Secheck 0.03 review
DownloadSecheck is a script designed for linux users to keep up with some security issues on their system
|
|
Secheck is a script designed for linux users to keep up with some security issues on their system. secheck runs nightly and checks on such things as: SUID files, passwordless accounts, open ports, users on the system with root access, who has su'd to root, etc. For more information, please see the about page.
I have written a small install.sh script which should handle all installation. Here's basiclly what it does, minus the crontab'ing
1. cp secheck-* /usr/local/etc/ && cd to /usr/local/etc/secheck
2. unpack the archive with: tar -xvf secheck-0.01.tar
3. cd into /usr/local/etc/secheck/
4. chmod +x security.check secheck
5. edit secheck and change the email address to the user(s) or email address you want the output mailed to.
6. Run secheck
7. crontab secheck
When it is finished, the output should look like this:
/root/secheck-*(version number)
/root/secheck-*/secheck
/root/secheck-*/security.check
/root/secheck-*/other docs, README, INSTALL, etc
/usr/local/etc/secheck/secheck
/usr/local/etc/secheck/security.check
/root/.secheck/baslinefiles
If that isn't the case.. you may need to cp a few files here and there, and I will have it fixed in the next release.
Here are some key features of "Secheck":
1. Show open ports on the system
2. Shows the current users on the system.
3. Shows how much drive space is free (in gb)
4. Shows SUID and SGID files on the system
5. Checks for users with root accounts
6. Checks for passwordless accounts
7. Shows system processes
8. Shows who has su'd to root (also includes sudo)
9. Optional: shows denied packets through ipchains/iptables
11. Shows all files with no owner
12. Show the differences between a basline copy of: /etc/passwd, /etc/shadow, /etc/group, and /etc/inetd.conf with the current version.
10. Emails the output of all of these to a user specified in check.sh (the wrapper script).
Secheck 0.03 keywords