From pirzyk@faf.disney.com  Sat Aug 24 16:40:02 1996
Received: from huey.disney.com (huey.disney.com [204.128.192.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA11493
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 Aug 1996 16:40:01 -0700 (PDT)
Received: from dalsdb (dalsdb.fa.disney.com [139.104.212.4]) by huey.disney.com (8.7.5/8.7.3) with SMTP id QAA07441 for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 Aug 1996 16:35:10 -0700 (PDT)
Received: from snowhite by dalsdb with smtp
	(Smail3.1.28.1 #53) id m0uuSIU-00000wC; Sat, 24 Aug 96 16:39 PDT
Received: from amigo.cpm.com (port_2933.faf.disney.com [153.6.101.249]) by snowhite (8.6.11/8.6.11) with ESMTP id TAA10876 for <FreeBSD-gnats-submit@freebsd.org>; Sat, 24 Aug 1996 19:38:54 -0400
Received: (from pirzyk@localhost) by amigo.cpm.com (8.6.12/8.6.12) id QAA19207; Sat, 24 Aug 1996 16:11:42 -0400
Message-Id: <199608242011.QAA19207@amigo.cpm.com>
Date: Sat, 24 Aug 1996 16:11:42 -0400
From: pirzyk@faf.disney.com
Reply-To: pirzyk@dalsdb.fa.disney.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: new /etc/security script
X-Send-Pr-Version: 3.2

>Number:         1538
>Category:       misc
>Synopsis:       enhanced /etc/security script
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 24 16:50:01 PDT 1996
>Closed-Date:    Sat May 23 02:23:59 PDT 1998
>Last-Modified:  Sat May 23 02:24:13 PDT 1998
>Originator:     Jim Pirzyk
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Walt Disney Feature Animation Florida
>Environment:

	All FreeBSD systems.

>Description:

	Add more security checks in the /etc/security script.

>How-To-Repeat:

	

>Fix:
	
	Here are the context diffs for /etc/security.

*** /etc/security	Sat Aug 24 16:00:46 1996
--- /etc/security.bak	Thu Nov 16 04:58:43 1995
***************
*** 39,63 ****
  echo ""
  echo "checking for uids of 0:"
  awk 'BEGIN {FS=":"} $3=="0" {print $1,$3}' /etc/master.passwd
- 
- echo ""
- echo ""
- echo "checking for accounts without passwords:"
- awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd
- 
- echo ""
- echo ""
- echo "checking for accounts with duplicate uids:"
- sort -t: +2n /etc/master.passwd | awk -F: 'BEGIN { duplicate = -1; } $1 != "+" && $3 != 0 {if (duplicate == $3) { print $1, name; } duplicate = $3; name = $1; }'
- 
- echo ""
- echo ""
- echo "checking for world exported filesystems:"
- sed -e '/^\#/d' -e '/^[ \t]*$/d' /etc/exports | awk 'NF < 2 { print }'
- 
- echo ""
- echo ""
- echo "checking for block & character device files not in /dev:"
- find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }'
- 
- exit $?
--- 39,41 ----
>Release-Note:
>Audit-Trail:

From: J Wunsch <j@uriah.heep.sax.de>
To: Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/1538: new /etc/security script
Date: Sun, 25 Aug 1996 11:47:30 +0200 (MET DST)

 As pirzyk@faf.disney.com wrote:
 
 > *** /etc/security	Sat Aug 24 16:00:46 1996
 > --- /etc/security.bak	Thu Nov 16 04:58:43 1995
 
 (Btw., your patch is reversed.  Not a big deal, but i thought i'd
 mention it.)
 
 > - echo ""
 > - echo ""
 > - echo "checking for accounts without passwords:"
 > - awk -F: '$2=="" && $1 != "+" {print $1}' /etc/master.passwd
 
 This is a matter of local policy and not always unwanted.  So i'd
 leave this commented in the script, up to the local admin to enable it
 if he wants.
 
 > - echo "checking for block & character device files not in /dev:"
 > - find / -fstype local -name /dev -prune \( -type b -o -type c \) -exec ls -l {} \; | awk '{ print; }'
 > - 
 
 What i don't like with these approaches is that there are multiple
 find's walking down the disk twice or more each night.  This will only
 increase the sales volume of disk vendors...  Instead, we should run
 *one* find, selecting all the desired items, and post-process its
 output for the various actions.
 
 -- 
 cheers, J"org
 
 joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
 Never trust an operating system you don't have sources for. ;-)
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sat May 23 02:23:59 PDT 1998 
State-Changed-Why:  

As part of our PR auditing campaign, this PR has been closed due to it's 
age and lack of activity on the PR.   

There is a good chance that the problem reported have been solved  
as part of other activities. 

If this is not the case, please reopen this PR with fresh information 
on the manifestation of the bug. 

Sorry about the late reaction to this PR. 
>Unformatted:
