#!/bin/bash
+## Originally...
# Copyright (c) 2004 Matthias S. Benkmann <article AT winterdrache DOT de>
# You may do everything with this code except misrepresent its origin.
# PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND!
+# Copyright (C) 2014 Steve Youngs <steve@steveyoungs.com>
+# many updates/tweaks --SY.
+
# The following list should contain the mount points of all filesystems
# that are to be scanned as a space-separated list within parentheses.
# / will usually be in this list and if you have /usr
# / \
# /opt \
# /usr \
-# /usr/X11R6 \
-# /usr/lib \
-# /usr/share \
# /usr/src \
# /var)
# may have crept in.
# Ideally, this list should be empty.
-prune_prefixes=(/root /*/lost+found) #NO TRAILING SLASHES!!!
+prune_prefixes=(/root /{,*/{,*/}}lost+found) #NO TRAILING SLASHES!!!
## Bastard settings
#prune_prefixes=(\
-# /root \
# /{,*/{,*/}}lost+found \
-# /etc/polkit-1/localauthority \
-# /etc/sudoers.d \
+# /root \
# /opt/pgsql/data \
-# /var/lib/{polkit-1,sasl,net-snmp,udisks} \
-# /var/log/syslog-ng \
-# /mnt \
-# /media)
+# /opt/sql-ledger/{spool,templates,users,css} \
+# /etc/apache/ssl.key \
+# /etc/audisp/plugins.d \
+# /etc/cups/ssl \
+# /etc/firewall \
+# /etc/mail/spamassassin \
+# /etc/pam.d \
+# /etc/polkit-1/rules.d \
+# /etc/skel \
+# /etc/ssl/private \
+# /etc/sudoers.d \
+# /var/lib/colord/.cache \
+# /var/lib/{sasl,sudo,net-snmp,udisks{,2},NetworkManager} \
+# /var/log \
+# /usr/lib/pkgusr \
+# /usr/share/polkit-1/rules.d \
+# /var/tmp \
+# /var/{cache,chroot,db,run,snmp,spool} \
+# /var/lib/{sshd,nfs,spamassassin,pulse,machines}) #NO TRAILING SLASHES!!!!
+
+# Set the following to `-noleaf' if you are scanning non-UNIX filesystems
+# like MS-DOS, CD-ROM etc. But only do so if you really need it as it
+# will slow the search significantly.
+# NOLEAF='-noleaf'
+NOLEAF=
# If the following variable is set to "yes", then files that contain
# control characters or other non-printable characters (except for space)
# will be reported as suspicious.
# This test slows down the search considerably!
-enable_illchars=yes
+#enable_illchars=yes
+enable_illchars=no
# suppress ugly debug output from shell
usergroupmatch=(\( "$@" \))
fi
-#construct find commands that match the prune_prefixes. Each prefix will be
-#matched as -path <prefix> -or -path <prefix>/*
-#so that the directory itself and all subdirectories are matched.
+# construct find commands that match the prune_prefixes. Each prefix will be
+# matched as -path <prefix> -or -path <prefix>/*
+# so that the directory itself and all subdirectories are matched.
y=(\( -false)
for ((i=0; $i<${#prune_prefixes[@]}; i=$i+1))
do
OP \( -type d -not -group install -not "${dirgoodperm[@]}" $(report "DIRECTORIES WITH UNUSUAL PERMISSIONS") \)
)
-#insert unique codes for the messages
+# insert unique codes for the messages
code=100
for ((i=0; $i<${#bad[@]}; i=$i+1))
do
fi
done
-#Add a default case to onebad.
-#This should never be hit, because the explicit cases should catch all
-#files, but just in case I've missed something, this will catch it.
+# Add a default case to onebad.
+# This should never be hit, because the explicit cases should catch all
+# files, but just in case I've missed something, this will catch it.
onebad=("${onebad[@]}" -or $(report "WEIRD SHIT") )
-#make allbad always return false
+# make allbad always return false
allbad=("${allbad[@]}" , -false)
cmd=( "${usergroupmatch[@]}" -and
\( \( "${good[@]}" \) -or \( "${allbad[@]}" \) -or \( "${onebad[@]}" \) \)
)
-#In the following find command, the part
+# In the following find command, the part
# -not ( ( "${y[@]}" -prune ) -or "${y[@]}" )
-#is responsible for preventing the files that match prune_prefixes from
-#being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because
-#-prune has no effect and is always false when -depth is used.
-find "${fs_to_scan[@]}" -xdev -noleaf \
+# is responsible for preventing the files that match prune_prefixes from
+# being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because
+# -prune has no effect and is always false when -depth is used.
+find "${fs_to_scan[@]}" -xdev $NOLEAF \
-not \( \( "${y[@]}" -prune \) -or "${y[@]}" \) \
-and \( "${cmd[@]}" \) 2>/dev/null |
sed 's/^\(...2\) \([0-9]\+ 2 \)\?\([^ ]\+\) \+[^ ]\+ \+\([^ ]\+\) \+\([^ ]\+\) \+[^"]\+\(".\+\)/\1 \2\3 \6 \4:\5/' |