#!/bin/sh
# SYSTEMS: Solaris, Linux
# This script disables caching of passwords, groups, hosts and ipnodes entries
# by the name service cache daemon (NSCD).
MSG="# Checking for NSCD and caching of entries by NSCD (Name Service Cache Daemon)..."
SYSTEM=`uname -s`
######Common######
if [ "$SYSTEM" = "SunOS" -o "$SYSTEM" = "Linux" ]; then
  echo ""; echo "$MSG"
  PS=`ps -ef | grep "/nscd" | grep -v grep`
  if [ "$PS" != "" ]; then  #NSCD is running
    echo "--WARN-- [NSCD001w] The 'nscd' process is running on this system."
  fi
fi
######Solaris######
if [ "$SYSTEM" = "SunOS" ]; then
  NSCD=/etc/nscd.conf
  if [ -f ${NSCD} ]; then
    maxEntries=3
    if [ "`uname -r`" = "5.8" ] || [ "`uname -r`" = "5.9" ] ; then 
      maxEntries=4      #'ipnodes' is only available in Solaris 8+.
    fi
    if [ `grep "[ 	]*enable-cache.*[ 	]*no" ${NSCD} |\
      awk '{ print $2 }' |\
        egrep -c "passwd|group|hosts|ipnodes"` != ${maxEntries} ]; then
        echo "--WARN-- [NSCD002w] NSCD caching is not disabled for security sensitive files."
    fi
  fi
fi
######Linux######
if [ "$SYSTEM" = "Linux" ]; then
  NSCD=/etc/nscd.conf
  if [ -f ${NSCD} ]; then
    maxEntries=3
    if [ `grep "[        ]*enable-cache.*[       ]*no" ${NSCD} |\
      awk '{ print $2 }' |\
        egrep -c "passwd|group|hosts"` != ${maxEntries} ]; then
        echo "--WARN-- [NSCD002w] NSCD caching is not disabled for security sensitive files."
    fi
  fi
fi
