#!/bin/sh
#
# Script to check for the file /etc/ftpusers for administrative accounts
# which are not to be allowed ftp access.
#
#SYSTEMS: Solaris, Linux
######COMMON######
MSG="# Checking the /etc/ftpusers and admin accounts..."
echo ""; echo "$MSG"
FTPUSERS=/etc/ftpusers
PASSWD=/etc/passwd
if [ -s ${FTPUSERS} ]; then           #Check for administrative accounts...
    ACCTS="root daemon bin sys adm lp uucp nuucp listen nobody noaccess nobody4 news smtp hpdb guest"
    for i in `echo $ACCTS`; do        #Check to see if account is in the ftpusers file...
	FU=`grep "^$i" $FTPUSERS`
	if [ "$FU" = "" ]; then       #Account not in ftpusers.  Check if in /etc/passwd...
	    PW=`grep "^$i" $PASSWD`
	    if [ "$PW" != "" ]; then  #Account is in /etc/passwd but not in ftpusers ... BAD!
		echo "--WARN-- [FTPUSERS002w] The administrative account \"$i\" is NOT in the $FTPUSERS file."
	    fi
	fi
    done
else
    echo "--WARN-- [FTPUSERS001w] The file /etc/ftpusers is NOT present."
fi
