Mercurial > pkg
diff previous-work/more_control_helpers/bin/list_suspicious_files_from @ 1:d6bef198ae71
add work by Matthias S. Benkmann which is the inspiration for this project.
author | Robert McIntyre <rlm@mit.edu> |
---|---|
date | Tue, 08 Jan 2013 11:45:01 +0000 |
parents | |
children |
line wrap: on
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/previous-work/more_control_helpers/bin/list_suspicious_files_from Tue Jan 08 11:45:01 2013 +0000 1.3 @@ -0,0 +1,41 @@ 1.4 +#!/bin/bash 1.5 +# Copyright (c) 2004 Matthias S. Benkmann <article AT winterdrache DOT de> 1.6 +# You may do everything with this code except misrepresent its origin. 1.7 +# PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! 1.8 + 1.9 +if [ $# != 1 -o "$1" = "--help" ]; then 1.10 + echo 1>&2 1.11 + echo 1>&2 'USAGE: '"${0##*/}"' <user_or_group>' 1.12 + echo 1>&2 1.13 + echo 1>&2 ' Outputs a categorized list of files and directories with properties' 1.14 + echo 1>&2 ' that could mean trouble and should be investigated.' 1.15 + echo 1>&2 ' Suspicious objects will be reported only if group and/or user equals' 1.16 + echo 1>&2 ' <user_or_group> (numeric UID/GID allowed).' 1.17 + echo 1>&2 ' This script calls `'"${0%_*}'"' for the real work.' 1.18 + echo 1>&2 1.19 + exit 1 1.20 +fi 1.21 + 1.22 +ugname="$1" 1.23 + 1.24 +ugmatcher=(-false) 1.25 +#test if find accepts ugname as a user, and append to ugmatcher if it does 1.26 +if find / -maxdepth 0 -user "$ugname" >/dev/null 2>&1 ; then 1.27 + ugmatcher[${#ugmatcher[@]}]="-or" 1.28 + ugmatcher[${#ugmatcher[@]}]="-user" 1.29 + ugmatcher[${#ugmatcher[@]}]="$ugname" 1.30 +fi 1.31 +#test if find accepts ugname as a group, and append to ugmatcher if it does 1.32 +if find / -maxdepth 0 -group "$ugname" >/dev/null 2>&1 ; then 1.33 + ugmatcher[${#ugmatcher[@]}]="-or" 1.34 + ugmatcher[${#ugmatcher[@]}]="-group" 1.35 + ugmatcher[${#ugmatcher[@]}]="$ugname" 1.36 +fi 1.37 + 1.38 +#if find accepted ugname as neither user nor group, then exit 1.39 +if [ "${#ugmatcher[@]}" = 1 ]; then 1.40 + echo 1>&2 'find does not accept `'"$ugname'"' as group or user name' 1.41 + exit 1 1.42 +fi 1.43 + 1.44 +"${0%_*}" "${ugmatcher[@]}"