annotate previous-work/more_control_helpers/bin/list_suspicious_files_from @ 1:d6bef198ae71
add work by Matthias S. Benkmann which is the inspiration for this project.
author |
Robert McIntyre <rlm@mit.edu> |
date |
Tue, 08 Jan 2013 11:45:01 +0000 |
parents |
|
children |
|
rev |
line source |
rlm@1
|
1 #!/bin/bash
|
rlm@1
|
2 # Copyright (c) 2004 Matthias S. Benkmann <article AT winterdrache DOT de>
|
rlm@1
|
3 # You may do everything with this code except misrepresent its origin.
|
rlm@1
|
4 # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND!
|
rlm@1
|
5
|
rlm@1
|
6 if [ $# != 1 -o "$1" = "--help" ]; then
|
rlm@1
|
7 echo 1>&2
|
rlm@1
|
8 echo 1>&2 'USAGE: '"${0##*/}"' <user_or_group>'
|
rlm@1
|
9 echo 1>&2
|
rlm@1
|
10 echo 1>&2 ' Outputs a categorized list of files and directories with properties'
|
rlm@1
|
11 echo 1>&2 ' that could mean trouble and should be investigated.'
|
rlm@1
|
12 echo 1>&2 ' Suspicious objects will be reported only if group and/or user equals'
|
rlm@1
|
13 echo 1>&2 ' <user_or_group> (numeric UID/GID allowed).'
|
rlm@1
|
14 echo 1>&2 ' This script calls `'"${0%_*}'"' for the real work.'
|
rlm@1
|
15 echo 1>&2
|
rlm@1
|
16 exit 1
|
rlm@1
|
17 fi
|
rlm@1
|
18
|
rlm@1
|
19 ugname="$1"
|
rlm@1
|
20
|
rlm@1
|
21 ugmatcher=(-false)
|
rlm@1
|
22 #test if find accepts ugname as a user, and append to ugmatcher if it does
|
rlm@1
|
23 if find / -maxdepth 0 -user "$ugname" >/dev/null 2>&1 ; then
|
rlm@1
|
24 ugmatcher[${#ugmatcher[@]}]="-or"
|
rlm@1
|
25 ugmatcher[${#ugmatcher[@]}]="-user"
|
rlm@1
|
26 ugmatcher[${#ugmatcher[@]}]="$ugname"
|
rlm@1
|
27 fi
|
rlm@1
|
28 #test if find accepts ugname as a group, and append to ugmatcher if it does
|
rlm@1
|
29 if find / -maxdepth 0 -group "$ugname" >/dev/null 2>&1 ; then
|
rlm@1
|
30 ugmatcher[${#ugmatcher[@]}]="-or"
|
rlm@1
|
31 ugmatcher[${#ugmatcher[@]}]="-group"
|
rlm@1
|
32 ugmatcher[${#ugmatcher[@]}]="$ugname"
|
rlm@1
|
33 fi
|
rlm@1
|
34
|
rlm@1
|
35 #if find accepted ugname as neither user nor group, then exit
|
rlm@1
|
36 if [ "${#ugmatcher[@]}" = 1 ]; then
|
rlm@1
|
37 echo 1>&2 'find does not accept `'"$ugname'"' as group or user name'
|
rlm@1
|
38 exit 1
|
rlm@1
|
39 fi
|
rlm@1
|
40
|
rlm@1
|
41 "${0%_*}" "${ugmatcher[@]}"
|