#!/bin/sh
#
# SYSTEMS: Solaris
# This script disables the nobody UID access to secure RPC.  In Solaris 9, 
# this is done by setting the 'ENABLE_NOBODY_KEYS' parameter in the 
# /etc/default/keyserv file to 'NO'.  Prior to Solaris 9, this is done by 
# adding the '-d' option to the 'keyserv' command in the /etc/init.d/rpc file.
#
MSG="# Checking for 'nobody' access to SecureRPC information..."
SYSTEM=`uname -s`
######Solaris######
if [ "$SYSTEM" = "SunOS" ]; then
  echo ""; echo "$MSG"
  case "`uname -r`" in
  5.[9]*)
    KEYSERV="/etc/default/keyserv"
    if [ -f ${KEYSERV} ]; then
      if [ `grep -c '^ENABLE_NOBODY_KEYS=' ${KEYSERV}` = 0 ]; then
        echo "--WARN-- [KEYSERV001w] 'ENABLE_NOBODY_KEYS' not found in ${KEYSERV}."
        Value=`grep '^ENABLE_NOBODY_KEYS=' ${KEYSERV} | awk -F= '{ print $2 }' 2>/dev/null`
        if [ "${Value}" != "NO" ]; then
          echo "--WARN-- [KEYSERV001w] 'ENABLE_NOBODY_KEYS' NOT set to 'NO' in ${KEYSERV}."
        fi
      fi  	
    fi;;
  esac
#The following applies to all Solaris systems...
  RPC=/etc/init.d/rpc
  if [ -f ${RPC} ]; then
    KEY=`grep -v "^#" ${RPC} | grep "/usr/sbin/keyserv"`
    if [ "$KEY" != "" ]; then  #keyserv is enabled, check for -d use...
      DASHD=`echo $KEY | grep -c "\-d"`
      if [ "$DASHD" = 0 ]; then  #no -d found with keyserv 
      ###This is ok in Solaris 9 if ENABLE_NOBODY_KEYS=NO, but lets point it out anyway.  Explain it in the Explain file.
        echo "--WARN-- [KEYSERV002w] '-d' NOT used with '/usr/sbin/keyserv' in ${RPC}."
      fi
    fi
  fi
fi