#!/bin/sh
#
#SYSTEMS: Solaris, Linux
#
# Script to check for the file /etc/issue.  It does not verify the
# file is a legitimate banner, just that it exists.  It does check for
# a reasonable size and looks for evidence of OS identifiers.
#

MSG="# Checking banner files..."
SYSTEM=`uname -s`
######Solaris######
if [ "$SYSTEM" = "SunOS" ]; then
  echo ""; echo "$MSG"
  FTPD=/etc/default/ftpd  #used by ftp.
  TELNETD=/etc/default/telnetd  #used by telnet.
  #
  for j in `echo $FTPD $TELNETD`; do
  if [ ! -s $j ]; then
    echo "--WARN-- [ISSUE006w] The file $j is empty or not present."
  else
    BANNER=`grep "BANNER=" $j`
    if [ "$BANNER" = "" ]; then  #No banner line
      echo "--WARN-- [ISSUE006w] The file $j does not contain a BANNER line."
    else
      SYSINFO1=`echo $BANNER | grep "SunOS"`
      SYSINFO2=`echo $BANNER | grep "uname"`
      if [ "$SYSINFO1" != "" -o "$SYSINFO1" != "" ]; then #System info possibly in banner...
        echo "--FAIL-- [ISSUE007f] The BANNER line in $j seems to contain system information."
      fi
    fi
  fi
  done
fi
######Linux######
if [ "$SYSTEM" = "Linux" ]; then
  echo ""; echo "$MSG"
  ISSUENET=/etc/issue.net
  if [ ! -s $ISSUENET ]; then
    echo "--WARN-- [ISSUE004w] The file $ISSUENET is NOT present."
  else
    SYSINFO1=`grep "Linux" $ISSUENET`
    SYSINFO2=`grep "uname" $ISSUENET`
    if [ "$SYSINFO1" != "" -o "$SYSINFO2" != "" ]; then #System info possibly in banner...
      echo "--FAIL-- [ISSUE005f] The banner file $ISSUENET seems to contain system information."
    fi
  fi
fi
######COMMON######
if [ "$SYSTEM" = "SunOS" -o "$SYSTEM" = "Linux" ]; then
  ISSUE=/etc/issue
  MOTD=/etc/motd
  for i in `echo $ISSUE $MOTD`; do
  if [ ! -s $i ]; then
    echo "--WARN-- [ISSUE001w] The banner file $i is NOT present."
  else
    SIZE=`ls -l $i | awk '{print $5}'`
    if [ "$SIZE" -lt 250 ]; then #The banner may be only a small header...
      echo "--INFO-- [ISSUE002w] The banner file $i is small."
    fi
    SUNINFO=`grep "SunOS" $i`
    LININFO=`grep "Linux" $i`
    if [ "$SUNINFO" != "" -o "$LININFO" != "" ]; then #System info possibly in banner...
      echo "--FAIL-- [ISSUE003f] The banner file $i seems to contain system information."
    fi
  fi
  done
fi
