ww_files_audit.pl

1. #!/usr/bin/perl
2.  
3. use warnings;
4. use strict;
5. use Fcntl ':mode';
6. use File::Find;
7. no warnings 'File::Find';
8. no warnings 'uninitialized';
9.  
10. my $dir = "/var/log/tivoli/";
11. my $mtab = "/etc/mtab";
12. my $permFile = "world_writable_w_files.txt";
13. my $tmpFile = "world_writable_files.tmp";
14. my $exclude = "/usr/local/etc/world_writable_excludes.txt";
15. #my $mask = S_IWUSR | S_IWGRP | S_IWOTH;
16. my (%excludes, %devNums);
17. my ($regExcld, $errHeader);
18.  
19. # Compile a list of mountpoints that need to be scanned
20. my @mounts;
21.  
22. open MT, "<${mtab}" or die "Cannot open ${mtab}, $!";
23.  
24. # We only want the local mountpoints
25. while (<MT>) {
26.   if ($_ =~ /ext[34]/) {
27.     chomp;
28.     my @line = split;
29.     push(@mounts, $line[1]);
30.     my @stats = stat($_);
31.     $devNums{$stats[0]} = $_;
32.   }
33. }
34.  
35. close MT;
36.  
37. # Build a hash of each mountpoint's device number for future comparison
38. #foreach (@mounts) {
39. #  my @stats = stat($_);
40. #  $devNums{$stats[0]} = $_;
41. #}
42.  
43. # Build a hash from /usr/local/etc/world_writables_excludes.txt
44. if ((! -e $exclude) || (-z $exclude)) {
45.   $errHeader = <<HEADER;
46. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
47. !!                                                  !!
48. !! /usr/local/etc/world_writable_excludes.txt is    !!
49. !! is missing or empty. This report includes        !!
50. !! every world-writable file including those which  !!
51. !! are expected and should be excluded.             !!
52. !!                                                  !!
53. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
54.  
55.  
56. HEADER
57.  
58. } else {
59.   open XCLD, "<${exclude}" or die "Cannot open ${exclude}, $!\n";
60.   while (<XCLD>) {
61.     chomp;
62.     $excludes{$_} = 1;
63.   }
64. }
65.  
66. sub wanted {
67.   # Is it excluded from the report...
68.   return if (exists $excludes{$File::Find::name});
69.  
70.   # ...in a basic directory, ...
71.   return if $File::Find::dir =~ /sys|proc|dev/;
72.  
73.   # ...a regular file, ...
74.   return unless -f;
75.  
76.   # ...local, ...
77.   my @dirStats = stat($File::Find::name);
78.   return if (exists $devNums{$dirStats[0]});
79.  
80.   # ...and world writable?
81. #  return unless $dirStats[2] & $mask == $mask;
82.   return unless (((stat)[2] & S_IWUSR) && ((stat)[2] & S_IWGRP) && ((stat)[2] & S_IWOTH));
83.  
84.   # If so, add the file to the list of world writable files
85.   print(WWFILE "$File::Find::name\n");
86.  
87. }
88.  
89. # Create the output file path if it doesn't already exist.
90. mkdir($dir or die "Cannot execute mkdir on ${dir}, $!") unless (-d $dir);
91.  
92. # Create our filehandle for writing our findings
93. open WWFILE, ">${dir}${tmpFile}" or die "Cannot open ${dir}${tmpFile}, $!";
94. print(WWFILE "${errHeader}") if ($errHeader);
95.  
96. find(\&wanted, @mounts);
97.  
98. close WWFILE;
99.  
100. # If no world-writable files have been found ${tmpFile} should be zero-size;
101. # Delete it so Tivoli won't alert
102. if (-z "${dir}${tmpFile}") {
103.   unlink "${dir}${tmpFile}";
104.  
105. } else {
106.   rename("${dir}${tmpFile}","${dir}${permFile}") or die "Cannot rename file ${dir}${tmpFile}, $!";
107.  
108. }