This file is indexed.

/usr/lib/tiger/scripts/check_ftpusers is in tiger 1:3.2.3-8.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 2002 Javier Fernandez-Sanguino Pen~a 
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_ftpusers - jfs -  Sat May 18 18:39:35 CEST 2002
# 
# Analyses the system's /etc/ftpusers and determines if the administrative
# users are in that file.
#
# 06/21/2007 jfs Skip the check if we don't find any FTP server software 
#                (Debian bug #420486)
#
# 03/31/2005 jfs Allow FTPUSERS to be customised (some OS have it
#                in alternate locations)
# 10/01/2003 jfs Removed passwd files if not used any longer.
#
# 07/25/2002 jfs Added a sanity check for password files.
#                Changed TigerInstallDir to .
#
# 05/18/2002 jfs Created based on check_root with ideas inspired on Titan's
#		 modules/ftpusers.sh
#
# 08/09/2002 jfs Fixed call to grep adding quotes (now works in Solaris)
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM FIND || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Performing common access checks for root..."

haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM FIND || exit 1
haveallfiles BASEDIR WORKDIR || exit 1

safe_temp "$WORKDIR/pass.list.$$"
trap 'delete $WORKDIR/pass.list.$$ ; exit 1' 1 2 3 15

if ! $FIND /bin /sbin /usr/bin /usr/sbin/ /usr/local/bin \
           /usr/local/sbin -name "*ftpd" >/dev/null 2>&1 ; then
# No FTP server found, exit and do not implement this check
    exit 0
fi

# Just in case if it's not configured properly
[ -z "${Tiger_Accounts_Trust}" ] && { 
	Tiger_Accounts_Trust = 999
	export Tiger_Accounts_Trust
}
FTPUSERS=/etc/ftpusers
if [ "$OS" = "SunOS" -a ! -e "$FTPUSERS" ] ; then
	FTPUSERS=/etc/ftpd/ftpusers
fi

# Do this only if ftpusers exists
if [ -f "$FTPUSERS" ]; then

if [ -n "$Tiger_PasswdFiles" ]; then
    [ -f $Tiger_PasswdFiles ] && $CAT "$Tiger_PasswdFiles" > $WORKDIR/pass.list.$$
else
     $GEN_PASSWD_SETS $WORKDIR/pass.list.$$
fi

for passwd_set in `$CAT $WORKDIR/pass.list.$$`
do
	$CAT $passwd_set |
	while read line 
	do
	runawk="$AWK -F: '(\$3 <= $Tiger_Accounts_Trust) { print \$1 }'"
	user=`echo $line | eval $runawk`
# This does not work since $Tiger_Accounts_Trust does not get expanded
#	user=`echo $line | $AWK -F: '($3 <= $Tiger_Accounts_Trust) { print $1 }'`

	# Note: root is removed since it is checked for in check_root
	[ -n "$user" -a "$user" != "root" ] && [ -z "`$GREP \"^$user\" $FTPUSERS`" ]  && 
		message FAIL netw018f "" "Administrative user $user allowed access in $FTPUSERS"
	done 
        [ ! -n "$Tiger_PasswdFiles" ] && delete $passwd_set $passwd_set.src
done

else
	message FAIL netw020f "" "There is no $FTPUSERS file."

fi

delete $WORKDIR/pass.list.$$ 

exit 0