File: /home/msampaio/share/hardening/sysinfo.

ksh

Page 1 of 6

#!/usr/bin/ksh
#
# Criado por Marcos Jean Sampaio - Out/2012
#
# Este script coleta diversas informacoes uteis
# durante um security checklist do AIX, podendo tambem ser
# utilizado para outros fins
#
#
echo "*******************************************************"
echo
PATH
echo "*******************************************************"
echo " "
echo " "
echo $PATH
echo " "
echo " "
echo "*******************************************************"
echo
/etc/profile
echo "*******************************************************"
echo " "
echo " "
cat /etc/profile
echo " "
echo " "
#
echo "*******************************************************"
echo Users List
echo id groups home auditclasses login su rlogin telnet ttys
echo -- ------ ---- ------------ ----- -- ------ ------ ---echo "*******************************************************"
/usr/sbin/lsuser -c -a id groups home auditclasses login su rlogin telnet ttys ALL | sed '/^#.*/d' | tr
':' '\011'
echo " "
echo " "
#
#
echo "*******************************************************"
echo
/etc/security/login.cfg
echo "*******************************************************"
echo " "
echo " "
cat /etc/security/login.cfg |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
/etc/security/user
echo "*******************************************************"
echo " "
echo " "
cat /etc/security/user |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
System Administrators
echo "*******************************************************"
echo " "
echo " "
/usr/bin/grep :0: /etc/passwd
echo " "
echo " "

File: /home/msampaio/share/hardening/sysinfo.ksh
#
#
#
echo "*******************************************************"
echo
/etc/security/limits
echo "*******************************************************"
echo " "
echo " "
cat /etc/security/limits |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
/etc/security/lastlog
echo "*******************************************************"
echo " "
echo " "
cat /etc/security/lastlog |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
/etc/security/mkuser.default
echo "*******************************************************"
echo " "
echo " "
cat /etc/security/mkuser.default |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
echo "*******************************************************"
echo
ssh keys
echo "*******************************************************"
echo " "
echo " "
find / -type d -name ".ssh" -print -exec ls -l {} \;
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
/etc/rc.tcpip daemons
echo "*******************************************************"
echo " "
echo " "
cat /etc/rc.tcpip |grep ^"start "
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
/etc/inetd.conf
echo "*******************************************************"
echo " "
echo " "
cat /etc/inetd.conf |sed -e '/^#.*/d' -e '/^*.*/d'
echo " "
echo " "
#
#
#

Page 2 of 6

File: /home/msampaio/share/hardening/sysinfo.ksh
echo "*******************************************************"
echo
/etc/inittab
echo "*******************************************************"
echo " "
echo " "
cat /etc/inittab |sed '/^:.*/d'
echo " "
echo " "
#
#
#
echo "*******************************************************"
echo
X server
echo "*******************************************************"
echo " "
echo " "
XPID=`ps -ef | awk '$8~/^.*\/X$/{print $3}'`
if [ -n "$XPID" ]; then
ps -ef | grep $XPID | grep "dtlogin" | grep -v grep
fi
echo " "
echo " "
#
#
#
echo "*******************"
echo DEFINED USER GROUPS
echo "*******************"
echo " "
echo " "
/usr/sbin/lsgroup -c ALL | sed '/^#.*/d' | tr ':' '\011'
echo " "
echo " "
#
#
display the failedlogin log
#
echo "****************************"
echo FAILED LOGINS ON THIS SYSTEM
echo "****************************"
/usr/bin/who -s /etc/security/failedlogin
echo " "
echo " "
echo "***************************"
echo Verifies the correctness of
echo passwords,users,groups
echo "***************************"
echo " "
echo " "
echo "pwdck"
echo ----/usr/bin/pwdck -n ALL
echo " "
echo " "
echo "usrck"
echo ----/usr/bin/usrck -n ALL
echo " "
echo " "
echo "grpck"
echo ----/usr/sbin/grpck -n ALL
echo " "
echo " "
echo "**************************"
echo "List of setuid"
echo "**************************"

Page 3 of 6

File: /home/msampaio/share/hardening/sysinfo.ksh
find / -user root -perm -04000 -exec ls -l {}\;
echo " "
echo " "
echo "**************************"
echo "List of setgid"
echo "**************************"
find / -user root -perm -02000 -exec ls -l {}\;
echo " "
echo " "
echo "**************************"
echo
"Some file permitions"
echo "**************************"
echo " "
echo " "
FILES="
/etc/filesystems
/etc/hosts
/etc/inittab
/etc/profile
/etc/vfs
/etc/security/failedlogin
/etc/security/audit/hosts
"
for i in $FILES
do
if [ -f $i ];then
ls -l $i
fi
done
echo " "
echo " "
#
#
#
echo "*************************"
echo
NETWORK INFORMATION
echo "*************************"
echo " "
echo " "
#
#
check the network interface hardware
#
echo "The following network interfaces are available on this system:"
echo " "
/usr/sbin/lsdev -Cc if
echo " "
echo " "
echo " "
iftest=`odmget -q value=up CuAt|grep name|cut -c 10-12`
echo "The current interfaces are: "
echo " "
for i in $iftest
do
if [ -n $i ]; then
ifconfig $i
echo " "
fi
done
echo " "
echo " "
echo "netstat -nr"
echo ----------/usr/bin/netstat -nr
echo " "
echo " "

Page 4 of 6

File: /home/msampaio/share/hardening/sysinfo.ksh
echo "netstat -af inet"
echo ---------------/usr/bin/netstat -af inet
echo " "
echo " "
echo "/usr/bin/namerslv -s -I"
echo ----------------------/usr/bin/namerslv -s -I
echo " "
echo " "
echo "/usr/bin/hostent -S"
echo ------------------/usr/bin/hostent -S
echo " "
echo " "
#
#
#
echo "The following TCP/IP services are configured on this machine"
echo " "
/usr/bin/lssrc -g tcpip
echo " "
echo "******** WARNING **********"
echo ".rhosts and .netrc are a security risk"
echo " "
echo " "
echo ".rhosts files are in: "
echo " "
find / -name '.rhosts' -print
echo " "
echo " "
echo ".netrc files are in:"
echo " "
find / -name '.netrc' -print
echo " "
if [ -x /usr/sbin/inetd -a -f /etc/hosts.equiv ]; then
echo " the following hosts are allowed to rsh, rcp, rlogin"
echo " "
echo " "
cat /etc/hosts.equiv | grep -v "#"
echo " "
fi
if [ -x /usr/sbin/inetd -a -f /etc/hosts.lpd ]; then
echo " the following hosts are allowed to sbumit remote print jobs"
echo " ONLY"
echo " "
echo " "
cat /etc/hosts.lpd | grep -v "#"
echo " "
fi
if [ -x /usr/sbin/inetd -a -f /etc/resolv.conf ]; then
echo "this machine is on a nameserver network"
echo " "
echo " "
cat /etc/resolv.conf | grep -v "#"
fi
echo "NFS Configuration"
echo ""
echo " "
echo " "
if [ -x /usr/etc/nfsd -a -f /etc/exports ]; then
echo "This machine is an NFS server"
echo "The following directories may be exported:"
echo " "
cat /etc/exports
echo " "
echo "The following directories are currently exported:"

Page 5 of 6

File: /home/msampaio/share/hardening/sysinfo.ksh
echo " "
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo

cat /etc/xtab
" "
"The following hosts have exported directories mounted"
"at this time"
" "
/usr/bin/showmount
" "
else
"this machine is an NFS client"
" "
echo "The following directories are mounted from remote systems"
" "
"Node
mounted
mounted over
vfs
date
options"
mount | grep -v "^ "
" "
" "
fi
"The following NFS services are configured on this machine:"
" "
/usr/bin/lssrc -g nfs
" "
" "

exit 0

Page 6 of 6