pepoluan · April 2, 2024 10:51
diff --git a/check-group.sh b/check-group.sh
 #!/bin/bash
 for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do
        if ! grep -q -P "^.*?:x:$i:" /etc/group; then
                echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
        fi
 done
diff --git a/check-netrc.sh b/check-netrc.sh
 #!/bin/bash

 user_dir="$(
        egrep -v '^(root|halt|sync|shutdown)' /etc/passwd |
        awk -F: '
                ($7 != "/sbin/nologin" && $7 != "/bin/false") {
                        print $1 " " $6
                }
        '
 )"

 while read user dir; do
        if [[ ! -d "$dir" ]]; then
                echo "Home dir ($dir) of user '$user' does not exist."
                continue
        fi
        if [[ -e "$dir/.netrc" ]]; then
                echo ".netrc file $dir/.netrc exists!"
        fi
 done <<< "$user_dir"
diff --git a/check-path.sh b/check-path.sh
 #!/bin/bash

 pp="$PATH"
 # We need "extended globbing" to use the +(..) and *(..) constructs
 shopt -s extglob
 if [[ "$pp" =~ :: ]]; then
        echo "Empty Directory in PATH (::)"
        # extglob of +(:) means "one or more ':'"
        # So what we're doing here, is collapsing consecutive colons (1, 2, 3, or even more)
        # into just one colon. And because of the double-slash, this is done for the whole string
        # This removes the diabolical case of ":::" or worse.
        pp="${pp//+(:)/:}"
 fi
 if [[ "$pp" =~ :$ ]]; then
        echo "Trailing : in PATH"
        # extglob of *(:) means "zero or more ':'"
        # %% means "remove as long as possible from end of string"
        pp="${pp%%*(:)}"
 fi

 # Replace all ":" with "\n" and consume into array. (One line = one element)
 readarray -t p <<< "${pp//:/$'\n'}"

 for d in "${p[@]}"; do
        # One or more periods (and none other)
        if [[ "$d" = +(.) ]]; then
                echo "PATH contains . or .. (or variant of)"
                continue
        fi
        if ! [[ -d "$d" ]]; then
                echo "$d is not a directory"
                continue
        fi
        dirperm="$( /usr/bin/stat -c "%A" "$d" )"
        if [[ ${dirperm:5:1} != "-" ]]; then
                echo "Group Write permission set on directory $d"
        fi
        if [[ ${dirperm:8:1} != "-" ]]; then
                echo "Other Write permission set on directory $d"
        fi
        dirown="$( /usr/bin/stat -c "%u" "$d" )"
        if [[ "$dirown" != "0" ]] ; then
                echo "$d is not owned by root"
        fi
        shift
 done

 shopt -u extglob
	#!/bin/bash
	for i in $(cut -s -d: -f4 /etc/passwd \| sort -u ); do
	if ! grep -q -P "^.*?:x:$i:" /etc/group; then
	echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
	fi
	done
	#!/bin/bash

	user_dir="$(
	egrep -v '^(root\|halt\|sync\|shutdown)' /etc/passwd \|
	awk -F: '
	($7 != "/sbin/nologin" && $7 != "/bin/false") {
	print $1 " " $6
	}
	'
	)"

	while read user dir; do
	if [[ ! -d "$dir" ]]; then
	echo "Home dir ($dir) of user '$user' does not exist."
	continue
	fi
	if [[ -e "$dir/.netrc" ]]; then
	echo ".netrc file $dir/.netrc exists!"
	fi
	done <<< "$user_dir"
	#!/bin/bash

	pp="$PATH"
	# We need "extended globbing" to use the +(..) and *(..) constructs
	shopt -s extglob
	if [[ "$pp" =~ :: ]]; then
	echo "Empty Directory in PATH (::)"
	# extglob of +(:) means "one or more ':'"
	# So what we're doing here, is collapsing consecutive colons (1, 2, 3, or even more)
	# into just one colon. And because of the double-slash, this is done for the whole string
	# This removes the diabolical case of ":::" or worse.
	pp="${pp//+(:)/:}"
	fi
	if [[ "$pp" =~ :$ ]]; then
	echo "Trailing : in PATH"
	# extglob of *(:) means "zero or more ':'"
	# %% means "remove as long as possible from end of string"
	pp="${pp%%*(:)}"
	fi

	# Replace all ":" with "\n" and consume into array. (One line = one element)
	readarray -t p <<< "${pp//:/$'\n'}"

	for d in "${p[@]}"; do
	# One or more periods (and none other)
	if [[ "$d" = +(.) ]]; then
	echo "PATH contains . or .. (or variant of)"
	continue
	fi
	if ! [[ -d "$d" ]]; then
	echo "$d is not a directory"
	continue
	fi
	dirperm="$( /usr/bin/stat -c "%A" "$d" )"
	if [[ ${dirperm:5:1} != "-" ]]; then
	echo "Group Write permission set on directory $d"
	fi
	if [[ ${dirperm:8:1} != "-" ]]; then
	echo "Other Write permission set on directory $d"
	fi
	dirown="$( /usr/bin/stat -c "%u" "$d" )"
	if [[ "$dirown" != "0" ]] ; then
	echo "$d is not owned by root"
	fi
	shift
	done

	shopt -u extglob