#!/bin/sh
#Rhino9 Linux Security Script v0.8 by module 
#(modu1e@hotmail.com) (modu1e@technotornic.com)
#
#Thanks to vacuum@technotronic.com for some ideas, and to
#jericho@dimensional.com for some inspiration and help
#
#Once again, I have updated the script to include many changes.
#I redid most of it from the bottom up, because I wanted to
#incorporate as many new features into the script as I could.
#Now, the script isnt AS verbose anymore, and just records
#everything to a log file and mails you the results.  I
#recommend setting a cronjob to run the program every other
#day.  NOTE: This is for Linux, and linux only. 
#Please read the README for more info
#
HOSTNAME=`hostname`
DATE=`date`

if test -e ~/R9-Security.OLD.$HOSTNAME
then
    rm ~/R9-Security.OLD.$HOSTNAME
fi

if test -e ~/R9-Security.$HOSTNAME
then
    mv ~/R9-Security.$HOSTNAME ~/R9-Security.OLD.$HOSTNAME
fi

if [ `uname` != Linux ]; then
  echo "You must be running Linux first!"
  exit 0
fi

if [ `whoami` != root ]; then
  echo "You must be root to run this so we are able to look everywhere "
  exit 0
fi

#Leet naming design
echo "<\\\\\\>---(Rhino9 Linux Security Auditer)---<\\\\\\>"
echo "     Werd goes out to vacuum and Jericho"
echo "       March 12, 1998 Version 0.8"
echo "(modu1e@hotmail.com) (modu1e@technotronic.com)   "
echo "http://www.rhino9.org (http://207.98.195.250)"
echo ""
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
echo ""
echo "<\\\\\\>---(Rhino9 Linux Security Auditer)---<\\\\\\>" > ~/R9-Security.$HOSTNAME
echo "     Werd goes out to vacuum and Jericho" >> ~/R9-Security.$HOSTNAME 
echo "       March 12, 1998 Version 0.8" >> ~/R9-Security.$HOSTNAME
echo "(modu1e@hotmail.com) (modu1e@technotronic.com)   " >> ~/R9-Security.$HOSTNAME
echo "http://www.rhino9.org (http://207.98.195.250)" >> ~/R9-Security.$HOSTNAME

#Tell em whats up
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Local Audit for $HOSTNAME at $DATE" >> ~/R9-Security.$HOSTNAME
uptime >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Start it off
echo "Current probable bugs on your system:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Check their kernel
echo Checking kernel..
echo ""
echo "Check for updated kernel:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
uname -sr >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "If you kernel is lower than 2.0.32, you are vulnerable to teardrop" >> ~/R9-Security.$HOSTNAME
echo "If its lower than 2.0.33, then you are vulnerable to the pentium bug" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "LATEST KERNELS FROM kernel.org:" >> ~/R9-Security.$HOSTNAME
echo Checking linux.kernel.org for latest kernel please wait...
finger @linux.kernel.org >> ~/R9-Security.$HOSTNAME
echo "Fix: ftp to kernel.org and get the latest kernel" >> ~/R9-Security.$HOSTNAME
echo ""
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#unpassworded accounts
echo Checking for unpassworded accounts in /etc/shadow and /etc/passwd
echo "" 
echo "Unpassworded accounts on your system:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
grep '^[^:]*::' /etc/passwd >> ~/R9-Security.$HOSTNAME
grep '^[^:]*::' /etc/shadow >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Fix: passwd <username>" >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Suid program check
echo "Checking for setuid programs...(May take a minute)"
echo "Setuid program check" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "The following is a list of suid programs on your system:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
find / \( -perm -4000 -o -perm -2000 \) -exec ls -ldb {} \; >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME

echo "" >> ~/R9-Security.$HOSTNAME
echo "The following programs are KNOWN to have suid vulnerabilities:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "" 

if [ -s /usr/X11R6/bin/color_xterm ]
then
echo "(--# Checking color_xterm for suid...  "
        if test -u /usr/X11R6/bin/color_xterm
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/X11R6/bin/color_xterm" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking color_xterm for suid...  "
        echo "/usr/X11R6/bin/color_xterm not installed or not found"
        echo ""
fi
sleep 1

if [ -s /sbin/dip ]
then
echo "(--# Checking dip for suid...  "
        if test -u /sbin/dip
        then
                echo "Its set suid..probably vulnerable"
                echo "/sbin/dip" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--#m Checking dip for suid...  "
        echo "/sbin/dip not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/games/doom/startmouse ]
then
echo "(--# Checking for Doom startmouse suid exploit...  "
        if test -u /usr/games/doom/startmouse
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/games/doom/startmouse" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for Doom startmouse suid exploit...  "
        echo "/usr/games/doom/startmouse not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/bin/dos ]  
then
echo "(--# Checking for Dosemu suid vulnerability...  "
        if test -u /usr/bin/dos
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/bin/dos" >> ~/R9-Security.$HOSTNAME
                echo ""
        else   
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else            
        echo "(--# Checking for Dosemu suid vulnerability...  "
        echo "/usr/bin/dos not installed or not found"
        echo ""
fi
sleep 1 

if [ -s /sbin/dump ] 
then
echo "(--# Checking for dump suid vulnerability...  "
        if test -u /usr/bin/dos
        then
                echo "Its set suid..probably vulnerable"
                echo "/sbin/dump" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for dump suid vulnerability...  "
        echo "/sbin/dump not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/games/lizardlib/lizardshi ]
then
echo "(--# Checking for Lizards suid vulnerability...  "
        if test -u /usr/bin/dos
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/games/lizardlib/lizardshi" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for lizards suid vulnerability...  "
        echo "/usr/games/lizardlib/lizardshi not installed or not found"
        echo ""
fi
sleep 1

if [ -s /bin/mount ] 
then
echo "(--# Checking for mount suid vulnerability...  "
        if test -u /usr/bin/dos
        then
                echo "Its set suid..probably vulnerable"
                echo "/bin/mount" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for mount suid vulnerability...  "
        echo "/bin/mount not installed or not found"
        echo ""
fi
sleep 1

if [ -s /bin/umount ] 
then
echo "(--# Checking for umount suid vulnerability...  "
        if test -u /bin/umount
        then
                echo "Its set suid..probably vulnerable"
                echo "/bin/umount" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for umount suid vulnerability...  "
        echo "/bin/umount not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/bin/mh/inc ] 
then
echo "(--# Checking for inc suid vulnerability...  "
        if test -u /usr/bin/mh/inc
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/bin/mh/inc" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for inc suid vulnerability...  "
        echo "/usr/bin/mh/inc not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/bin/mh/msgchk ] 
then
echo "(--# Checking for msgchk suid vulnerability...  "
        if test -u /usr/bin/mh/msgchk
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/bin/mh/msgchk" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for msgchk suid vulnerability...  "
        echo "/usr/bin/mh/msgchk not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/bin/resizecons ] 
then
echo "(--# Checking for resizeicons suid vulnerability...  "
        if test -u /usr/bin/resizecons
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/bin/resizecons" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for resizeicons suid vulnerability...  "
        echo "/usr/bin/resizecons not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/X11R6/bin/rxvt ] 
then
echo "(--# Checking for rxvt suid vulnerability...  " 
        if test -u /usr/X11R6/bin/rxvt
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/X11R6/bin/rxvt"    
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi      
else
        echo "(--# Checking for rxvt suid vulnerability...  "
        echo "/usr/X11R6/bin/rxvt not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/X11/bin/SuperProbe ] 
then
echo "(--# Checking for SuperProbe suid vulnerability...  "
        if test -u /usr/X11/bin/SuperProbe
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/X11/bin/SuperProbe" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for SuperProbe suid vulnerability...  "
        echo "/usr/X11/bin/SuperProbe not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/local/bin/workman ] 
then
echo "(--# Checking for workman suid vulnerability...  "
        if test -u /usr/local/bin/workman
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/local/bin/workman" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for workman suid vulnerability...  "
        echo "/usr/local/bin/workman not installed or not found"
        echo ""
fi
sleep 1

if [ -s /usr/lib/games/abuse/abuse.console ] 
then
echo "(--# Checking for Abuse suid vulnerability...  "
        if test -u /usr/lib/games/abuse/abuse.console
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/lib/games/abuse/abuse.console" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking for Abuse suid vulnerability...  "
        echo "/usr/lib/games/abuse/abuse.console not installed or not found"
        echo ""
fi
sleep 1
if [ -s /usr/X11R6/bin/X ]
then
echo "(--# Checking X for suid...  "
        if test -u /usr/X11R6/bin/X
        then
                echo "Its set suid..probably vulnerable"
                echo "/usr/X11R6/bin/X" >> ~/R9-Security.$HOSTNAME
                echo ""
        else
                echo "Program is not set suid, continuing..."
                echo ""
        fi
else
        echo "(--# Checking /usr/X11R6/bin/X for suid...  "
        echo "/usr/X11R6/bin/X not installed or not found"
        echo ""
fi
sleep 1


echo "" >> ~/R9-Security.$HOSTNAME
echo "Fix: chmod -s <FilePath>" >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Tell them wh0z sniffing
echo "Checking for a possible sniffer (PROMISC mode)..."
echo ""
echo "Sniffer check (PROMISC)" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
ifconfig |grep -i promisc >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "If you see a promisc above, you machine is set to" >> ~/R9-Security.$HOSTNAME 
echo "allow any incoming packets and possibly log them to" >> ~/R9-Security.$HOSTNAME
echo "a hidden file somewhere for l/p's" >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Permissions check booi
echo "Checking for permissions on vital directories..."
echo ""
echo "Check for correct permissions on vital directories:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
ls -la --directory /root >> ~/R9-Security.$HOSTNAME
ls -la --directory /mnt >> ~/R9-Security.$HOSTNAME
ls -la --directory /etc >> ~/R9-Security.$HOSTNAME
ls -la --directory /tmp >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Elite inetd backdoor scanner(bind a shell to a port)
echo "Checking for an inetd backdoor..."
echo ""
echo "Inetd backdoor scan:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#heh, couldnt really think of a better way =)
grep /bin/csh /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/bash /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/tcsh /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/ksh /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/bash /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/sh /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/ash /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
grep /bin/zsh /etc/inetd.conf >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Sometimes an attacker may bind a shell to a port," >> ~/R9-Security.$HOSTNAME
echo "for unlogged access." >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#.rhost vulner check 
echo "Checking for users with .rhosts files...(May take a minute)"
echo ""
echo ".rhosts file scan:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
find / -name .rhosts -print >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "If any .rhosts files showed up above, check them for" >> ~/R9-Security.$HOSTNAME
echo "a possible + +, allowing anyone unlogged access." >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#showmount check 
echo "Checking for an insecure nfs system..."
echo ""
echo "Showmount check:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
showmount -e localhost >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "If you got an error or nothing at all, you are ok.  If" >> ~/R9-Security.$HOSTNAME
echo "you got a directory list list with (everyone) next to" >> ~/R9-Security.$HOSTNAME
echo "it, anyone can access your files.  Check /etc/exports." >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Open ports
echo "Checking open ports.." 
echo ""
echo "Current Open Ports:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
./strobe -V -e 20000 localhost >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Only run the necessitites.  It is imperative to close" >> ~/R9-Security.$HOSTNAME
echo "uneeded ports, ie finger, that just invite a hacker in" >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Anonymous ftp 
echo ""
echo "Checking for anonymous ftp..."
echo ""
echo "Anonymous ftp check:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
cat /etc/passwd |grep ftp >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "If you dont want anonymous ftp, comment out ftp in" >> ~/R9-Security.$HOSTNAME
echo "/etc/passwd and /etc/shadow." >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME

#Xhost check
echo "Checking xhost..."
echo ""
echo "xhost check:" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
/usr/X11R6/bin/xhost >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Make sure that only localhost and any other trusted" >> ~/R9-Security.$HOSTNAME
echo "host are in xhost.  If not, remote users could possibly" >> ~/R9-Security.$HOSTNAME
echo "snag screen captures or send random garbage in." >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME
echo "Fix: xhost -<hostname>" >> ~/R9-Security.$HOSTNAME
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-" >> ~/R9-Security.$HOSTNAME
echo "" >> ~/R9-Security.$HOSTNAME 
echo "EOF" >> ~/R9-Security.$HOSTNAME
#
echo "Mailing the file to root..."
/bin/mail -s Rhino9-Security-Audit root@localhost < ~/R9-Security.$HOSTNAME

