checksecurity-2.0.16+nmu1/0000775000000000000000000000000012472117563012221 5ustar checksecurity-2.0.16+nmu1/Makefile0000664000000000000000000000315411206624161013653 0ustar # # This is the makefile for the Debian checksecurity package. # # It installs the software in $(PREFIX)/usr/sbin, etc. # PREFIX= CONFDIR=$(PREFIX)/etc PLUGINDIR=$(PREFIX)/usr/share/checksecurity install: clean install -d $(PREFIX)/usr/sbin install -d $(PREFIX)/usr/share/man/man8 install -d $(CONFDIR) install -d $(CONFDIR)/checksecurity install -d $(PLUGINDIR) cp bin/checksecurity $(PREFIX)/usr/sbin chown root:root $(PREFIX)/usr/sbin/checksecurity chmod 755 $(PREFIX)/usr/sbin/checksecurity cp man/checksecurity.8 $(PREFIX)/usr/share/man/man8 cp man/check-diskfree.8 $(PREFIX)/usr/share/man/man8 cp man/check-passwd.8 $(PREFIX)/usr/share/man/man8 cp man/check-setuid.8 $(PREFIX)/usr/share/man/man8 cp etc/check-setuid.conf $(CONFDIR)/checksecurity cp etc/check-socket.conf $(CONFDIR)/checksecurity chmod 744 $(CONFDIR)/checksecurity/check-setuid.conf chmod 744 $(CONFDIR)/checksecurity/check-socket.conf cp etc/check-passwd.conf $(CONFDIR)/checksecurity chmod 744 $(CONFDIR)/checksecurity/check-passwd.conf cp etc/check-diskfree.conf $(CONFDIR)/checksecurity chmod 744 $(CONFDIR)/checksecurity/check-diskfree.conf cp etc/global-checksecurity.conf $(CONFDIR)/checksecurity.conf cp plugins/check-* $(PLUGINDIR) chown root:root $(PLUGINDIR)/check-* chmod 755 $(PLUGINDIR)/check-* chmod -x $(CONFDIR)/checksecurity/*.conf uninstall: rm -f $(PREFIX)/usr/sbin/checksecurity rm -f $(PREFIX)/usr/share/man/man8/checksecurity.conf.8 rm -f $(CONFDIR)/checksecurity.conf rm -rf $(CONFDIR)/checksecurity rm -rf $(PLUGINDIR) clean: -find . -name '*~' -print | xargs rm -f -rm -f build-stamp -rm -f debian/files checksecurity-2.0.16+nmu1/TODO0000664000000000000000000000752411206625360012712 0ustar Move to 'standard' priority. (post-sarge) * Set this package to 'standard' priority, we want our users to have a limited set of security checks by default even those the ones provided here still need to be improved (Closes: #197563) Document the code properly. - Include also documentation of new options ('debug' through GetStdd::Long) - The 'period' optional argument in checksecurity needs to be added to the manpage - Write a manpage for check-socket Fix errors in setuid script: - Specially #257395 and #102186, the first one spouts false negatives and the second one makes the check fail sometimes in network drives. Add getopt processing for checksecurity. - DONE but undocumented Add more tests. See #163813 and the following discussions: http://lists.debian.org/debian-devel/2002/12/msg01517.html and http://lists.debian.org/debian-devel/2002/12/msg01566.html See also - OpenBSD /etc/security http://www.openbsd.org/cgi-bin/cvsweb/src/etc/security?rev=1.54&content-type=text/x-cvsweb-markup - SuSE's seccheck http://www.suse.de/~marc/seccheck.html - Mandrake's msec http://freshmeat.net/projects/msec/ ------------------------------------------------------------------------- Currently checksecurity will *only* do checks regarding SUID files which is kind of misleading (since one would like 'checksecurity' to be a security check and not just that). While reading an article about Security in Linux distributions [1] y found out that SUSE's checksecurity [2] will do quite a little bit more and it is, in fact, GPLd (what a surprise, available here [3]) I would like checksecurity to do more than SUID changes. I'm not sure, however, of which features should be enabled by default. Some of this checks are already done by Tiger (see [4]) and I'm not sure I want checksecurity to do all of them (since they might be a little too much) From seccheck's README: The following daily checks are done: /etc/passwd check : length/number/contents of fields, accounts with same uid accounts with uid/gid of 0 or 1 beside root and bin /etc/shadow check : length/number/contents of fields, accounts with no password /etc/group check : length/number/contents of fields user root checks : secure umask and PATH /etc/ftpusers : checks if important system users are put there /etc/aliases : checks for mail aliases which execute programs .rhosts check : checks if users' .rhosts file contain + signs homedirectory : checks if homedirectories are writable or owned by someone else dot-files check : checks many dot-files in the homedirectories if they are writable or owned by someone else mailbox check : checks if user mailboxes are owned by user and unreadable NFS export check : exports should not be exported globaly NFS import check : NFS mounts should have the "nosuid" option set promisc check : checks if network cards are in promiscious mode list modules : just lists loaded modules list sockets : just lists open ports The following weekly checks are done: password check : runs john to crack the password file, user will get an email notice to change his password asap rpm md5 check : checks for changed files via rpm's md5 checksum feature suid/sgid check : lists all suid and sgid files exec group write : lists all executables which are group/world writeable writable check : lists all files which are world writable (incl. above) device check : lists all devices The following monthly things are done: The monthly file is not a diff like the daily/weekly ones but the full reports in one file. [1] http://www.linuxjournal.com/article.php?sid=6362&mode=thread&order=0 ------------------------------------------------------------------------- Tue, 15 Mar 2005 01:53:52 +0100 Javier Fernandez-Sanguino checksecurity-2.0.16+nmu1/man/0000775000000000000000000000000012472115033012762 5ustar checksecurity-2.0.16+nmu1/man/check-passwd.80000664000000000000000000000213612472115005015430 0ustar .\" -*- nroff -*- .TH CHECK-PASSWD 8 "2 February 1997" "Debian Linux" .SH NAME check-passwd \- check for empty or duplicate system accounts. .SH SYNOPSIS .B check-passwd .SH DESCRIPTION The .B check-passwd is a plugin run by the .B checksecurity command. It scans the system password file, and looks for either duplicate accounts or accounts without a password set. This is a plugin which is invoked by .B checksecurity (8) if enabled. .SH CONFIGURATION The .B check-passwd.conf file defines the configuration variables: .BR CHECK_PASSWORD_WARN_UIDS and .BR CHECK_PASSWORD_WARN_DUPLICATES Each is described below. .PP The .B CHECK_PASSWORD_WARN_EMPTY variable controls whether this script will warn about accounts with empty passwords. Valid values are .B TRUE or .B FALSE The .B CHECK_PASSWORD_WARN_UIDS variable controls whether this script will warn about duplicate accounts sharing the same UID within the passwords file. Valid values are .B TRUE or .B FALSE .SH FILES .TP .I /etc/checksecurity.conf Specifies whether this script is invoked .TP .I /etc/checksecurity/check-passwd.conf The configuration file. checksecurity-2.0.16+nmu1/man/check-setuid.80000664000000000000000000000760012472114767015443 0ustar .\" -*- nroff -*- .TH CHECKS-SETUID 8 "2 February 1997" "Debian Linux" .SH NAME check-setuid \- check for changes to setuid programs .SH SYNOPSIS .B check-setuid .SH DESCRIPTION The .B check-setuid is a plugin run by the .B checksecurity command. It scans the mounted files systems (subject to the filter defined in /etc/checksecurity.conf) and compares the list of setuid programs to the list created on the previous run. Any changes are printed to standard output. Also, it generates a list of .I nfs and .I afs filesystems that are mounted insecurely (i.e. they are missing the .I nodev and either the .I noexec or .I nosuid flags). .PP .B checksecurity is run by .B cron on a daily basis, and the output stored in /var/log/setuid/setuid.changes. .SH CONFIGURATION The .B checksecurity.conf file defines several configuration variables: .BR CHECKSECURITY_FILTER , .BR CHECKSECURITY_NOFINDERRORS , .BR CHECKSECURITY_NONFSAFS , .BR CHECKSECURITY_EMAIL , .BR CHECKSECURITY_DEVICEFILTER , .BR CHECKSECURITY_PATHFILTER , and .BR LOGDIR . Each is described below. .PP The .B CHECKSECURITY_FILTER environment variable which is the argument of 'grep \-vE' applied to the output of the .B mount command. In other words, the value of .B CHECKSECURITY_FILTER is a regular expression that removes matching lines from those file systems that will be scanned. The default value removes all file systems of type .I proc, bind, msdos, iso9660, ncpfs, nfs, afs, .I smbfs, auto, ntfs, coda file systems, anything mounted on /dev/fd*, anything mounted on /mnt or /amd, and anything mounted with option nosuid or noexec. .PP The .B checksecurity.conf file is sourced from .B checksecurity, so you could do some fairly tricky things to define .BR CHECKSECURITY_FILTER . .PP The .B CHECKSECURITY_NOFINDERRORS environment variable, if set to the literal "TRUE", disables find errors from checksecurity (actually, it re\-routes them to .B /dev/null ). .PP The .B CHECKSECURITY_NONFSAFS environment variable, if set to the literal "TRUE", disables the message about .I nfs and .I afs file systems that are mounted without the .I nodev and either the .I noexec or .I nosuid options. .PP If set, the .B CHECKSECURITY_EMAIL variable defines who is sent a copy of the setuid.changes file. .PP The .B CHECKSECURITY_DEVICEFILTER variable specifies a .B find clause for which matching block and character device files will not be monitored for changing owners and permissions. For example, if you don't want to check for permission changes on tty device files beneath /dev, you could set the following: .PP .RS CHECKSECURITY_DEVICEFILTER='\-path /dev/tty*' .RE .PP Note that any added or modified suid programs under that path would still be detected. If you want to specify multiple expressions, separate them with '\-o', but there is no need to surround the whole clause with parentheses. To disable this filter, specify it as \&'\-false' (which is the default). .PP Note that if the system gets restarted often checksecurity will report a lot of changes in the /dev/ subdirectory due to timestamp changes. In this case you might want to change it to: .PP .RS CHECKSECURITY_DEVICEFILTER='\-path /dev/' .RE .PP The .B CHECKSECURITY_PATHFILTER variable specifies a .B find clause which will be pruned from the search path. .B This means that the entire subtree will be completely skipped. Thus, specifying .PP .RS CHECKSECURITY_PATHFILTER='\-path /var/ftp' .RE .PP then the entire /var/ftp tree will be skipped. To disable this filter, specify it as '\-false' (which is the default). .PP .B LOGDIR sets the name of the directory which stores the files which track the permission and ownership changes. By default, they are in .BR /var/log/setuid . .SH FILES .TP .I /etc/checksecurity.conf checksecurity configuration file .TP .I /var/log/setuid/setuid.today setuid files from the most recent run .TP .I /var/log/setuid/setuid.yesterday setuid files from the previous run checksecurity-2.0.16+nmu1/man/checksecurity.80000664000000000000000000000275212472114710015727 0ustar .\" -*- nroff -*- .TH CHECKSECURITY 8 "2 February 1997" "Debian Linux" .SH NAME checksecurity \- Run a collection of simple system checks .SH SYNOPSIS .B checksecurity .SH DESCRIPTION The .B checksecurity command runs a small collection of simple system checks which are designed to catch a few common security issues. .B checksecurity is run by .B cron in a daily basis. .SH CONFIGURATION The .B checksecurity.conf file defines several configuration variables: .BR MAILTO, .BR CHECK_DISKFREE , .BR CHECK_PASSWD and .BR CHECK_SETUID .BR LOGDIR . Each is described below. .PP The checksecurity program works with a collection of plugins which are located in /usr/share/checksecurity and are configured individually by their own configuration file. .B CHECK_PASSWD If this is set to .B TRUE then the check-passwd script will be invoked. This script is designed to report upon system accounts which have no passwords. .B CHECK_DISKFREE If this is set to .B TRUE then the check-diskfree script will be invoked and will allow an alert to be sent if there is any mounted partition is running short on disk space. .B CHECK_SETUID If this is set to .B TRUE then the check-setuid script will be invoked, this will compare the setuid binaries upon the system to those that existed previously and show the differences. .SH FILES .TP .I /etc/checksecurity.conf checksecurity configuration file .SH "SEE-ALSO" See also .BR check-diskfree (8), .BR check-setuid (8), .BR check-passwd (8) and .BR check-iptables-logs (8) checksecurity-2.0.16+nmu1/man/check-iptables-logs.80000664000000000000000000000147612472115032016702 0ustar .\" -*- nroff -*- .TH CHECK-IPTABLES-LOGS 8 "21 February 2015" "Debian Linux" .SH NAME check-iptables-logs \- check iptables logs for intrusion attempts .SH SYNOPSIS .B check-iptables-logs .SH DESCRIPTION The .B check-iptables-logs is a plugin run by the .B checksecurity .B checksecurity command. It scans system logs and makes a summary of intrusion attempts that have been logged through the use of .B iptables The information extracted is printed on the standard output. .SH FILES .TP .I /etc/checksecurity.conf The configuration file for the .B checksecurity program. This file defines whether this plugin will be run or not and how often will be executed. .TP .I /var/log/messages The log file used (by default) to extract information from iptables logs. .SH "SEE ALSO" See also .BR checksecurity (8), .BR iptables (8) checksecurity-2.0.16+nmu1/man/check-diskfree.80000664000000000000000000000156312472114754015740 0ustar .\" -*- nroff -*- .TH CHECK-DISKFREE 8 "2 February 1997" "Debian Linux" .SH NAME check-free \- check for mounted filesystems nearing capacity .SH SYNOPSIS .B check-diskfree .SH DESCRIPTION The .B check-diskfree is a plugin run by the .B checksecurity command. It scans mounted filesystems and allows alerts to be sent when usage exceeds a given threshold. This is a plugin which is invoked by .B checksecurity (8) if enabled. .SH CONFIGURATION The .B check-diskfree.conf file defines the configuration variable: .BR CHECK_DISK_PERCENT which is described below. .PP The .B CHECK_DISK_PERCENT variable is the percentage full the filesystem must be before an alert is sent. Valid values are any numerical value between 1 and 100. .SH FILES .TP .I /etc/checksecurity.conf Specifies whether this script is invoked .TP .I /etc/checksecurity/check-diskfree.conf The configuration file. checksecurity-2.0.16+nmu1/bin/0000775000000000000000000000000012472112426012762 5ustar checksecurity-2.0.16+nmu1/bin/checksecurity0000775000000000000000000001126710617723216015570 0ustar #!/usr/bin/perl # # Debian's checksecurity. # Runs a set of plugins which check the security of an installed # system. # # (c) 2003-2005 Steve Kemp , http://www.steve.org.uk # (c) 2005 Javier Fernandez-Sanguino # Licensed under the GNU General Public License # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # use strict; use Env; use Getopt::Long; my $opt_debug = 0; GetOptions( 'debug!' => \$opt_debug, ); # Are we root? if ( $> != 0 ) { print STDERR "Sorry, only root can run checksecurity"; exit 1; } # # The fixed settings we work with. # my $CONFIG = "/etc/checksecurity.conf"; my $PLUGIN_DIR = "/usr/share/checksecurity"; my $VERSION = "2.0.7"; # Argument determine which checks will be run my $period = "all"; $period = $ARGV[0] if defined $ARGV[0]; # Accepted periods if ( $period !~ /^(all|daily|weekly)$/ ) { print STDERR "Unknown period requested ($period) reverting to 'all'\n"; $period = "all"; } # Copy of the environmental variables. my %SAFE_ENV = %ENV; # Environmental settings we read from the configuration file. my %GLOBAL_ENV = (); # The environment that we send to the plugins we call. my %PLUGIN_ENV = (); # # Source the configuration file. # if ( -e $CONFIG ) { %GLOBAL_ENV = readConfig( $CONFIG ); } else { print <) ) { chomp $line; if ($line =~ s/\\$//) { $line .= ; redo unless eof(FILY); } # Skip lines beginning with comments next if ( $line =~ /^([ \t]*)\#/ ); # Skip blank lines next if ( length( $line ) < 1 ); # Strip trailing comments. if ( $line =~ /(.*)\#(.*)/ ) { $line = $1; } # Find variable settings if ( $line =~ /([^=]+)=([^\n]+)/ ) { my $key = $1; my $val = $2; # Strip leading and trailing whitespace. $key =~ s/^\s+//; $key =~ s/\s+$//; $val =~ s/^\s+//; $val =~ s/\s+$//; # Strip enclosing "'s if ( $val =~ /^['"](.*)['"]$/ ) { $val = $1; } # Store value. $HASH{ $key } = $val; } } close(FILY); return(%HASH); } checksecurity-2.0.16+nmu1/README.Debian0000664000000000000000000000226510617724541014266 0ustar checksecurity ------------- checksecurity is a simple package which will scan your system for several simple security holes. It uses a simple collection of plugins, all of which are shell scripts which are configured by environmental variables. This release is the first release featuring this modularisation so there may well be bugs lying the code. Plugins ------- Plugins are located in /usr/share/checksecurity, with a prefix of 'check-'. These files are each given the contents of the configuration file '/etc/checksecurity/name.conf' in their environment. The scripts and configuration files are all documented in the included in manpages. Tests ----- Currently the plugins supplied perform the following tests: check_passwd: * Check for more than one UID 0 account in /etc/passwd * Check for accounts with no passwords. * Check for accounts with login == password. check_setuid: * Check permissions on setuid files within the system. check_diskfree * Check that all mounted partitions do not exceed a given threshold of used space. Feedback -------- Ideas and contributed scripts would be appreciated. Steve -- www.steve.org.uk checksecurity-2.0.16+nmu1/debian/0000775000000000000000000000000012672014446013441 5ustar checksecurity-2.0.16+nmu1/debian/postinst0000664000000000000000000000155210617730050015243 0ustar #!/bin/sh -e # # Tell the user about the old configuration file. # . /usr/share/debconf/confmodule if [ "$1" = "configure" ] && [ -z "$2" ] && [ -f /etc/checksecurity.conf.cron ] ; then db_input low checksecurity/oldconf || true db_go || true fi db_stop # # If there is not a /var/log/setuid directory create it, and move # any old logfiles into it. # if [ ! -d /var/log/setuid ]; then mkdir -m 750 /var/log/setuid chown root:adm /var/log/setuid || true for file in /var/log/setuid.yesterday /var/log/setuid.today /var/log/setuid.changes \ /var/log/setuid.changes.*; do [ ! -e $file ] || mv $file /var/log/setuid done fi # # If there is no /var/log/checksecurity directory create it, and move # if [ ! -d /var/log/checksecurity ]; then mkdir -m 750 /var/log/checksecurity chown root:adm /var/log/checksecurity || true fi #DEBHELPER# exit 0 checksecurity-2.0.16+nmu1/debian/control0000664000000000000000000000313712672014446015050 0ustar Source: checksecurity Section: admin Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Javier Fernández-Sanguino Peña Standards-Version: 3.6.1 Build-Depends-Indep: debhelper (>= 4.1.16) Package: checksecurity Architecture: all Depends: cron (>= 3.0pl1-74) | anacron, debconf (>= 0.5) | debconf-2.0, perl (>= 5.8.0), util-linux (>= 2.15~rc1-1) Recommends: logcheck Suggests: apt-watch | cron-apt, lockfile-progs, tiger, tripwire | integrit | aide | samhain | fcheck, debsecan Conflicts: lockfile-progs (<< 0.1.7) Replaces: cron Provides: Description: basic system security checks Checksecurity can periodically do some very basic system security checks: . * check-setuid - scans for insecurely mounted remote file systems, and tracks changes in setuid programs; * check-sockets - tracks changes in open ports to detect rogue programs; * check-passwd - scans for empty or duplicate system accounts; * check-disfree - scans for mounted filesystems nearing capacity; * check-iptables-logs - scans logs generated by iptables and look for intrusion attempts. . Be aware that these minimal set of checks are no substitute for a full security auditing and integrity checking system. . In addition to these checks you are encourage to install additional packages (listed in "Recommends") to provide more information concerning the security or vulnerability of your system. . Installing the suggested package lockfile-progs can help to prevent the cron jobs running multiple times if something gets jammed. checksecurity-2.0.16+nmu1/debian/substvars0000664000000000000000000000005410314110772015405 0ustar misc:Depends=debconf (>= 0.5) | debconf-2.0 checksecurity-2.0.16+nmu1/debian/docs0000664000000000000000000000001507731235524014312 0ustar README.Debianchecksecurity-2.0.16+nmu1/debian/preinst0000664000000000000000000000146510027564554015060 0ustar #!/bin/sh # # Move the existing checksecurity.conf out of the way if this is a new # install, so that we don't get bogus "file has been edited"" # interactions from dpkg, and so that I don't completely lose # /etc/checksecurity.conf under certain circumstances. if [ "$1" = "install" -a -z "$2" -a -f "/etc/checksecurity.conf" ] ; then mv /etc/checksecurity.conf /etc/checksecurity.conf.cron fi # Resort /var/log/setuid.today if upgrading from 2.0.5 or earlier if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" "<<" "0.2.5.1" then cp /var/log/setuid.today /var/log/setuid.preupgrade >/dev/null 2>&1 # Only continue if the above worked (disk full?) if [ "$?" -eq 0 ] then cat /var/log/setuid.preupgrade | sort -k 12 > /var/log/setuid.today rm -f /var/log/setuid.preupgrade fi fi #DEBHELPER# checksecurity-2.0.16+nmu1/debian/po/0000775000000000000000000000000012472117012014046 5ustar checksecurity-2.0.16+nmu1/debian/po/nl.po0000664000000000000000000000331710122652424015024 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.5.1\n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2004-03-22 17:14+0100\n" "Last-Translator: Luk Claes \n" "Language-Team: Debian l10n Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Oude configuratie samenvoegen?" #. Description #: ../templates:3 msgid "This is your initial install of the checksecurity package, and you had an existing checksecurity.conf file from the cron package. The old configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you had modified your configuration, you may want to merge those changes into the new /etc/checksecurity.conf file from this package." msgstr "Dit is uw eerste installatie van het checksecurity-pakket, en u heeft een bestaand checksecurity.conf-bestand van het cron-pakket. Het oude configuratiebestand is bewaard als \"/etc/checksecurity.conf.cron\". Als u uw configuratie had aangepast, kunt u deze wijzigingen samenvoegen met het nieuwe /etc/checksecurity.conf-bestand van dit pakket." checksecurity-2.0.16+nmu1/debian/po/tr.po0000664000000000000000000000307712472117013015043 0ustar # Turkish translation of checksecurity package # Copyright (C) 2014 Mert Dirik # This file is distributed under the same license as the checksecurity package. # Mert Dirik , 2014. # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.15\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2013-10-04 14:39+0000\n" "PO-Revision-Date: 2014-08-30 22:42+0200\n" "Last-Translator: Mert Dirik \n" "Language-Team: Debian L10n Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 1.5.4\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Eski yapılandırmayı birleştir" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "'checksecurity' paketini ilk defa kuruyorsunuz ve sisteminizde cron " "paketinden kaynaklı bir checksecurity.conf dosyası mevcut. Eski yapılandırma " "dosyası \"/etc/checksecurity.conf.cron\" konumunda saklanacak. Eğer bu " "yapılandırmayı değiştirdiyseniz, yaptığınız değişiklikleri yeni /etc/" "checksecurity.conf dosyası ile birleştirmek isteyebilirsiniz." checksecurity-2.0.16+nmu1/debian/po/pt_BR.po0000664000000000000000000000355211001331150015405 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity_2.0.3\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-26 16:58-0200\n" "Last-Translator: Felipe Augusto van de Wiel (faw) \n" "Language-Team: l10n portuguese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "pt_BR utf-8\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Unir com a configuração antiga" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Esta é sua instalação inicial do pacote checksecurity e você possuía um " "arquivo checksecurity.conf fornecido pelo pacote cron. O antigo arquivo de " "configuração foi preservado com o nome de \"/etc/checksecurity.conf.cron\". " "Caso você tenha modificado sua configuração, você pode querer unir suas " "mudanças no novo arquivo /etc/checksecurity.conf deste pacote." checksecurity-2.0.16+nmu1/debian/po/es.po0000664000000000000000000000431110025147753015023 0ustar # check-security debconf translation to Spanish # Copyright (C) 2004 Software in the Public Interest # This file is distributed under the same license as the checksecurity package. # # Changes: # - Initial translation # Javier Fernandez-Sanguino Pea , 2004 # # # Traductores, si no conoce el formato PO, merece la pena leer la # documentacin de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traduccin al espaol, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traduccin de Debian al espaol # http://www.debian.org/intl/spanish/coordinacion # especialmente las notas de traduccin en # http://www.debian.org/intl/spanish/notas # # - La gua de traduccin de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.5\n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2004-01-20 20:54+0100\n" "Last-Translator: Javier Fernandez-Sanguino Pea \n" "Language-Team: Debian Spanish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-15\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Fusionar la configuracin antigua" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Esta es la primera vez que instala el paquete checksecurity, sin embargo, " "tiene el fichero checksecurity.conf del paquete cron. Esta configuracin " "antigua ha sido preservada movindola al fichero /etc/checksecurity.conf.cron. Quizs " "desee fusionar los cambios en el nuevo /etc/checksecurity.conf que provee " "este paquete." checksecurity-2.0.16+nmu1/debian/po/ru.po0000664000000000000000000000442511001330744015035 0ustar # translation of checksecurity_debconf_ru.po to Russian # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # # Yuri Kozlov , 2006. msgid "" msgstr "" "Project-Id-Version: 2.0.7-10\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-27 10:15+0300\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.2\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Добавление старой конфигурации" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Выполнена только начальная установка пакета checksecurity; в вашей " "системе уже был файл checksecurity.conf из пакета cron. Старый " "конфигурационный файл будет сохранён под " "именем \"/etc/checksecurity.conf.cron\". Если вы делали в нём изменения " "самостоятельно, вам может потребоваться " "перенести эти изменения в новый файл /etc/checksecurity.conf " "этого пакета." checksecurity-2.0.16+nmu1/debian/po/fr.po0000664000000000000000000000343207757107712015037 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity (1.0.3)\n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2003-10-02 07:43+0100\n" "Last-Translator: Christian Perrier \n" "Language-Team: French \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-15\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Intgration de l'ancienne configuration" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Vous effectuez actuellement la premire installation de checksecurity et un " "fichier checksecurity.conf issu du paquet cron a t trouv. L'ancien " "fichier a t conserv sous le nom /etc/checksecurity.conf.cron . Si vous " "avez modifi cette configuration, il peut tre ncessaire reporter ces " "modifications dans le nouveau fichier /etc/checksecurity.conf install par " "ce paquet." checksecurity-2.0.16+nmu1/debian/po/da.po0000664000000000000000000000262310025147714015001 0ustar # translation of checksecurity_2.0.5_templates.po to Danish # Claus Hindsgaul , 2004. # msgid "" msgstr "" "Project-Id-Version: checksecurity_2.0.5_templates\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2004-02-19 16:37+0100\n" "Last-Translator: Claus Hindsgaul \n" "Language-Team: Danish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Flet gammel opstning" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Dette er din frste installation af pakken checksecurity, og du har en eksisterende " "opstningsfil checksecurity.conf fra cron-pakken. Den gamle opstningsfil " "er gemt som \"/etc/checksecurity.conf.cron\". Hvis du havde rettet i din opstning, " "kan du flette ndringerne ind i den nye /etc/checksecurity.conf-fil fra denne " "pakke." checksecurity-2.0.16+nmu1/debian/po/it.po0000664000000000000000000000315510617717330015036 0ustar # Italian (it) translation of debconf templates for checksecurity # Copyright (C) 2007 Free Software Foundation, Inc. # This file is distributed under the same license as the checksecurity package. # Luca Monducci , 2007. # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.7 italian debconf templates\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2007-04-07 10:18+0200\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Unire la precedente configurazione" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Questa la prima installazione del pacchetto checksecurity, per esiste gi " "il file checksecurity.conf fornito dal pacchetto cron. Il vecchio file di " "configurazione viene preservato come \"/etc/checksecurity.conf.cron\". Se in " "passato si modificato la propria configurazione, si potrebbe volere unire " "le modifiche gi effettuate nel nuovo /etc/checksecurity.conf fornito da " "questo pacchetto."checksecurity-2.0.16+nmu1/debian/po/pt.po0000664000000000000000000000264311043430265015037 0ustar # Portuguese translation of checksecurity's debconf messages. # 2006-11-29 - Rui Branco - initial translation # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.9\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-29 00:35+0000\n" "Last-Translator: Rui Branco \n" "Language-Team: Portuguese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Fazer 'merge' à configuração antiga" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Esta é a instalação inicial do pacote checksecurity, e possui um ficheiro " "checksecurity.conf do pacote cron. O seu ficheiro de configuração antigo " "foi preservado como \"/etc/checksecurity.conf.cron\". Se modificou a sua " "configuração, pode ter que fazer um 'merge' dessas alterações para o novo " "ficheiro /etc/checksecurity.conf deste pacote." checksecurity-2.0.16+nmu1/debian/po/cs.po0000664000000000000000000000331610214254564015024 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2005-01-21 14:16+0100\n" "Last-Translator: Jan Outrata \n" "Language-Team: Czech \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-2\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Slouen star konfigurace" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Toto je vae prvotn instalace balku checksecurity a mli jste " "soubor checksecurity.conf z balku cron. Tento star konfiguran " "soubor byl zachovn jako \"/etc/checksecurity.conf.cron\". Pokud jste " "zmnili nkter nastaven, mete chtt provst tyto zmny do novho " "souboru /etc/checksecurity.conf z toho balku." checksecurity-2.0.16+nmu1/debian/po/gl.po0000664000000000000000000000270210617717224015023 0ustar # Galician translation of checksecurity's debconf templates # This file is distributed under the same license as the checksecurity package. # Jacobo Tarrio , 2007. # msgid "" msgstr "" "Project-Id-Version: checksecurity\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2007-03-05 09:19+0100\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Inclúa a configuración antiga" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Esta é a súa instalación inicial do paquete checksecurity, pero xa tiña un " "ficheiro checksecurity.conf do paquete cron. O ficheiro de configuración " "antigo conservouse coma \"/etc/checksecurity.conf.cron\". Se modificou esa " "configuración, pode interesarlle incluír eses cambios no novo ficheiro /etc/" "checksecurity.conf deste paquete." checksecurity-2.0.16+nmu1/debian/po/POTFILES.in0000664000000000000000000000004407731235524015634 0ustar [type: gettext/rfc822deb] templates checksecurity-2.0.16+nmu1/debian/po/eu.po0000664000000000000000000000367411001330757015031 0ustar # translation of checksecurity.po to librezale # Piarres Beobide , 2006. # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. msgid "" msgstr "" "Project-Id-Version: checksecurity\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-28 21:54+0100\n" "Last-Translator: Piarres Beobide \n" "Language-Team: librezale \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" "X-Generator: KBabel 1.11.4\n" # Type: note # Description #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Konfigurazio zaharra bateratu" # Type: note # Description #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "Hau checksecurity paketearen lehen instalazioa da eta dagoeneko cron paketeko checksecurity.conf fitxategia duzu. Konfigurazio zaharra \"/etc/checksecurity.conf.cron\" bezala gordeko da. Konfigurazioa aldatu egin bazenu aldaketa hauek pakete honetarako /etc/checksecurity.conf fitxategi berrian bateratu nahi izan ditzakezu." checksecurity-2.0.16+nmu1/debian/po/templates.pot0000664000000000000000000000253307734357410016610 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" checksecurity-2.0.16+nmu1/debian/po/vi.po0000664000000000000000000000313511001331166015021 0ustar # Vietnamese Translation for checksecurity. # Copyright © 2005 Free Software Foundation, Inc. # Clytie Siddall , 2005. # msgid "" "" msgstr "Project-Id-Version: checksecurity 2.0.7-6\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-24 18:52+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0\n" "X-Generator: Mac PO Editor 1.0a9" #.Type: note #.Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Trộn cấu hình cũ" #.Type: note #.Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "Đây là lần đầu tiên cài đặt gói checksecurity (kiểm tra bảo mật), còn bạn đã có " "một tập tin cấu hình « checksecurity.conf » cũ từ gói « cron ». Tập tin cấu hình cũ này đã được giữ lại dạng « /etc/checksecurity.conf.cron ». Nếu bạn đã sửa đổi cấu hình chưa thì có thể muốn trộn các thay đổi đó với tập tin « /etc/checksecurity.conf » mới của gói này." checksecurity-2.0.16+nmu1/debian/po/ja.po0000664000000000000000000000326511043430326015005 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2004-03-13 22:16+0900\n" "Last-Translator: Kenshi Muto \n" "Language-Team: Japanese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=EUC-JP\n" "Content-Transfer-Encoding: 8bit\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "ŤΥޡ" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr " checksecurity ѥåκǽΥ󥹥ȡǤcron ѥå ¸ checksecurity.conf ե뤬ޤŤե \"/etc/checksecurity.conf.cron\" ȤƻĤƤޤѹƤΤǤСѹ򿷤ѥå /etc/checksecurity.conf ˥ޡΤ褤Ǥ礦" checksecurity-2.0.16+nmu1/debian/po/dz.po0000664000000000000000000000527611001331033015021 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: checksecurity\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2006-11-27 00:38+0530\n" "Last-Translator: yangka \n" "Language-Team: dzongkha \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2;plural=(n!=1);\n" "X-Poedit-Language: Dzongkha\n" "X-Poedit-Country: BHUTAN\n" "X-Poedit-SourceCharset: utf-8\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "རིམ་སྒྲིག་རྙིངམ་མཉམ་བསྡོམས་འབད་ནི།" #. Type: note #. Description #: ../templates:1001 msgid "This is your initial install of the checksecurity package, and you had an existing checksecurity.conf file from the cron package. The old configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you had modified your configuration, you may want to merge those changes into the new /etc/checksecurity.conf file from this package." msgstr "འ་ནི་འདི་ཁྱོད་ཀྱི་ཞིབ་དཔྱད་སྲུང་སྐྱོབ་ཐུམ་སྒྲིལ་གྱི་འགོ་ཐོག་གཞི་འཛུགས་ཨིནམ་དང་་ཁྱོད་ལུ་ཀོརཱོན་ཐུམ་སྒྲིལ་འདི་ལས་ཞིབ་དཔྱད་རིམ་སྒྲིག་ཡིག་སྣོད་ཡོད་བཞིན་པ་ཡོད། རིམ་སྒྲིག་ཡིག་སྣོད་རྙིངམ་དེ་\"/etc/checksecurity.conf.cron\"སྦེ་ཉམས་སྲུང་འབད་ཡོདཔ་ཨིན། ཁྱོད་རའི་རིམ་སྒྲིག་ལེགས་བཅོས་འབད་ཡོད་པ་ཅིན་ཁྱོད་རང་ཐུམ་སྒྲིལ་འདི་ལས་ གསརཔ་/ལ་སོགས་པ་/ཞིབ་དཔྱད་རིམ་སྒྲིག་ཡིག་སྣོད་ནང་བསྒྱུར་བཅོས་ཚུ་མཉམ་བསྡོམས་འབད་བཏུབ་ཨིན།" checksecurity-2.0.16+nmu1/debian/po/de.po0000664000000000000000000000360310214246232014777 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # Erik Schanze , 2004. # msgid "" msgstr "" "Project-Id-Version: checksecurity_2.0.5.2_templates\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2003-09-24 19:14+0100\n" "PO-Revision-Date: 2004-05-25 19:58+0200\n" "Last-Translator: Erik Schanze \n" "Language-Team: German \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.3.1\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Description #: ../templates:3 msgid "Merge old configuration" msgstr "Alte Einstellungen einbinden" #. Description #: ../templates:3 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Dies ist Ihre erste Installation des Paketes checksecurity und Sie haben " "schon eine Datei checksecurity.conf aus dem Paket cron. Die alte " "Konfigurationsdatei wurde als\"/etc/checksecurity.conf.cron\" erhalten. " "Wenn Sie Ihre Einstellungen geändert hatten, sollten Sie die Änderungen " "in die neue Datei /etc/checksecurity.conf dieses Paketes einbinden." checksecurity-2.0.16+nmu1/debian/po/sv.po0000664000000000000000000000334311001330727015036 0ustar # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. # , fuzzy # # msgid "" msgstr "" "Project-Id-Version: checksecurity 2.0.7-10\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2006-11-23 17:13+0100\n" "PO-Revision-Date: 2005-10-03 23:32+0200\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../templates:1001 msgid "Merge old configuration" msgstr "Flytta ver gammal konfiguration" #. Type: note #. Description #: ../templates:1001 msgid "" "This is your initial install of the checksecurity package, and you had an " "existing checksecurity.conf file from the cron package. The old " "configuration file was preserved as \"/etc/checksecurity.conf.cron\". If you " "had modified your configuration, you may want to merge those changes into " "the new /etc/checksecurity.conf file from this package." msgstr "" "Detta r din frsta installation av paketet checksecurity och du har redan " "en checksecurity.conf fil frn cron-paketet. Den gamla konfigurationsfilen " "blev arkiverad som \"/etc/checksecurity.conf.cron\". Om du har modifierat " "din konfiguration kanske du vill flytta ver de ndringarna till den nya /" "etc/checksecurity.conf frn detta paketet." checksecurity-2.0.16+nmu1/debian/checksecurity.cron.weekly0000664000000000000000000000215110314110513020446 0ustar #!/bin/sh # /etc/cron.weekly/checksecurity: Run the checksecurity script # Steve Greenland LOCKFILE=/var/lock/checksecurity.weekly # The logfile we write our changes into. LOGFILE=/var/log/checksecurity.log umask 022 # # Exit silently if the checksecurity package is not installed. (We may be # here just because we're conffile left over from a previous installation). # [ -e /usr/sbin/checksecurity ] || exit 0 # # # Avoid running more than one at a time -- could happen if the # checksecurity script lands on a network drive. # if [ -x /usr/bin/lockfile-create ] ; then lockfile-create $LOCKFILE if [ $? -ne 0 ] ; then cat <>"$LOGFILE" # # Clean up lockfile # if [ -x /usr/bin/lockfile-create ] ; then kill $LOCKTOUCHPID lockfile-remove $LOCKFILE fi checksecurity-2.0.16+nmu1/debian/changelog0000664000000000000000000005461412672015103015314 0ustar checksecurity (2.0.16+nmu1ubuntu1) xenial; urgency=medium * Merge from Debian unstable (LP: #1555357). Remaining changes: - Downgrade all Recommends to Suggests. * Do not downgrade logcheck to Suggests, it is in main. * Remove fcron from Depends, it is not in the archive. -- Nishanth Aravamudan Wed, 09 Mar 2016 12:45:49 -0800 checksecurity (2.0.16+nmu1) unstable; urgency=medium * Non-maintainer upload. * Use "find -perm /x" instead of "find -perm +x". Closes: #731944 -- Andreas Metzler Tue, 29 Dec 2015 14:06:01 +0100 checksecurity (2.0.16) unstable; urgency=medium * plugins/check-setuid: Prevent error from find by putting -ignore_readdir_race as first option (Closes: 714152) * plugins/check-iptables-logs, man/check-iptables-logs.8: Add new plugin to check for iptables logs and provide information of attacked ports, blacklisted hosts (using fail2ban), etc. * etc/global-checksecurity.conf: Add information for the new plugin, this is disabled by default (as systems might not have iptables configured and, even if enabled, there might not be a log target) * man/{check-diskfree.8,check-passwd.8,check-setuid.8}: Clarify that these plugins are written to be run by checksecurity. Some of the plugins might not work if missing some environment variables (which are defined by checksecurity) * man/checksecurity.8: Add a reference to the new plugin check-iptables-logs * debian/control: Improve the package description with the recommendations made by Justin B Rye (Closes: #688070) * debian/control: Add debsecan to the Recommends, this provides notification of vulnerabilities in the system and security updates (Closes: #253097) * etc/check-setuid.conf: Exclude more filesystems for the setuid checks as are system based filesystems * debian/po/tr.po: Add Turkish translation provided by Mert Dirik (Closes: #759874) -- Javier Fernández-Sanguino Peña Sat, 21 Feb 2015 15:35:45 +0100 checksecurity (2.0.15ubuntu1) utopic; urgency=low * Merge from Debian unstable. Remaining changes: - Downgrade all Recommends to Suggests. - Downgrade fcron from Depends to Suggest, it is in universe and we are already depending on anacron -- Michael Vogt Wed, 04 Jun 2014 08:18:20 +0200 checksecurity (2.0.15) unstable; urgency=medium * Fix bug in the CS_NFSAFS definition in etc/check-setuid.conf that prevents the script from matching any filesystem. This bug was, actually, making the script not do anything in the default configuration. (Closes: 724687) Thanks go to Alessandro Vesely for spotting this bug and providing a fix. * debian/control: Adjust the maintainer's name -- Javier Fernández-Sanguino Peña Sat, 28 Sep 2013 23:31:59 +0200 checksecurity (2.0.14ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #668500). Remaining changes: - Downgrade all Recommends to Suggests. - Downgrade fcron from Depends to Suggest, it is in universe and we are already depending on anacron -- Angel Abad Fri, 29 Oct 2010 21:36:58 +0200 checksecurity (2.0.14) unstable; urgency=low * plugins/check-setuid: - Integrate changes to from Ubuntu to make use of ionice when calling find. (Closes: #578640) - Use the -ignore_readdir_race option when calling find to avoid error messages when encountering stale files (Closes: #583809) * etc/global-checksecurity.conf: Adjust comments associated to CHECKSECURITY_EMAIL to point to bsd-mailx instead of mailx and remove reference to cron. (Closes: #541636) * debian/control: Depend on util-linux (>= 2.15~rc1-1) which provides ionice. * debian/compat: Change from 4 to 5 * debian/rules: Adjust calls to dh_clean -- Javier Fernandez-Sanguino Pen~a Wed, 27 Oct 2010 23:44:51 +0200 checksecurity (2.0.13ubuntu2) lucid; urgency=low [ Matt Zimmerman ] * plugins/check-setuid: Use ionice to set idle I/O scheduling priority for find(1) across the whole filesystem. [ James Westby ] * plugins/check-setuid: Use the -t option to ionice so that failures to set I/O priority don't stop the command running. - Depend on util-linux (>= 2.15~rc1-1) to ensure the feature is available. - Thanks Colin Watson. -- James Westby Wed, 21 Apr 2010 13:45:42 +0100 checksecurity (2.0.13ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - Downgrade all Recommends to Suggests. - Downgrade fcron from Depends to Suggest, it is in universe and we are already depending on anacron -- Muharem Hrnjadovic Wed, 03 Jun 2009 12:25:55 +0200 checksecurity (2.0.13) unstable; urgency=low * Do not report 'disk full' for filesystems mounted under /media. This includes the cdrom as well as possibly some other removal media like USB memories. Thanks to Tim Connors for detecting this bug and providing a patch (Closes: #514306) * Add some information in the both check-setuid's manpage and the configuration file related to false positives generated from /dev changes when a system is rebooted (due to changes in timestamps). And provide instructions on how to remove them. * Extend check-socket to make it possible to exclude certain lines from the output through the CHECKSECURITY_IGNORELINES variable. (Closes: #522749) * Added the 'lustre' filesystem to the network filesystem list in the default check-setuid.conf (Closes: #502421) * Change Makefile to include etc/check-socket.conf in the package. -- Javier Fernandez-Sanguino Pen~a Tue, 26 May 2009 01:14:49 +0200 checksecurity (2.0.12ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: LP: #370225) - Downgrade all Recommends to Suggests. - Downgrade fcron from Depends to Suggest, it is in universe and we are already depending on anacron -- Bhavani Shankar Fri, 01 May 2009 11:28:27 +0530 checksecurity (2.0.12) unstable; urgency=medium * Fix bug in plugins/check_sockets which prevented it from being actually useful. Thanks to Richard Kapolnai for detecting this bug and providing a patch. (Closes: #520654) -- Javier Fernandez-Sanguino Pen~a Sat, 21 Mar 2009 23:46:07 +0100 checksecurity (2.0.11ubuntu1) jaunty; urgency=low * Merge from Debian unstable (LP: #295260), Ubuntu remaining changes: - Downgrade all Recommends to Suggests. - Downgrade fcron from Depends to Suggest, it is in universe and we are already depending on anacron -- Pedro Fragoso Wed, 05 Nov 2008 02:28:39 +0000 checksecurity (2.0.11) unstable; urgency=low * Debconf Translation changes: - Included Portuguese debconf translation, submitted by Rui Branco (Closes: 489378) - Fixed "Project-Id-Version" field in Japanese translation -- Javier Fernandez-Sanguino Pen~a Mon, 28 Jul 2008 22:47:07 +0200 checksecurity (2.0.10) unstable; urgency=low * Remove chrony from the list of Depends: since it does not actually provide a task scheduler, change it to fcron (Closes: #478203, #479661) -- Javier Fernandez-Sanguino Pen~a Tue, 29 Apr 2008 02:46:50 +0200 checksecurity (2.0.9ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Downgrade all Recommends to Suggests. -- Michael Vogt Thu, 29 May 2008 09:59:37 +0200 checksecurity (2.0.9) unstable; urgency=low * The "where did I leave my head release" * Acknowledge the 2.0.7-10.1 NMU, the updated PO files from some languages had not been included in the 2.0.7 release * Do not search fuse filesystems by default (Closes: #467299) * Lintian fix: remove debian/files from source (Closes: 451054) * Allow users to select cron facility by depending on cron | anacron | chrony (Closes: 375058) -- Javier Fernandez-Sanguino Pen~a Wed, 16 Apr 2008 10:09:03 +0200 checksecurity (2.0.8) unstable; urgency=low * Make it (again) a Debian native package. * Add a new check-sockets plugin to check for open sockets. Default configuration will run this daily. * Modify check-setuid so that the changes are actually preserved (no .changes file were getting generated) * Change the logrotate definition so that it will not rotate empty files. * Introduce a /var/log/checksecurity/ where all the new plugin logs will get saved to. Preserve /var/log/setuid for the time being (but it should be moved there) -- Javier Fernandez-Sanguino Pen~a Tue, 08 May 2007 01:01:34 +0200 checksecurity (2.0.7-11ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - Downgrade all Recommends to Suggests. -- Michael Vogt Mon, 14 May 2007 13:01:51 +0200 checksecurity (2.0.7-11) unstable; urgency=low * New translations: - Galician translation provided by Jacobo Tarrio (Closes: #413460) - Italian translation provided by Luca Monducci (Closes: #418173) * Have etc/check-setuid.conf default LOGDIR point to /var/log/setuid * Consistent use of email alerts: - Move the CHECKSECURITY_EMAIL configuration file over to the global checksecurity configuration file as more than one script will use this. (check-setuid and check-diskfree at least) - Make checksecurity preserve the CHECKSECURITY_EMAIL environment variable for all plugins unless redefined in the plugin configuration file. - Make check-diskfree use CHECKSECURITY_EMAIL (instead of MAILTO) to mail the results of the diskfree check to the defined user. (Closes: #232951) * Remove CHECKSECURITY_GREPOUT definition from check-setuid (Closes: #334435) * Fix spelling errors in the (root) README.Debian file -- Javier Fernandez-Sanguino Pen~a Mon, 07 May 2007 23:48:14 +0200 checksecurity (2.0.7-10.1ubuntu1) feisty; urgency=low * Resynchronise with Debian. Remaining changes: - Downgrade all Recommends to Suggests. -- Colin Watson Tue, 19 Dec 2006 14:54:03 +0000 checksecurity (2.0.7-10.1) unstable; urgency=low * Non-maintainer upload to fix longstanding l10n issues * Debconf templates translations: - Swedish added. Closes: #331305 - Vietnamese added. Sent during the call for updates of the NMU campaign. - Brazilian Portuguese updated. Sent during the call for updates of the NMU campaign. - Russian added. Sent during the call for updates of the NMU campaign. - Dzongkha added. Sent during the call for updates of the NMU campaign. - Basque added. Sent during the call for updates of the NMU campaign. -- Christian Perrier Thu, 16 Nov 2006 06:01:25 +0100 checksecurity (2.0.7-10ubuntu1) edgy; urgency=low * Downgrade all Recommends to Suggests -- Matt Zimmerman Tue, 15 Aug 2006 10:22:13 -0700 checksecurity (2.0.7-10) unstable; urgency=low * Clean up all logfiles on purge as required by policy. * Modified checksecurity.weekly to use its own lockfile and fix the error message. We should not be using the same lockfile as checksecurity.daily since the tests being run by default don't overlap (Closes: #326871) * Use debhelper compatibility version 4 * Fixed FSF address in debian/copyright * Updated the debian/copyright file with new authors -- Javier Fernandez-Sanguino Pen~a Wed, 21 Sep 2005 00:43:14 +0200 checksecurity (2.0.7-9) unstable; urgency=low * Added dependancies for "| debconf-2.0" as requested by Joey Hess -- Javier Fernandez-Sanguino Pen~a Thu, 4 Aug 2005 19:08:46 +0200 checksecurity (2.0.7-8) unstable; urgency=low * Prevent the setuid checks from traversing AFS filesystems under /vicep (Closes: #320407) -- Javier Fernandez-Sanguino Pen~a Mon, 1 Aug 2005 21:25:16 +0200 checksecurity (2.0.7-7) unstable; urgency=low * Added Vietnamese debconf translation provided by Clytie Siddall (Closes: #309632) * Recommend logwatch as an alternative to logcheck (Closes: #315019) -- Javier Fernandez-Sanguino Pen~a Sat, 9 Jul 2005 15:43:04 +0200 checksecurity (2.0.7-6) unstable; urgency=low * Checksecurity checks if you are root (effective uid) before running and so does the check-passwd plugin too. * Proper GPL header to the checksecurity program as well as to all of the plugins. -- Javier Fernandez-Sanguino Pen~a Thu, 7 Apr 2005 09:28:24 +0200 checksecurity (2.0.7-5) unstable; urgency=low * Added new configuration files to the conffiles definition (lintian error) -- Javier Fernandez-Sanguino Pen~a Tue, 22 Mar 2005 02:25:20 +0100 checksecurity (2.0.7-4) unstable; urgency=low * Use proper user for the logrotation facility (Closes: #299896) -- Javier Fernandez-Sanguino Pen~a Thu, 17 Mar 2005 09:24:44 +0100 checksecurity (2.0.7-3) unstable; urgency=low * Fix postinst's check for files so that the return code is always true, have the script run with -e and add also an 'exit 0' return status in any case. (Closes: #299811) -- Javier Fernandez-Sanguino Pen~a Thu, 17 Mar 2005 01:19:29 +0100 checksecurity (2.0.7-2) unstable; urgency=low * Adopted package (Closes: #298573) * Have the check_diskfree plugin mail to root the results of the test, if defined. Notice that the environment is currently cleaned up so that it will not work yet properly. This is the patch available in #232951 * Fixed the formatting issue in the check-setuid.8 manpage with the patch provided by Nicolas Francois (Closes: #274428) * Fixed the reference to checksecurity.conf in bin/checksecurity, the message now refers to checksecurity(8) (Closes: #276950) * Create /var/log/setuid with proper permissions (750), also, move the files in postinst through a loop checking first if they exist (Closes: #297691) * Rotate /var/log/setuid.changes, /var/log/diskfree.log and /var/log/checksecurity.log through logrotate instead of having this in the cron task, use dh_installlogrotate to install this. * Add Getopt::Long usage to bin/checksecurity and define a debug (-d or --debug option) (currently undocumented) * Introduce a 'period' argument in checksecurity (currently undocumented) which determines what checks should it run: - Modify global-checksecurity.conf so that diskfree and passwd checks are run daily and setuid is run weekly - Create a new checksecurity-weekly cron task that will run setuid This closes two long-standing bugs since users can adjust the configuration now to their needs. (Closes: #138484, #31902) * Recommend: Tiger, logcheck, and integrity checkers, also suggest some programs to check if newer packages are available, as bug #163813 has not been closed yet. This is an interim solution in order to warn users that there are more (advanced) security checks available they might want to implement in addition to checksecurity. * Added Czech po-debconf translation provided by Jan Outrata (Closes: #291576) -- Javier Fernandez-Sanguino Pen~a Fri, 11 Mar 2005 08:46:43 +0100 checksecurity (2.0.7-1) unstable; urgency=low * Removed obsolete documentation and support for CHECKSECURITY_DISABLE. This is handled in checksecurity.conf now. * Updated version number. * Switched to a non-Debian native package. * Avoid searching for setuid files on filesystems of type shfs and lufs. (Closes: #272402) * Place all the setuid logfiles in /var/log/setuid instead of /var/log. Move existing files into place on upgrade. (Closes: #164665) (Closes: #59809) * Added the German debconf translation. (Closes: #250944) Thanks to Erik Schanze. -- Steve Kemp Mon, 20 Sep 2004 22:04:11 +0000 checksecurity (2.0.6) unstable; urgency=low * Respect the NMU from Javier, much appreciated. * Cause the cronjob to terminate quietly if checksecurity doesnt exist. (Closes: #240462) * Included cifs in the list of network filesystems to ignore. (Closes: #268058) * Added the nl.po debconf translation. (Closes: #241422) Many thanks to Luk and the l10n-dutch team. * Updated standards version to 3.6.1 -- Steve Kemp Fri, 17 Sep 2004 22:02:58 +0000 checksecurity (2.0.5.2) unstable; urgency=low * NMU fixing bugs introduced in previous NMU (approved by maintainer) - Preinst now sorts /var/log/setuid.today before the upgrade (Closes: #239340) - Check_setuid does not guard against CHECKSECURITY_EMAIL being undefined since it's disabled per default (Closes: #239336) - Introduced an alternative fix for the Arla partitions and add new arla type 'nnpfs' and 'binfmt_misc' (Closes: #239314) -- Javier Fernandez-Sanguino Pen~a Mon, 22 Mar 2004 14:26:13 +0100 checksecurity (2.0.5.1) unstable; urgency=low * NMU with maintainer's approval (note this is not related to the BSP, that's why it's uploaded to 0-day) - Added sysfs to CS_TYPES (Closes: #229723) - Updated Spanish debconf translation provided by Javier Fernandez-Sanguino (Closes: #229010) - Added Danish debconf translation provided by Claus Hindsgaul (Closes: #233705) - Updated Japanese debconf translation provided by Kenshi Muto (Closes: #237781) - Sort setuid files by name instead of by inode # (Closes: #202077) - Guard against undefined vars in check-setuid(Closes: #154390) - Fixed typo in check-diskfree.conf (Closes: #229104) - Added LOGFILE definition in cron task, this would make it easier to switch to a different logfile in order to fix #232951. However, the older LOGFILES would need to be handled in order to avoid cruft in the system. - Added a README.Debian that explains why the conffile is handled as it is (Closes: #198933) - Check-diskfree now guards agains undefined vars and handles mount points with spaces in the patch (Closes: #190928) - Added comment in checksecurity.conf file indicating how you can disable check-setuid completely. This will have to suffice until check-security provides a better mechanism for fine-grane control of plugin execution (Closes: #177120) - Filter only xfs mounts if the devine name is arla (Closes: #171980) -- Javier Fernandez-Sanguino Pen~a Sun, 14 Mar 2004 22:29:16 +0100 checksecurity (2.0.5) unstable; urgency=low * Applied the Brazilian Portuguese translation to Debconf. (Closes: #218818) thanks to Andre Luis Lopes * Applied the updated French debconf translations. (Closes: #213791) thanks to Christian Perrier. * No output from check-diskfree unless there is at least one "error". -- Steve Kemp Thu, 20 Nov 2003 09:53:42 +0000 checksecurity (2.0.4) unstable; urgency=low * Fixed the last remaining bash-ism. (Closes: #216487) (Closes: #21650) (Closes: #214564) (Closes: #217419) * Depend upon Perl. (Closes: #219363) * Document plugin directory correctly in manpage for checksecurity (Closes: #215758) * Mention 'check-diskfree' in README.Debian (Closes: 218734) -- Steve Kemp Sat, 15 Nov 2003 20:45:02 +0000 checksecurity (2.0.3) unstable; urgency=low * Don't use obsolete diff option. (Closes: #214125) Thanks to Aaron Schrab * Only test filesystems for size which start with '/' This means we work with regardless of local. (Closes: #212710) thanks to Hile Tuohela * Removed several bashisms from check-setuid (Closes: #212650) * Added manpages for `check-diskfree` and `check-passwd` -- Steve Kemp Thur, 09 Oct 2003 22:24:10 +0000 checksecurity (2.0.2) unstable; urgency=low * Only test for empty passwords if /etc/shadow exists. (Closes: #212587) * Testing for free disk space now succeeds when the mount point has a long name. (Closes: #212388) Thanks to Chung-chieh Shan for the patch. * All relevent files in /etc/ are now marked as conffiles. (Closes: #212586) * Install the manpage into the correct directory. * Ignore mountpoints of type xfs. (Closes: #171980) * Added Japanese debconf tranlations. (Closes: #210712) Thanks to Kenshi Muto for the translation. -- Steve Kemp Wed, 23 Sep 2003 18:44:48 +0000 checksecurity (2.0.1) unstable; urgency=low * Fixed the handling of the check-setuid.conf file. (Closes: #212306) thanks to Michael Schuerig * Use ':' instead pf '.' when using chown. (Closes: #205369). * Applied a patch to clearup the check-setuid.conf file. (Closes: #210242) thanks to Andrew Shugg. -- Steve Kemp Tue, 22 Sep 2003 10:23:11 +0000 checksecurity (2.0.0) unstable; urgency=low * Created new configuration file. * Created makefile installation system. -- Steve Kemp Tue, 26 Aug 2003 20:58:02 +0000 checksecurity (1.0.4) unstable; urgency=low * This is the penultimate release before we move to a more comprensive plugin based system. You have been warned. * Switched to gettext-based debconf templates (Closes: #205801) thanks to Christian Perrier * Added French translation of gettext templates (Closes: #207117) thanks to Christian Perrier * Fixed typo in checksecurity.conf * Ignore mounts of type "bind" (Closes: #176090) thanks to Martin Schwenke -- Steve Kemp Mon, 25 Aug 2003 23:37:27 +0000 checksecurity (1.0.3) unstable; urgency=low * Updated the maintainer field, to make me the effective maintainer. -- Steve Kemp Wed, 16 Jul 2003 08:37:22 +0000 checksecurity (1.0.2) unstable; urgency=low * New maintainer. -- Steve Kemp Tues, 14 Jul 2003 09:11:20 +0000 checksecurity (1.0.1) unstable; urgency=low * Add overrides file for two lintian warnings. Debconf is used solely to display a message in the postinst on initial installation. It can't be done in the configuration stage because it must happen after the cron install. * Add missing debconf dependency. -- Steve Greenland Sun, 8 Jun 2003 15:20:13 -0500 checksecurity (1.0.0) unstable; urgency=low * Split from cron package * Only rotate setuid.changes if size > 0 (closes: #176995) -- Steve Greenland Sun, 8 Jun 2003 15:18:08 -0500 checksecurity-2.0.16+nmu1/debian/compat0000664000000000000000000000000211462117223014630 0ustar 5 checksecurity-2.0.16+nmu1/debian/overrides0000664000000000000000000000010707731235524015366 0ustar checksecurity: no-debconf-config checksecurity: postinst-uses-db-input checksecurity-2.0.16+nmu1/debian/templates0000775000000000000000000000065507731235524015375 0ustar Template: checksecurity/oldconf Type: note _Description: Merge old configuration This is your initial install of the checksecurity package, and you had an existing checksecurity.conf file from the cron package. The old configuration file was preserved as "/etc/checksecurity.conf.cron". If you had modified your configuration, you may want to merge those changes into the new /etc/checksecurity.conf file from this package. checksecurity-2.0.16+nmu1/debian/dirs0000664000000000000000000000014607731235524014330 0ustar etc etc/checksecurity usr/sbin usr/share/checksecurity usr/share/man/man8 usr/share/lintian/overrides checksecurity-2.0.16+nmu1/debian/postrm.debhelper0000664000000000000000000000027510314110772016633 0ustar # Automatically added by dh_installdebconf if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule db_purge fi # End automatically added section checksecurity-2.0.16+nmu1/debian/copyright0000664000000000000000000000216310314111273015361 0ustar Modifications for Debian GNU/Linux Copyright 1994 Ian Jackson; checksecurity script: Copyright (C) 1994 Ian Jackson Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002 Steve Greenland Copyright (C) 2003-2005 Steve Kemp Copyright (C) 2005 Javier Fernandez-Sanguino The `checksecurity' script and its associated files (checksecurity.8 and checksecurity.conf) are free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. A copy of the GNU General Public License is available as `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. You can also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA checksecurity-2.0.16+nmu1/debian/postrm0000664000000000000000000000134610617730114014706 0ustar #! /bin/sh # postrm script for checksecurity # # see: dh_installdeb(1) set -e case "$1" in purge) # Clean up all log files on purge LOGDIR=/var/log for dir in $LOGDIR/setuid/ $LOGDIR/checksecurity/ do [ -d "$dir" ] && { find $dir -type f -exec rm -f {} \; rmdir $dir } done for file in setuid.today setuid.yesterday setuid.changes \ checksecurity.log do logfile=$LOGDIR/$file [ -f "$logfile" ] && rm -f $logfile done ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) # Do nothing ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 0 esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# checksecurity-2.0.16+nmu1/debian/README.Debian0000664000000000000000000000161110025152406015466 0ustar checksecurity ------------- Checksecurity has been spinned of cron (that's why it Replaces/Depends on it) however, old version of the cron package provided the checksecurity.conf configuration file. Due to the way dpkg handles conffiles in this cases 'checksecurity' will manage that conffile himself. There are several reasons for this: a) Dpkg gives bogus warnings: If you have NOT changed the checksecurity.conf file that was distributed with cron, but have an updated version in the new checksecurity package, dpkg reports that the local file has been modified by the user. That's bogus and confusing. The fact that the tetex maintainer does it all the time does not make it acceptable. b) Under some factors, the conffile might get "lost" For more information read: http://lists.debian.org/debian-devel/2003/debian-devel-200305/msg01313.html --- Javier Fernandez-Sanguino March 14th, 2004 checksecurity-2.0.16+nmu1/debian/checksecurity.cron.daily0000664000000000000000000000214510214253213020257 0ustar #!/bin/sh # /etc/cron.daily/checksecurity: Run the checksecurity script # Steve Greenland LOCKFILE=/var/lock/checksecurity.daily # The logfile we write our changes into. LOGFILE=/var/log/checksecurity.log umask 022 # # Exit silently if the checksecurity package is not installed. (We may be # here just because we're conffile left over from a previous installation). # [ -e /usr/sbin/checksecurity ] || exit 0 # # # Avoid running more than one at a time -- could happen if the # checksecurity script lands on a network drive. # if [ -x /usr/bin/lockfile-create ] ; then lockfile-create $LOCKFILE if [ $? -ne 0 ] ; then cat <>"$LOGFILE" # # Clean up lockfile # if [ -x /usr/bin/lockfile-create ] ; then kill $LOCKTOUCHPID lockfile-remove $LOCKFILE fi checksecurity-2.0.16+nmu1/debian/rules0000775000000000000000000000201611462117322014511 0ustar #!/usr/bin/make -f # # Rules file for checksecurity # # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp dh_clean # Build architecture-independent files here. binary-arch: build # We have nothing to do by default. # Build architecture-dependent files here. binary-indep: build dh_testdir dh_testroot dh_prep dh_installdirs $(MAKE) install PREFIX=$(CURDIR)/debian/checksecurity install -m 644 debian/overrides debian/checksecurity/usr/share/lintian/overrides/checksecurity dh_installdocs dh_installcron dh_installlogrotate dh_installchangelogs dh_installdebconf dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb source diff: @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary checksecurity-2.0.16+nmu1/debian/checksecurity.logrotate0000664000000000000000000000032710617731065020232 0ustar /var/log/checksecurity.log /var/log/diskfree.log /var/log/setuid/setuid.changes /var/log/checksecurity/socket.changes { weekly rotate 10 compress missingok notifempty create 0640 root adm } checksecurity-2.0.16+nmu1/ChangeLog0000664000000000000000000000016710225160422013761 0ustar 2.0.0 ----- * Completely rewrote checksecurity. * Added plugins. * Added manpages. Steve -- www.steve.org.uk checksecurity-2.0.16+nmu1/plugins/0000775000000000000000000000000012640502366013676 5ustar checksecurity-2.0.16+nmu1/plugins/check-diskfree0000775000000000000000000000363711206623305016476 0ustar #! /bin/sh # # Check-diskfree checksecurity plugin # # This script is designed to analyse the usage of the different # disks in the system. # # It is part of the 'checksecurity' package, and tests may be configured # by the global file '/etc/checksecurity.conf' and the file # '/etc/checksecurity/check-diskfree.conf'. # # Copyright (C) 2003-2005 Steve Kemp # # Licensed under the GNU General Public License # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Sane default, just in case [ -z "$CHECK_DISK_PERCENT" ] && CHECK_DISK_PERCENT=90 [ -z "$LOGDIR" ] && LOGDIR=/var/log # Temporary file [ ! -d /var/run/checksecurity ] && { umask 022; mkdir -p /var/run/checksecurity; } TMPDF=/var/run/checksecurity/diskfree.log.tmp >$TMPDF df -klP | grep ^/ | grep -v /media/ | sed -e 's/.*[[:space:]]\([[:digit:]]\+\)%/\1/' | while read PERC LOCATION; do if [ "$PERC" -gt "$CHECK_DISK_PERCENT" ]; then echo "Usage warning on $CHECK_DISK_PERCENT" >>$TMPDF echo "${PERC}% ALERT - $LOCATION" >>$TMPDF fi done # The default behaviour is to output to stdout cat $TMPDF if [ -s "$TMPDF" ] && [ ! -z "$CHECKSECURITY_EMAIL" ]; then /usr/bin/mail -s "Diskfree alert for `hostname -f` on `date '+%D %T'`" $CHECKSECURITY_EMAIL < $TMPDF fi mv $TMPDF $LOGDIR/diskfree.log exit 0 checksecurity-2.0.16+nmu1/plugins/check-sockets0000775000000000000000000000621211206625251016347 0ustar #!/bin/sh # # Check-sockets checksecurity plugin # # This script is designed to find the TCP/UDP sockets bound present on the # system # # It is part of the 'checksecurity' package, and tests may be configured # by the global file '/etc/checksecurity.conf' and the file # '/etc/checksecurity/check-sockets.conf'. # # This check was based on the 'bound sockets' check available in SuSE's # seccheck package # # Copyright (C) 1999 Marc Heuse # Copyright (C) 2007 Javier Fernandez-Sanguino # # Licensed under the GNU General Public License # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. set -e PATH=/sbin:/bin:/usr/sbin:/usr/bin umask 027 cd / if [ -e /etc/checksecurity/check-socket.conf ] then . /etc/checksecurity/check-socket.conf fi if [ `/usr/bin/id -u` != 0 ] ; then echo "Only root has permission to run this script" exit 1 fi if [ ! -x /usr/bin/lsof ] ; then # Exit silently, lsof is not installed exit 0 fi TMPSOCKET=${LOGDIR:=/var/log/checksecurity}/sockets.new.tmp TMPDIFF=${LOGDIR:=/var/log/checksecurity}/sockets.diff.tmp # Guard against undefined vars [ -z "$LOGDIR" ] && LOGDIR=/var/log/checksecurity [ -z "$CHECKSECURITY_IGNORELINES" ] && CHECKSECURITY_IGNORELINES="^$" if [ ! -e "$LOGDIR" ] ; then echo "ERROR: Log directory $LOGDIR does not exist" exit 1 fi cd $LOGDIR test -f sockets.today || touch sockets.today # display programs with TCP/UDP bound sockets set -o noglob printf "\nThe following programs have got bound sockets:\n" >$TMPSOCKET # TODO: (jfs) Enhance using netstat if lsof is not available. # use the code @Tiger to do this. # TODO: (jfs) Make it possible to remove /usr/bin/lsof -i -n -P | egrep 'UDP|TCP.*LISTEN' | egrep -v 'UDP.*->.*' | sed 's/....[0-9]u IP.* / /' | sed 's/ FD TYPE DEVICE SIZE NODE NAME/PROTO PORT/' | sed 's/ [0-9][0-9]* / /' | sed 's/ PID / /'| sed -e 's/[ \t]\+/ /g' | egrep -v "$CHECKSECURITY_IGNORELINES" | sort -u >>$TMPSOCKET set +o noglob if cmp -s sockets.today $TMPSOCKET >/dev/null then : else diff -U0 sockets.today $TMPSOCKET >> $TMPDIFF || [ $? = 1 ] echo "`hostname` changes to TCP/UDP bound sockets:" cat $TMPDIFF if [ `cat $TMPDIFF | wc -l` -gt 0 -a ! -z "$CHECKSECURITY_EMAIL" ]; then /usr/bin/mail -s "Socket changes for `hostname -f` on `date '+%D %T'`" $CHECKSECURITY_EMAIL < $TMPDIFF fi cp $TMPDIFF sockets.changes mv sockets.today sockets.yesterday mv $TMPSOCKET sockets.today chown root:adm sockets.today fi rm -f $TMPDIFF rm -f $TMPSOCKET exit 0 checksecurity-2.0.16+nmu1/plugins/check-iptables-logs0000775000000000000000000000646012472112067017450 0ustar #!/usr/bin/perl -w # Script to list filtered IPs based on messages log # Assumes daily rotation of logfile. # (C) Javier Fernandez-Sanguino , 2010 # # Redistributable under the terms of the GPL - see # # Command line options use Getopt::Std; use vars qw[$opt_d $opt_f $opt_c $opt_a]; getopts('df:c:a:'); $debug = $opt_d || 0; # Configuration my $logfile = $opt_f || "/var/log/messages"; # Logfile my $frequency = 7 ; # How many days is the logfile rotated in # default is weekly my $max_connects = $opt_c || 5; # Number of events to report (over this) my $max_attacks = $opt_a || 10; # Number of attacks to report (over this) # Variables my %hosts; -e "$logfile" || die "Configured logfile $logfile does not exist"; if ( $logfile =~ /.gz$/ ) { open(F, "zcat $logfile |") or die "Eek, problems opening logfile $logfile: $! $?\n"; } else { open(F, "<$logfile") or die "Eek, problems opening logfile $logfile: $! $?\n"; } while() { chomp; next unless /kernel: /; print "DEBUG: Analysing '$_' \n" if $debug > 2; if ( /SRC=([\d.]+)\s+.*DPT=(\d+)/ ) { my $ip = $1; my $port = $2; # TODO - resolve port to name 1 time $ports{$port}++; $filter{$port}{$ip}++; print "DEBUG: Found blacklisted connection from $ip (to port $port)\n" if $debug ; } if ( /.*BLACKLISTED.*SRC=([\d.]+)\s+.*DPT=(\d+)/ ) { my $ip = $1; my $port = $2; # TODO - resolve IP to name 1 time $blacklisted{$ip}++; $blackports{$ip}{$port}++; print "DEBUG: Found blacklisted connection from $ip (to port $port)\n" if $debug; } } close(F) or warn "problems closing logfile: $! $?\n"; @blackhosts = keys %blacklisted; @attackedports = keys %ports; #@badhosts=grep {$hosts{$_}>${max_connects}} keys %hosts; print "Reporting attacks blocked by iptables filter\n\n"; print "-" x 50; print "\n"; print "Number of maximum connections: ${max_connects} (per port)\n"; print "Number of maximum attacks: ${max_attacks} (per host)\n"; print "\n"; print "\n"; print "-" x 50; print "\n"; print "List of relevant blacklisted hosts\n"; print "-" x 50; print "\n"; print "\n"; if ($#blackhosts > 0) { print "Blacklisted hosts (total hosts: $#blackhosts)\n"; foreach $host ( sort { $blacklisted{$b} <=> $blacklisted{$a} } keys %blacklisted ) { if ( $blacklisted{$host} > ${max_connects} ) { print "\t$host - $blacklisted{$host}\n " ; # TODO - DNS resolution for all IP hosts foreach $port ( sort { $blackports{$host}{$b} <=> $blackports{$host}{$a} } keys %{$blackports{$host}} ) { print "\t\t$port - $blackports{$host}{$port}\n"; } } } } else { print "WARNING: Did not found any blacklisted host $logfile\n"; } # Attacks print "-" x 50; print "\n"; print "List of relevant attacked ports\n"; print "-" x 50; print "\n"; print "\n"; if ($#attackedports > 0) { print "Attacked ports (total ports: $#attackedports)\n"; foreach $port ( sort { $ports{$b} <=> $ports{$a} } keys %ports ) { if ( $ports{$port} > ${max_connects} ) { print "\t$port - $ports{$port} hits\n"; foreach $host ( sort { $filter{$port}{$b} <=> $filter{$port}{$a} } keys %{$filter{$port}} ) { print "\t\t$host - $filter{$port}{$host}\n" if $filter{$port}{$host} > ${max_attacks}; } } } } else { print "WARNING: Did not found any filtered attacks in $logfile\n"; } exit 0; checksecurity-2.0.16+nmu1/plugins/check-passwd0000775000000000000000000000405310225161106016170 0ustar #!/bin/sh # # Check-passwd checksecurity plugin # # This script is designed to check for common weaknesses in passwords # # It is part of the 'checksecurity' package, and tests may be configured # by the global file '/etc/checksecurity.conf' and the file # '/etc/checksecurity/check-password.conf'. # # Copyright (C) 2003-2005 Steve Kemp # # Licensed under the GNU General Public License # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. if [ `/usr/bin/id -u` != 0 ] ; then echo "Only root has permission to run this script" exit 1 fi # # Test for duplicate root login accounts. # if [ "x$CHECK_PASSWORD_DUPLICATES" = "xTRUE" ]; then # Count of UID 0 accounts NROOT=`awk -F: '{if (0 == $3) print;}' /etc/passwd | wc -l` # If more than one warn if [ "$NROOT" != "1" ]; then # Warn and display offenders echo "There is more than one root login acounts" awk -F: '{if (0 == $3) print;}' /etc/passwd fi fi # # Test for accounts which have no password. # if [ "x$CHECK_PASSWORD_EMPTY" = "xTRUE" ]; then # # Only test for empty passwords if there is /etc/shadow. # if [ -e /etc/shadow ] ; then awk -F: '{print $1,$2}' /etc/shadow | while read username passwd do case $passwd in "") echo User $username has an empty password ;; *) ;; esac done fi fi checksecurity-2.0.16+nmu1/plugins/check-setuid0000775000000000000000000000746412640502366016207 0ustar #!/bin/sh # # Check-setuid checksecurity plugin # # This script is designed to find the setuid files present on the system # # It is part of the 'checksecurity' package, and tests may be configured # by the global file '/etc/checksecurity.conf' and the file # '/etc/checksecurity/check-setuid.conf'. # # Copyright (C) 2003-2005 Steve Kemp # # Licensed under the GNU General Public License # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. set -e PATH=/sbin:/bin:/usr/sbin:/usr/bin umask 027 cd / if [ -e /etc/checksecurity/check-setuid.conf ] then . /etc/checksecurity/check-setuid.conf fi if [ `/usr/bin/id -u` != 0 ] ; then echo "Only root has permission to run this script" exit 1 fi TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp # # Check for NFS/AFS mounts that are not nosuid/nodev # if [ ! "$CHECKSECURITY_NONFSAFS" = "TRUE" ] ; then # temporarily disable error exit, as grep may give errors if no nfs/afs # are mounted. set +e nfssys=`mount | grep -E 'type (nfs|afs)' | grep -vE '\(.*(nosuid|noexec).*nodev.*\)'` nfssyscnt=`echo $nfssys |grep "[a-z]"| wc -l` set -e if [ $nfssyscnt -gt 0 ] ; then echo "The following NFS or AFS filesystems are mounted insecurely:" echo "" echo $nfssys echo "" echo "If this is intentional and you have supreme confidence in the" echo "security of the server for these file systems, you may disable" echo "this message by editing the value of CHECKSECURITY_NONFSAFS in" echo "the file /etc/checksecurity/check-setuid.conf." fi fi if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then exec 9>&2 exec 2>/dev/null fi # Guard against undefined vars [ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid if [ ! -e "$LOGDIR" ] ; then echo "ERROR: Log directory $LOGDIR does not exist" exit 1 fi if [ -n "$CHECKSECURITY_PATHFILTER" ]; then PATHCHK="( $CHECKSECURITY_PATHFILTER ) -prune -o" else PATHCHK=" -prune -o" fi if [ -n "$CHECKSECURITY_DEVICEFILTER" ]; then DEVCHK="-a -not ( $CHECKSECURITY_DEVICEFILTER )" else DEVCHK="" fi # This is the only way to pass '*' through a variable (NODEVDIRS) -- Marc set -o noglob ionice -t -c3 \ find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ -ignore_readdir_race \ -xdev $PATHCHK \ \( -type f -perm /06000 -o \( \( -type b -o -type c \) \ $DEVCHK \) \) \ -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort -k 12 >$TMPSETUID set +o noglob if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then exec 2>&9 fi cd $LOGDIR test -f setuid.today || touch setuid.today if cmp -s setuid.today $TMPSETUID >/dev/null then : else diff -U0 setuid.today $TMPSETUID >> $TMPDIFF || [ $? = 1 ] echo "`hostname` changes to setuid programs and devices:" cat $TMPDIFF if [ `cat $TMPDIFF | wc -l` -gt 0 -a ! -z "$CHECKSECURITY_EMAIL" ]; then /usr/bin/mail -s "Setuid changes for `hostname -f` on `date '+%D %T'`" $CHECKSECURITY_EMAIL < $TMPDIFF fi # Log the changes cp $TMPDIFF setuid.changes mv setuid.today setuid.yesterday mv $TMPSETUID setuid.today chown root:adm setuid.today fi rm -f $TMPDIFF rm -f $TMPSETUID exit 0 checksecurity-2.0.16+nmu1/etc/0000775000000000000000000000000012472121710012761 5ustar checksecurity-2.0.16+nmu1/etc/check-diskfree.conf0000664000000000000000000000062710025151256016504 0ustar # # This is the configuration file for the disk space check # which checksecurity will perform via the 'check-diskfree' plugin. # # To disable this series of tests edit /etc/checksecurity.conf # and set 'check-diskspace="FALSE"'. # ## ## # If the disk usage of any partition becomes more than 70% full # then we will generate an alert. # # Valid values or "0" - "100" # ## CHECK_DISK_PERCENT="70" checksecurity-2.0.16+nmu1/etc/check-socket.conf0000664000000000000000000000127111206625141016175 0ustar # # This is the check-socket script configuration file contained # in the checksecurity package. # # These configuration variables may be set: # # CHECKSECURITY_IGNORELINES # LOGDIR # # Each is described in its own section below -- search for #### # as a section divider. # #### #### # # Location of socket status databases. # LOGDIR=/var/log/checksecurity #### # # Lines that will be ignored, you can use here any sintax # that 'egrep' will understand. Output lines that contain the # the regular expression defined here will be ignored. # # Example: ignore all rpc processes # CHECKSECURITY_IGNORELINES="^rpc\..*" # # Standard, just ignore empty lines: CHECKSECURITY_IGNORELINES="^$" checksecurity-2.0.16+nmu1/etc/check-passwd.conf0000664000000000000000000000102007731235525016211 0ustar # # This is the configuration file for the password checks # which checksecurity will perform via the 'check-passwd' plugin. # # # To disable this series of tests edit /etc/checksecurity.conf # and set 'check-passwords="FALSE"'. # ## ## # Check for duplicate UID's. # # Valid values or "TRUE" or "FALSE". ## CHECK_PASSWORD_WARN_UIDS="TRUE" ## # The following controls whether we should warn about any # accounts which do not have a password set. # # Valid values or "TRUE" or "FALSE". ## CHECK_PASSWORD_EMPTY="TRUE" checksecurity-2.0.16+nmu1/etc/global-checksecurity.conf0000664000000000000000000000340612472112606017742 0ustar # # This is the global configuration file for checksecurity, it # defines several common settings, and controls which of the # tests are enabled. # ## ## This is the global configuration section. ## # # MAILTO controls where the results of the tests will be mailed # to upon alert conditions. # MAILTO=root # If the CHECKSECURITY_EMAIL is set, the report is mailed to the given # address. Note that if you set this, it is *assumed* that you have # /usr/bin/mail that accepts -s; the bsd-mailx package provides this; or # you can install mutt and create a link, or some other # alternative. No, I'm not going to fix it to write the appropriate # headers and use sendmail (although I'd consider patch), nor am I # going to add a {Depends|Recommends|Suggests} to this package. # Do not submit bugs about this unless you include the above mentioned # patch. You enabled this option -- you take responsibility. # #CHECKSECURITY_EMAIL="root" # # This is the path which the scripts are given when they are run. # PATH=/usr/sbin:/usr/bin:/sbin:/bin ## ## The next group of settings control which checks are enabled. ## # Which checks to run daily? CHECK_DAILY="DISKFREE PASSWD SOCKETS" # Which checks to run weekly? CHECK_WEEKLY="SETUID IPTABLES_LOGS" # # Check for mounts which have very little disk space free. # CHECK_DISKFREE="TRUE" # Configure the checks in /etc/checksecurity/check-diskfree.conf # # Check passwords # CHECK_PASSWD="TRUE" # Configure the checks in /etc/checksecurity/check-passwd.conf # # Check setuid files # CHECK_SETUID="TRUE" # Configure the checks in /etc/checksecurity/check-setuid.conf # # Check open sockets # CHECK_SOCKETS="TRUE" # Configure the checks in /etc/checksecurity/check-sockets.conf # # Check iptables logs # CHECK_IPTABLES_LOGS="FALSE" checksecurity-2.0.16+nmu1/etc/check-setuid.conf0000664000000000000000000000734612472121710016212 0ustar # # This is the check-setuid script configuration file contained # in the checksecurity package. # # These configuration variables may be set: # # CHECKSECURITY_FILTER # CHECKSECURITY_NOFINDERRORS # CHECKSECURITY_NONFSAFS # CHECKSECURITY_DEVICEFILTER # CHECKSECURITY_PATHFILTER # LOGDIR # # Each is described in its own section below -- search for #### # as a section divider. # #### # # The CHECKSECURITY_FILTER variable is used as an argument to # "grep -vE" to filter lines from the output of the "mount" command. # # The default is not check the following file systems: # # type proc # type sysfs # type shfs # type lufs # type devpts # type bind # type binfmt_misc # type iso9660 # type ncpfs # type smbfs # type nfs # type afs # type auto (They'll typically be picked up on the nfs branch) # type msdos # type fat # type vfat # type ntfs # type coda (similar to afs) # type usbdevfs # type none (--bind mounts) # type fuse # # floppies (i.e. /dev/fd) # anything on /sys, /mnt or /vicep # # Note that behaviour for nfs/afs has changed as of release -45. We # no longer run find across nfs/afs disks; instead we simply report # afs/nfs disks that are mounted insecurely (without -onosuid|noexec,nodev). # You can disable this report by going setting the CHECKSECURITY_NONFSAFS # variable below. # # Use temp variables to build up CHECKSECURITY_FILTER, to make it # a little more readable. # CS_NFSAFS='(type (nfs|afs|coda|lustre|mfs|nnpfs)|^(arla .* type xfs))' # Uncomment the next line to get the old behaviour. #CS_NFSAFS='(nfs|afs) \(.*(nosuid|noexec).*nodev.*\)' # CS_TYPES='( type (auto|proc|sysfs|bind|msdos|fat|vfat|iso9660|usbdevfs|ncpfs|smbfs|cifs|ntfs|devpts|binfmt_misc|shfs|lufs|none|fuse))|'$CS_NFSAFS # CS_OPTS='\(.*(nosuid|noexec).*\)' # # Exclude floppy disks # NOTE: If you want to exclude all /dev use CHECKSECURITY_DEVICEFILTER # below CS_DEVS='^/dev/fd' # # Do not traverse /sys (kernel filesystem), /mnt (external mounts) or /vicep # (AFS fileserver mounts) # CS_DIRS='on (/sys|/mnt|/vicep)' # CHECKSECURITY_FILTER="$CS_TYPES|$CS_OPTS|$CS_DEVS|$CS_DIRS" # # Note: You can also disable the check-setuid check entirely if # # CHECKSECURITY_PATHFILTER="-path /*" # # Clear the temporary variables. # unset CS_NFSAFS CS_TYPES CS_DIRS CS_OPTS # #### # # The CHECKSECURITY_NOFINDERRORS, if set to "TRUE" (case sensitive), # redirects any errors from the find command used in checksecurity # to /dev/null. # CHECKSECURITY_NOFINDERRORS="FALSE" #### # # The CHECKSECURITY_NONFSAFS, if set to "TRUE" (case sensitive), # disables the message about insecurely mounted nfs/afs disks. # CHECKSECURITY_NONFSAFS="FALSE" #### # # The CHECKSECURITY_DEVICEFILTER lets you tell find not to report # devices in those directories (if you choose the daily Emails, # devices like /dev/pts/?, /dev/tty?, or /dev/urandom will change # often and clutter your mailbox). Also, if the system gets rebooted # often many changes will be reported after a reboot due to differences # in timestamps for devices under /dev as they get recreated on reboot. # # Note that these directories are still searched for suid executables. # Also note that *something* must be defined, which is why the default is # "-false". # Examples: #CHECKSECURITY_DEVICEFILTER="-path /dev/*" #CHECKSECURITY_DEVICEFILTER="-path /dev/* -o -path /home/ftp/dev/*" CHECKSECURITY_DEVICEFILTER="-false" #### # The CHECKSECURITY_PATHFILTER variable lets you set a pattern of # pathnames that you don't want to check at all. You hopefully know # what you're doing if you do this :-). # Example: # CHECKSECURITY_PATHFILTER="-path /dev/rd* -o -path /var/home/ftp*" CHECKSECURITY_PATHFILTER="-false" #### # # Location of setuid file databases. # LOGDIR=/var/log/setuid