Here is a little script sent
to use. While it doesn't
cover everything to watch
for on a system, it covers
some of the basics.
Use the following simple script
to check for security problems
on your system. Run it with
cron once a day and have it
mailed to you. (You will need
to modify it for your flavor
of Unix)
------------- CUT HERE ---------
echo LIST PASSWD AND SHADOW FILES TO CHECK FOR LAST DATE ACCESSED
echo
cd /etc; ls -l *passwd* *shadow*
echo
echo CHECK FOR USERS AND GROUPS THAT ARE EQUAL WITH ROOT
echo
grep ':00*:' /etc/passwd
echo
echo CHECK FOR USERS WITH SHELL ACCESS
echo
grep bash /etc/passwd
echo
echo LIST SU ACTIVITY
echo
cat /usr/adm/sulog
echo
echo CHECK FOR INVALID PASSWORDS
echo
grep invalid /usr/adm/syslog
echo
echo LIST THE LAST 20 LOGINS
echo
last |head -20
echo
echo CHECK THE HARD DRIVE SPACE
df
NOTE: All tips provided are USE AT YOUR OWN RISK. Tips are submitted
by various unix admins around the globe. UGU suggest you read and
test each tip in a non-volitile environment before placing into
production.