#!/bin/sh
#
# ========================================================================
# health
# MD5 tool script to check system health
# Written by Simple Nomad 24Jan2000
# Comments to thegnome@bos.bindview.com
# ========================================================================

# ========================================================================
# Safe file creation...
# ========================================================================
umask 077

# ========================================================================
# Variables, change locations as appropriate. Note esp. location of syslog
# messages, as these could be in syslog, messages, or some other location.
# ========================================================================
MD5=/sbin/md5
MSGS=/var/log/syslog
TOOLDIR=/usr/local/md5-tool
SUID=$TOOLDIR/suid-baseline
UNAME=`uname -n`
DATE=`date`
TEMP1=$TOOLDIR/healtha$$
TEMP2=$TOOLDIR/healthb$$
TEMP3=$TOOLDIR/healthc$$
MAILTO=`cat $TOOLDIR/mail_to | grep -v "#" | tr -s '\n' '  '`

# ========================================================================
# Start building report (this includes uptime).
# ========================================================================
echo "$UNAME Report - $DATE" > $TEMP1
echo " " >> $TEMP1
# ========================================================================
# Check who's logged in right now.
# ========================================================================
echo "Who's on now" >> $TEMP1
echo "------------" >> $TEMP1
w >> $TEMP1
echo " " >> $TEMP1
# ========================================================================
# Check who was logged in today.
# ========================================================================
echo "Who's been on" >> $TEMP1
echo "-------------" >> $TEMP1
last | grep "`date | awk '{ print $2\" \"$3}'`" >> $TEMP1
echo " " >> $TEMP1
# ========================================================================
# Check for failed login attempts.
# ========================================================================
echo "Failed Logins" >> $TEMP1
echo "-------------" >> $TEMP1
grep "failed login" $MSGS >> $TEMP1
echo " " >> $TEMP1

# ========================================================================
# Check for uid 0 accounts in /etc/passwd
# ========================================================================
echo "UID 0 Accounts" >> $TEMP1
echo "--------------" >> $TEMP1
cat /etc/passwd | awk -F ":" '{if ($3 == 0) print $0}' >> $TEMP1
echo " " >> $TEMP1

# ========================================================================
# Check for new or modified SUID/SGID root files.
# ========================================================================
echo "New or changed SUID/SGID Files" >> $TEMP1
echo "------------------------------" >> $TEMP1
echo " " >> $TEMP1
find / -type f -user root \( -perm -2000 -o -perm -4000 \) ! -fstype nfs | tr -s '\n' '  ' > $TEMP2
for FILES in $TEMP2
do
 $MD5 $FILES >> $TEMP3
done
DIFF=`diff $TEMP3 $SUID`
if [ X = X$DIFF ]; then
	echo "No new or changed SUID/SGID files found." >> $TEMP1  
else
	echo $DIFF >> $TEMP1        
fi
rm $TEMP2 $TEMP3

# ========================================================================
# Check the running processes.
# ========================================================================
echo "Processes running" >> $TEMP1
echo "-----------------" >> $TEMP1
ps -ef >> $TEMP1
echo " " >> $TEMP1
# ========================================================================
# Check the mounted file systems.
# ========================================================================
echo "File systems mounted" >> $TEMP1
echo "--------------------" >> $TEMP1
df -k >> $TEMP1
echo " " >> $TEMP1
# ========================================================================
# Check the network connections.
# ========================================================================
echo "Network connections" >> $TEMP1
echo "-------------------" >> $TEMP1
netstat -a -f inet >> $TEMP1
echo " " >> $TEMP1

# ========================================================================
# Mail report to the appropriate people.
# ========================================================================
for PEOPLE in $MAILTO
do
 cat $TEMP1 | mail -s "$UNAME Report - $DATE" $PEOPLE
done
rm $TEMP1

# ========================================================================
# End of script.
# ========================================================================