#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 1, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_logfiles - 11/10/2001
#
# check_logfiles - 08/09/2001 - jfs - fixed to add GREP and WC to haveallcmds
#                  detected when testing in Solaris 8. Also changed == to =
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="."

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds TAIL SED HEAD EXPAND GREP WC CAT SORT AWK LS RM || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------

echo
echo "# Checking for existence of log files..."

haveallcmds TAIL SED HEAD EXPAND GREP WC SORT RM LS AWK || exit 1


#####
# Check various accounting files
#####

[ ! -r /var/log/wtmp ] &&
    #echo "...Warning: /var/log/wtmp does not exist"
    message FAIL logf001f "" "Log file wtmp does not exist"

[ ! -r /var/log/btmp ] &&
    #echo "...Warning: /var/log/btmp does not exist"
    message FAIL logf002f "" "Log file btmp does not exist"

[ ! -r /var/log/lastlog ] && 
    #echo "...Warning: /var/log/lastlog does not exist"
    message FAIL logf003f "" "Log file lastlog does not exist"

[ ! -r /var/run/utmp ] &&
    #echo "...Warning: /var/run/utmp does not exist"
    message FAIL logf004f "" "Log file utmp does not exist"


#####
# Check to ensure that the umask is set correctly
#####

echo
echo "# Checking for correct umask settings..."

for file in '/etc/profile' '/etc/csh.login' '/etc/bashrc'
do
   [ -r $file ] && {

   Occurance=`$GREP umask $file | $WC -l`

   if [ $Occurance = 0 ]; then
	#echo "No umask entry"
	message WARN logf005w "" "There are no umask entries in $file"

   elif [ $Occurance = 1 ]; then
	UMASK1=`$GREP umask $file  \
           | $EXPAND \
           | $SED -e "s/^.*umask//"\
           | $CUT -d" " -f2`

	[ $UMASK1 != 002 -a $UMASK1 != 022 ] && 
		#echo "The umask setting in $file is insecure"
		message FAIL logf006f '' "The umask setting in $file is insecure"


    elif [ $Occurance = 2 ]; then
	UMASK1=`$GREP umask $file  \
             | $EXPAND \
             | $HEAD -n 1 \
             | $SED -e "s/^.*umask//" \
             | $CUT -d" "  -f2`
    	UMASK2=`$GREP umask $file  \
             | $EXPAND \
             | $TAIL -n 1 \
             | $SED -e "s/^.*umask//" \
             | $CUT -d" " -f2`

 	[ $UMASK1 != 002 -a $UMASK1 != 022 -o $UMASK2 != 002 -a $UMASK2 != 022 ] &&
		#echo "The umask setting in $file is insecure"
                message FAIL logf006f '' "The umask setting in $file is insecure"
	else
		#echo "There are > 2 umask entries in the config file $file"
		message WARN logf007w '' "More than 2 umask entries in $file"

fi

}

done
