/httpd/"
# For SSHd configuration
if [ -f /etc/ssh/sshd_config ]
then
SSHD_CONFIG="/etc/ssh/sshd_config"
export SSHD_CONFIG
fi
# TODO: Check if all distributions use this configuration file
# Inet and xinet configuration files
INETDCONF="/etc/inetd.conf"
XINETDCONF="/etc/xinetd.conf"
export INETDCONF XINETDCONF
# For omniback server configuration
OMNIBACK_CELLSERVER="/usr/omni/config/cell/cell_server"
export OMNIBACK_CELLSERVER
# Location of the NTPCONF file
NTPCONF=/etc/ntp.conf
export NTPCONF
# For Yellow Pages services
YPCAT=`findcmd ypcat`
YP=
($PS aux | $GREP ypbind | $SGREP -v $GREP) && YP=Y
export YP
YPSERVER="NO"
($PS aux | $GREP ypserv | $SGREP -v $GREP) && YPSERVER="YES"
# To check databases
GETENT=`findcmd getent`
export WAIT YPCAT YPSERVER GETENT
# Directories
MAILSPOOL=/var/spool/mail
#
if [ -d /var/spool/cron/crontabs ]; then
CRONSPOOL=/var/spool/cron/crontabs
elif [ -d /usr/spool/cron/crontabs ]; then
CRONSPOOL=/usr/spool/cron/crontabs
elif [ -d /var/spool/cron ]; then
CRONSPOOL=/var/spool/cron
else
CRONSPOOL=NULL
fi
#
ETCSHELLS=/etc/shells
CRONALLOW=/etc/cron.allow
CRONDENY=/etc/cron.deny
#
export MAILSPOOL CRONSPOOL ETCSHELLS CRONALLOW CRONDENY
LOCFS=ext2
export LOCFS
FS_WDIRSYS="/tmp/ /var/tmp/ /var/spool/mail/ /dev/shm /lib/init/rw /run/ /run/shm /run/lock"
export FS_WDIRSYS
#
SYSDEFAULTPATH="/bin:/usr/bin"
export SYSDEFAULTPATH
# For check_network
PROCDIR="/proc"
export PROCDIR
CDIR="$BASEDIR/systems"
eval `
while read var file
do
if [ -f "$CONFIG_DIR/$file" ]; then
loc="$CONFIG_DIR"
elif [ -f "$CDIR/$OS/$REL/$REV/$ARCH/$file" ]; then
loc="$CDIR/$OS/$REL/$REV/$ARCH"
elif [ -f "$CDIR/$OS/$REL/$REV/$file" ]; then
loc="$CDIR/$OS/$REL/$REV"
elif [ -f "$CDIR/$OS/$REL/$file" ]; then
loc="$CDIR/$OS/$REL"
elif [ -f "$CDIR/$OS/$file" ]; then
loc="$CDIR/$OS"
else
loc=""
fi
if [ "$loc" != "" ]; then
echo $var="$loc/$file;"
else
echo "$var=;"
fi
echo "export $var;"
done << EOL
GEN_PASSWD_SETS gen_passwd_sets
GEN_GROUP_SETS gen_group_sets
GEN_ALIAS_SETS gen_alias_sets
CHECK_CRON check_cron
GEN_BOOTPARAM_SETS gen_bootparam_sets
GEN_EXPORT_SETS gen_export_sets
GEN_SERVICES_SETS gen_services
GET_MOUNTS gen_mounts
SIGNATURE_FILE signatures
SERVICESFILE services
INETDFILE inetd
ISSUEFILE issue
ISSUENETFILE issue.net
FILE_ACL file_access_list
SUID_LIST suid_list
SGID_LIST sgid_list
REL_FILE_EXCP rel_file_exp_list
GEN_CRON_FILES gen_cron
GETCLIENTDIRS gendlclients
GEN_INETD_SETS gen_inetd
GETDISKS getdisks
EMBEDDEDLIST embedlist
GETUSERHOME getuserhome
EOL
`
|