This file is indexed.

/usr/lib/tiger/scripts/check_logfiles is in tiger 1:3.2.3-8.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_logfiles - 11/10/2001
# 
# Check for the presence of a given number of logfiles and their permissions.
# Note that these check is operating system dependant.
#
# check_logfiles - 08/09/2001 - jfs - fixed to add GREP and WC to haveallcmds
#                  detected when testing in Solaris 8. Also changed == to =
#
# check_logfiles - 04/15/2003 - jfs - separated logfiles and umask checks
#                  added permission checks for the logfiles based on 
#                  Solaris recommendations. 
#                  Logfile location is no longer hardcoded but can be changed
#                  depending on $OS
# check_logfiles - 06/20/2003 - jfs - based on patch from Ryan Bradetich fixed
#                  logic errors in check_fileperm(). Updated the error codes to 
#                  match the appropriate descriptions.
#                  Also fixed a typo in MESSAGEs and modified the script to not
#                  warn if LOGINLOG does not exist (as is the Linux case)
#                  Also, file permissions in systems in which WTMP and UTMP
#                  are group 'utmp' should be 664
# check_logfiles - 10/19/2003 - jfs - based on patch from Ryan Bradetich fixed
#                  location of logfiles for HP-UX, btmp file check, and btmp
#                  location for Linux (previously undefined)
# check_logfiles - 11/19/2003 - jfs - Modified -r to -f
#     (Checks should only determine wether the file exists, if its 
#     readable or not is irrelevant. As a matter of fact they might not be
#     if running a user != root. We don't care since we are not checking
#     file content)
# check_logfiles - 04/03/2004 - rbrad Added logfiles support for Tru64.
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds AWK || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------

echo
echo "# Checking for existence of log files..."

haveallcmds AWK || exit 1

check_fileperm () {
  file=$1
  permission=$2
  value=1
  realpermission=`getpermit $1 | $AWK '{ print $4$5$6$7$8$9$10$11$12 }' `
  [ "$realpermission" = "$permission" ]  && value=0
  return $value
}


#####
# Check various accounting files
#####
WTMP=/var/log/wtmp
BTMP=/var/log/btmp
LASTLOG=/var/log/lastlog
UTMP=/var/run/utmp
LOGINLOG=/var/log/loginlog
MESSAGES=/var/log/messages
SULOG=""

if [ "$OS" = "SunOS" ] ; then
	WTMP=/var/adm/wtmpx
	UTMP=/var/adm/utmpx
# Check: Note BTMP does not seem to exist
	BTMP=/var/adm/btmp
	LASTLOG=/var/adm/lastlog
	LOGINLOG=/var/adm/loginlog
	MESSAGES=/var/adm/messages
	SULOG=/var/adm/sulog
fi

if [ "$OS" = "Linux" ] ; then
# Loginlog does not exist
# Btmp does exist (see lastb(1))
	LOGINLOG=""
fi

if [ "$OS" = "HPUX" ] ; then
	WTMP=/var/adm/wtmp
	BTMP=/var/adm/btmp
	LASTLOG=""
	UTMP=/etc/utmp
	LOGINLOG=""
	MESSAGES=""
fi

if [ "$OS" = "Tru64" ]; then
	WTMP=/var/adm/wtmp
	BTMP=""
	LASTLOG=""
	UTMP=/var/adm/utmp
	LOGINLOG=""
	MESSAGES=""
fi

if [ ! -f "$WTMP" ] ; then
    #echo "...Warning: $WTMP does not exist"
    message FAIL logf001f "" "Log file $WTMP does not exist"
else
    group=`getpermit $WTMP | $AWK '{ print $3 }'`
    if [  "$group" = "utmp" ] ; then
        check_fileperm $WTMP 110110100 || 
       	message FAIL logf005f "" "Log file $WTMP permission should be 664"
    else
	check_fileperm $WTMP 110100100 || 
 	message FAIL logf005f "" "Log file $WTMP permission should be 644"
    fi
fi

if [ -n "$BTMP" ] ; then
    if [ ! -f "$BTMP" ] ; then
        #echo "...Warning: $BTMP does not exist"
        message FAIL logf002f "" "Log file $BTMP does not exist"
    else
        group=`getpermit $BTMP | $AWK '{ print $3 }'`
        if [ "$group" = "utmp" ] ; then
	    check_fileperm $BTMP 110110000 || 
 	    message FAIL logf005f "" "Log file $BTMP permission should be 660"
        else
	    check_fileperm $BTMP 110000000 || 
 	    message FAIL logf005f "" "Log file $BTMP permission should be 600"
	fi
    fi
fi

[ -n "$LASTLOG" -a ! -f "$LASTLOG" ] && 
    #echo "...Warning: $LASTLOG does not exist"
    message FAIL logf003f "" "Log file $LASTLOG does not exist"

if [ ! -f "$UTMP" ] ; then
    #echo "...Warning: $UTMP does not exist"
    message FAIL logf004f "" "Log file $UTMP does not exist"
else
    group=`getpermit $UTMP | $AWK '{ print $3 }'`
    if [  "$group" = "utmp" ] ; then
	check_fileperm $UTMP 110110100 || 
   	message FAIL logf005f "" "Log file $UTMP permission should be 664"
    else
	check_fileperm $UTMP 110100100 || 
	message FAIL logf005f "" "Log file $UTMP permission should be 644"
    fi
fi

if [ -n "$LOGINLOG" ] ; then
    if [ ! -f "$LOGINLOG" ] ; then
        #echo "...Warning: $LOGINGLOG does not exist"
        message FAIL logf006f "" "Log file $LOGINLOG does not exist"
    else
        check_fileperm $LOGINLOG 110000000 || 
    	    message FAIL logf005f "" "Log file $LOGINLOG permission should be 600"
    fi
fi

if [ -n "$SULOG" ] ; then
    if [ ! -f "$SULOG" ] ; then
        message FAIL logf006f "" "Log file $SULOG does not exist"
    else
        check_fileperm $SULOG 110000000 || 
    	    message FAIL logf005f "" "Log file $SULOG permission should be 600"
    fi
fi
 
if [ -n "$MESSAGES" ] ; then
    if [ ! -f "$MESSAGES" ] ; then
        #echo "...Warning: $MESSAGES does not exist"
        message FAIL logf007f "" "Log file $MESSAGES does not exist"
    else 
        check_fileperm $MESSAGES 110100000 || 
    	    message FAIL logf005f "" "Log file $MESSAGES permission should be 640"
    fi
fi
 
exit 0