Listing 1. This script checks some common misconfigurations.

#!/bin/bash

mycompname=$(hostname)
mydir=/tmp/seccheck/$mycompname
myoutput=$mydir/secoutput.txt
mkdir -p $mydir

sl()
{
  SECTION=$1
  echo >> $myoutput
  echo **********$SECTION********** >> $myoutput
  echo >> $myoutput
}

echo ^^^^^^^^^^ START OF OUTPUT ^^^^^^^^^^ > $myoutput

echo -n Is this a Red Hat \(r\) or a Debian based system \(d\)?
read REPLY

case "$REPLY" in
  'r')
    yum list updates > $mydir/patchcheck.txt
    sl "Service Runlevels";chkconfig --list >> $myoutput
    sl "Auth Messages";cat /var/log/secure|grep failure >> $myoutput
    ;;
  'd')
    apt-get update
    apt-get -qs upgrade > $mydir/patchcheck.txt
    sl "Startup Services";ls -l /etc/rc2.d >> $myoutput
    sl "Auth Messages";cat /var/log/auth.log|grep failure >> $myoutput
    ;;
esac

sl "lastb Results";lastb >> $myoutput
sl "inetd check"; file -f /etc/inetd.conf && \
    echo "Are you using inetd? You should be using xinetd instead." \
        >> $myoutput
sl "xinetd Services";ls -l /etc/xinetd.d >> $myoutput
sl "hosts.allow";cat /etc/hosts.allow |grep -v "#" >> $myoutput
sl "hosts.deny";cat /etc/hosts.deny |grep -v "#"  >> $myoutput
sl "iptables output";iptables --list >> $myoutput
sl "SUID Files";find / -perm -4000 -print >> $myoutput
sl "SGID Folders";find / -perm -2000 -print >> $myoutput
sl "SUDoers";cat /etc/sudoers|grep "="|grep -v "#" >> $myoutput

echo -n "Do you want to capture Password Files"
echo -n " for an offline Password Check (y or n?)"?
read REPLY2

if [ $REPLY2 = "y" ]; then
     cp /etc/passwd /tmp/seccheck/$mycompname
     cp /etc/shadow /tmp/seccheck/$mycompname
     echo Your Password and Shadow folders have been copied to
/tmp/secheck/$mycompname
else exit
fi

echo vvvvvvvvvv END OF OUTPUT vvvvvvvvvv >> $myoutput