vic@localhost ~ $ cd lsat-0.9.2 vic@localhost ~/lsat-0.9.2 $ grep "/tmp" ./* ./README.modules:- checks that /tmp and /var/tmp have sitcky bit set ./README.modules: tempfile = "/tmp/lsat1.lsat"; ./README.modules: shellcode = "find / -name badstuff 2>/dev/null >/tmp/lsat1.lsat"; ./README.modules:if ((fileval = open("/tmp/lsat4.lsat", O_RDWR | O_CREAT, 0600)) < 0) ./checkcfg.c: tempfile = "/tmp/lsat1.lsat"; ./checkcfg.c: shellcode= "/sbin/chkconfig --list 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkdotfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkdotfiles.c: shellcode = "find / -mount -name \'.exrc\' 2>/dev/null | tee > /tmp/lsat1.lsat"; ./checkdotfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkdotfiles.c: shellcode = "find / -mount -find \'.forward\' 2>/dev/null |tee > /tmp/lsat1.lsat"; ./checkdotfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkdotfiles.c: shellcode = "find / -mount -name .rhosts 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkdotfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkdotfiles.c: shellcode = "find / -mount -name .netrc 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkfiles.c:/* that /tmp and /var/tmp have the */ ./checkfiles.c: const char * in_file = "/tmp/lsat1.lsat"; ./checkfiles.c: const char * secondtf = "/tmp/lsat2.lsat"; ./checkfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "ls -l / /var 2>/dev/null |grep tmp 2>/dev/null |tee >/tmp/lsat1.lsat"; ./checkfiles.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./checkfiles.c: if ((fileval = open("/tmp/lsat2.lsat", O_RDWR | O_CREAT | O_EXCL, 0600)) < 0) ./checkfiles.c: secondtmpfile = fopen("/tmp/lsat2.lsat", "a"); ./checkfiles.c: fprintf(secondtmpfile, "Sticky bit not set on /tmp.\n"); ./checkfiles.c: fprintf(secondtmpfile, "Please set sticky bit on /tmp.\n"); ./checkfiles.c: fprintf(secondtmpfile, "Sticky bit not set on /var/tmp.\n"); ./checkfiles.c: fprintf(secondtmpfile, "Please set sticky bit on /var/tmp.\n"); ./checkfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /var -name utmp 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /var -name wtmp 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /etc -name motd 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /etc -name mtab 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /var -name syslog\\*.pid 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find /boot -name vmlinuz\\* 2>/dev/null |grep -v find |xargs ls -ln 2>/dev/null >>/tmp/lsat1.lsat"; ./checkfiles.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./checkfiles.c: if ((fileval = open("/tmp/lsat2.lsat", O_RDWR | O_CREAT | O_EXCL, 0600)) < 0) ./checkfiles.c: secondtmpfile = fopen("/tmp/lsat2.lsat", "a"); ./checkfiles.c: /* /var/tmp should be owned by root. */ ./checkfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "ls -ln / |grep -v total 2>/dev/null |tee > /tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "ls -ln /usr |grep -v total 2>/dev/null | tee >> /tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "ls -ln /var |grep -v total 2>/dev/null |tee >> /tmp/lsat1.lsat"; ./checkfiles.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./checkfiles.c: if ((fileval = open("/tmp/lsat2.lsat", O_RDWR | O_CREAT | O_EXCL, 0600)) < 0) ./checkfiles.c: secondtmpfile = fopen("/tmp/lsat2.lsat", "a"); ./checkfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkfiles.c: shellcode = "find / -nouser -o -nogroup 2>/dev/null |grep -v find |tee 2>/dev/null >>/tmp/lsat1.lsat"; ./checkftpusers.c: const char * tmp_file = "/tmp/lsat2.lsat"; ./checkftpusers.c: tempfile = "/tmp/lsat1.lsat"; ./checkftpusers.c: shellcode = "cat /etc/passwd |awk -F\":\" 'length($1) > 0 {print $1}' 2>/dev/null >/tmp/lsat1.lsat"; ./checkftpusers.c: passfile=fopen("/tmp/lsat1.lsat", "r"); ./checkhostsfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkhostsfiles.c: shellcode = "grep -v \\# /etc/hosts.allow 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkhostsfiles.c: fileptr = fopen("/tmp/lsat1.lsat", "r"); ./checkhostsfiles.c: shellcode = "grep -v \\# /etc/hosts.deny 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkhostsfiles.c: fileptr = fopen("/tmp/lsat1.lsat", "r"); ./checkinetd.c: const char * tmp_file = "/tmp/lsat2.lsat"; /* temp file */ ./checkinetd.c: tempfile = "/tmp/lsat1.lsat"; ./checkinetd.c: shellcode = "grep -Ev ^\\[:space:\\]*\\# /etc/inetd.conf >/tmp/lsat1.lsat"; ./checkinetd.c: shellcode = "grep -v \\# /etc/inetd.conf >/tmp/lsat1.lsat"; ./checkinetd.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./checkinetd.c: tempfile = "/tmp/lsat1.lsat"; ./checkinetd.c: shellcode = "grep disable /etc/xinetd.d/* 2>/dev/null |grep no 2>/dev/null |awk -F\" \" 'length($1 $4) > 0 {print($1 $4)}' >/tmp/lsat1.lsat"; ./checkmd5.c: tempfile="/tmp/lsat1.lsat"; ./checkmd5.c: shellcode = "find / -type f -print0 2>/dev/null |xargs -0 md5 2>/dev/null >> /tmp/lsat1.lsat"; ./checkmd5.c: shellcode = "find / -path /dev -prune -o -path /proc -prune -o -path /home -prune -o -path /var -prune -o -path /tmp -prune -o -type f -exec md5sum \\{\\} \\; 2>/dev/null >> /tmp/lsat1.lsat"; ./checkmodules.c: tempfile = "/tmp/lsat1.lsat"; ./checkmodules.c: shellcode = "/usr/bin/strings -an1 /proc/modules 2>&1>/tmp/lsat1.lsat"; ./checkmodules.c: tempfile = "/tmp/lsat1.lsat"; ./checkmodules.c: shellcode = "/sbin/lsmod 2>&1>/tmp/lsat1.lsat"; ./checknet.c: const char * tmp_file = "/tmp/lsat2.lsat"; ./checknet.c: tempfile = "/tmp/lsat1.lsat"; ./checknet.c: shellcode = "netstat -an |grep LISTEN |grep 0.0.0.0 2>/dev/null >>/tmp/lsat1.lsat"; ./checknet.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./checknet.c: tempfile = "/tmp/lsat1.lsat"; ./checknet.c: shellcode = "netstat -a -f inet |grep LISTEN |awk -F\" \" 'length($1) > 0 {print $1}' 2>/dev/null >> /tmp/lsat1.lsat"; ./checknet.c: shellcode = "nmap -v -T insane `ifconfig | grep inet | grep -v inet6 | awk -F\" \" 'length($2) > 0 {print $2}' |grep -v 127.0.0.1 |xargs` 2>/dev/null >>/tmp/lsat1.lsat"; ./checknet.c: shellcode = "nmap -v -T insane `/sbin/ifconfig |grep inet |awk -F\" \" 'length($2) > 0 {print $2}' |awk -F \":\" 'length($2) > 0 {print $2}' |grep -v 127.0.0.1 |xargs` 2>/dev/null >>/tmp/lsat1.lsat"; ./checknet.c: shellcode = "nmap -v -T insane `grep loghost /etc/hosts |awk -F\" \" 'length($1) > 0 {print $1}' |xargs` 2>/dev/null >>/tmp/lsat1.lsat"; ./checknet.c: shellcode = "nmap -v -T insane `/sbin/ifconfig |grep inet |grep -v 127.0.0.1 |awk -F\" \" 'length($2) > 0 {print $2}' |awk -F\":\" 'length($2) >0 {print $2}' |xargs` 2>/dev/null >>/tmp/lsat1.lsat"; ./checknetp.c: if ((system("/sbin/ip link show|grep -e PROMISC|cut -d':' -f 2 2>/dev/null >> /tmp/lsat1.lsat")) == 0) ./checknetp.c: if ((system("/sbin/ifconfig |grep -B 2 PROMISC 2>/dev/null |grep Link 2>/dev/null |awk -F" " 'length($1) > 0 {print $1}' 2>/dev/null >> /tmp/lsat1.lsat")) == 0) ./checknetp.c: tempfile = "/tmp/lsat1.lsat"; ./checkopenfiles.c: tempfile = "/tmp/lsat1.lsat"; ./checkopenfiles.c: shellcode = "lsof 2>/dev/null >>/tmp/lsat1.lsat"; ./checkpasswd.c: const char * tmp_file = "/tmp/lsat2.lsat"; /* temp file for storage */ ./checkpasswd.c: shellcode = "cat /etc/passwd |awk -F\":\" 'length($1) > 0 {print $1}' |grep -v \\# 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkpasswd.c: tempfile = "/tmp/lsat1.lsat"; ./checkpasswd.c: passfile=fopen("/tmp/lsat1.lsat", "r"); ./checkpasswd.c: tempfile = "/tmp/lsat1.lsat"; ./checkpasswd.c: shellcode = "awk -F: '($3 == 0) {print $1}' /etc/passwd | grep -v root 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkpasswd.c: shellcode = "grep ^+: /etc/passwd /etc/shadow /etc/group 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkpasswd.c: shellcode = "/usr/xpg4/bin/egrep \\^\\[+:\\] /etc/passwd /etc/shadow /etc/group 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkpasswd.c: shellcode = "awk -F: '($2 == \"\") {print $1}' /etc/shadow 1>/dev/null 2>/dev/null >/tmp/lsat1.lsat"; ./checkpkgs.c: const char * tmp_file = "/tmp/lsat2.lsat"; /* tmp file for output */ ./checkpkgs.c: tempfile = "/tmp/lsat1.lsat"; ./checkpkgs.c: shellcode = "rpm -qa >> /tmp/lsat1.lsat"; ./checkpkgs.c: shellcode = "dpkg -l |awk -F\" \" 'length($2) > 0 {print $2}' 1>/dev/null 2>/dev/null >> /tmp/lsat1.lsat"; ./checkpkgs.c: shellcode = "pkginfo -x |awk -F" " 'length($1) > 0 {print $1}' 1>/dev/null 2>/dev/null >> /tmp/lsat1.lsat"; ./checkpkgs.c: shellcode = "/usr/lib/portage/bin/pkglist >>/tmp/lsat1.lsat"; ./checkpkgs.c: shellcode = "ls /var/log/packages >>/tmp/lsat1.lsat"; ./checkpkgs.c: templist=fopen("/tmp/lsat1.lsat", "r"); ./checkpkgs.c: perror(" Can't open /tmp/templist.txt!!\n"); ./checkrc.c: tempfile="/tmp/lsat1.lsat"; ./checkrc.c: shellcode="ls /etc/init.d/ 2>/dev/null >/tmp/lsat1.lsat"; ./checkrc.c: shellcode="ls /etc/rc.d/ 2>/dev/null >/tmp/lsat1.lsat"; ./checkrc.c: /* shellcode="find /etc/rc.d/ -exec basename \{\\} \\; 2>/dev/null >/tmp/lsat1.lsat; echo finished"; */ ./checkrc.c: shellcode = "ls /etc/rc.d 2>/dev/null >/tmp/lsat1.lsat"; ./checkrc.c: shellcode="ls /etc/rc2.d/ 2>/dev/null >/tmp/lsat1.lsat || ls /etc/rc3.d/ 2>/dev/null >/tmp/lsat1.lsat"; ./checkrc.c: rcfile=fopen("/tmp/lsat1.lsat", "r"); ./checkrc.c: if (system("rm -f /tmp/lsat1.lsat") < 0) ./checkrcperms.c: const char *const tempfile="/tmp/lsat1.lsat"; ./checkrcperms.c: shellcode="find /etc/rc.d/init.d/ -type f ! \\( -perm 700 \\) -exec ls {} \\; | tee >/tmp/lsat1.lsat"; ./checkrcperms.c: shellcode="find /etc/init.d/ -type f ! \\( -perm 700 \\) -exec ls {} \\; | tee >/tmp/lsat1.lsat"; ./checkrpm.c: tempfile = "/tmp/lsat1.lsat"; ./checkrpm.c: shellcode = "rpm -Va 2>/dev/null >/tmp/lsat1.lsat"; ./checkset.c: const char *const tempfile="/tmp/lsat1.lsat"; ./checkset.c: shellcode="find / -mount -perm +4000 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkset.c: shellcode="find / -mount -perm -2000 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkset.c: shellcode="find /dev -mount -type f 2>/dev/null|grep -v X0R 2>/dev/null|grep -v watchdog 2>/dev/null|grep -v MAKEDEV.ibcs 2>/dev/null| tee > /tmp/lsat1.lsat"; ./checkumask.c: tempfile="/tmp/lsat1.lsat"; ./checkumask.c: shellcode="grep -e umask /etc/* 2>/dev/null|grep -v :# 2>/dev/null |grep -v directory 2>/dev/null |grep -v if 2>/dev/null|awk -F\"umask\" 'length($1 $2) > 0 {print($1 $2)}' |grep -v octal >/tmp/lsat1.lsat"; ./checkwrite.c: tempfile = "/tmp/lsat1.lsat"; ./checkwrite.c: shellcode = "find / -type f -perm -o+w 2>/dev/null |tee >/tmp/lsat1.lsat"; ./checkwrite.c: shellcode= "find / -mount -type f -perm -2 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkwrite.c: tempfile = "/tmp/lsat1.lsat"; ./checkwrite.c: shellcode = "find / -type f -perm -g+w 2>/dev/null |tee >/tmp/lsat1.lsat"; ./checkwrite.c: shellcode= "find / -mount -type f -perm -20 2>/dev/null | tee > /tmp/lsat1.lsat"; ./checkwrite.c: tempfile ="/tmp/lsat1.lsat"; ./checkwrite.c: shellcode = "find / -type d -perm -o+w 2>/dev/null |tee >/tmp/lsat1.lsat"; ./checkwrite.c: shellcode="find / -mount -type d -perm -2 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkwrite.c: tempfile ="/tmp/lsat1.lsat"; ./checkwrite.c: shellcode = "find / -type d -perm -o+w 2>/dev/null |tee >/tmp/lsat1.lsat"; ./checkwrite.c: shellcode = "find / -mount -type d -perm -20 2>/dev/null | tee >/tmp/lsat1.lsat"; ./checkx.c: shellcode = "ps -afl |grep startx |grep -v grep 2>/dev/null >/tmp/lsat1.lsat"; ./checkx.c: tempfile = "/tmp/lsat1.lsat"; ./lsatheader.h:/* check for sticky bits on /tmp, /var/tmp */ ./lsatmain.c: if ((fileval = open("/tmp/lsat1.lsat", O_RDWR | O_CREAT | O_EXCL | O_EXCL, 0600)) < 0) ./lsatmain.c: if ( (system("uname -a >> /tmp/lsat1.lsat")) < 0) ./lsatmain.c: infile = fopen("/tmp/lsat1.lsat", "r"); ./lsatmain.c: if ( (system("rm -f /tmp/lsat1.lsat")) < 0) ./lsatmain.c:/* lsatn.lsat where n is an integer, and should be in /tmp/ */ ./lsatmain.c: if ((system("rm -f /tmp/lsat*.lsat 1>/dev/null 2>/dev/null")) != 0) ./lsatmain.c: /* on /tmp & /var/tmp. I will add more */ ./modules.html:- checks that /tmp and /var/tmp have sitcky bit set ./modules.html: tempfile = "/tmp/lsat1.lsat"; ./modules.html: shellcode = "find / -name badstuff 2>/dev/null >/tmp/lsat1.lsat"; ./modules.html:if ((fileval = open("/tmp/lsat4.lsat", O_RDWR | O_CREAT, 0600)) < 0)