/usr/lib/tiger/scripts/check_ftpusers is in tiger 1:3.2.3-8.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2002 Javier Fernandez-Sanguino Pen~a
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# check_ftpusers - jfs - Sat May 18 18:39:35 CEST 2002
#
# Analyses the system's /etc/ftpusers and determines if the administrative
# users are in that file.
#
# 06/21/2007 jfs Skip the check if we don't find any FTP server software
# (Debian bug #420486)
#
# 03/31/2005 jfs Allow FTPUSERS to be customised (some OS have it
# in alternate locations)
# 10/01/2003 jfs Removed passwd files if not used any longer.
#
# 07/25/2002 jfs Added a sanity check for password files.
# Changed TigerInstallDir to .
#
# 05/18/2002 jfs Created based on check_root with ideas inspired on Titan's
# modules/ftpusers.sh
#
# 08/09/2002 jfs Fixed call to grep adding quotes (now works in Solaris)
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM FIND || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
haveallvars TESTLINK HOSTNAME || exit 1
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Performing common access checks for root..."
haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM FIND || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
safe_temp "$WORKDIR/pass.list.$$"
trap 'delete $WORKDIR/pass.list.$$ ; exit 1' 1 2 3 15
if ! $FIND /bin /sbin /usr/bin /usr/sbin/ /usr/local/bin \
/usr/local/sbin -name "*ftpd" >/dev/null 2>&1 ; then
# No FTP server found, exit and do not implement this check
exit 0
fi
# Just in case if it's not configured properly
[ -z "${Tiger_Accounts_Trust}" ] && {
Tiger_Accounts_Trust = 999
export Tiger_Accounts_Trust
}
FTPUSERS=/etc/ftpusers
if [ "$OS" = "SunOS" -a ! -e "$FTPUSERS" ] ; then
FTPUSERS=/etc/ftpd/ftpusers
fi
# Do this only if ftpusers exists
if [ -f "$FTPUSERS" ]; then
if [ -n "$Tiger_PasswdFiles" ]; then
[ -f $Tiger_PasswdFiles ] && $CAT "$Tiger_PasswdFiles" > $WORKDIR/pass.list.$$
else
$GEN_PASSWD_SETS $WORKDIR/pass.list.$$
fi
for passwd_set in `$CAT $WORKDIR/pass.list.$$`
do
$CAT $passwd_set |
while read line
do
runawk="$AWK -F: '(\$3 <= $Tiger_Accounts_Trust) { print \$1 }'"
user=`echo $line | eval $runawk`
# This does not work since $Tiger_Accounts_Trust does not get expanded
# user=`echo $line | $AWK -F: '($3 <= $Tiger_Accounts_Trust) { print $1 }'`
# Note: root is removed since it is checked for in check_root
[ -n "$user" -a "$user" != "root" ] && [ -z "`$GREP \"^$user\" $FTPUSERS`" ] &&
message FAIL netw018f "" "Administrative user $user allowed access in $FTPUSERS"
done
[ ! -n "$Tiger_PasswdFiles" ] && delete $passwd_set $passwd_set.src
done
else
message FAIL netw020f "" "There is no $FTPUSERS file."
fi
delete $WORKDIR/pass.list.$$
exit 0
|