#!/bin/sh
# Security checks script - run daily out of the system crontab

set -e

PATH=/sbin:/bin:/usr/sbin:/usr/bin

LOG=/var/log
TMP=/tmp/_secure.$$

umask 077
cd /

find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \
     -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
  | sort >$TMP

if ! cmp -s $LOG/setuid.today $TMP >/dev/null
then
	echo "`hostname` changes to setuid programs and devices:"
	diff $LOG/setuid.today $TMP || [ $? = 1 ]
	mv $LOG/setuid.today $LOG/setuid.yesterday
	mv $TMP $LOG/setuid.today
fi
rm -f $TMP
