#!/bin/sh
# SYSTEMS: Solaris, Linux
# This script prevents the "rlogin" and "rsh" services from using "rhosts" 
# authentication.  This is done by adjusting the Pluggable Authentication 
# Module (PAM) configuration in /etc/pam.conf for those services.
MSG="# Checking the ability to use 'rhosts' authentication..."
SYSTEM=`uname -s`
######Solaris######
if [ "$SYSTEM" = "SunOS" ]; then
  echo ""; echo "$MSG"
  PAM=/etc/pam.conf
  case "`uname -r`" in
    5.[6789]*) ;;
    *)
      #Only supported on Solaris 2.6 and newer
      exit 0;;
  esac
  if [ -f ${PAM} ]; then
    if [ `egrep "^rsh|^rlogin|^rexec" ${PAM} |\
      grep -c "pam_rhosts_auth"` != 0 ]; then
	echo "--WARN-- [RHOSTS001w] rlogin, rsh, or rexec authentication via rhosts ENABLED in the PAM configuration."
    fi
  fi
fi
######Linux######
if [ "$SYSTEM" = "Linux" ]; then
  echo ""; echo "$MSG"
  if [ -d /etc/pam.d ]; then
    PAM=`cat /etc/pam.d/*  | grep "^rsh|^rlogin|^rexec" | grep -c "pam_rhosts_auth"`
  elif [ -f /etc/pam.conf ]; then
    PAM=`cat /etc/pam.conf | grep "^rsh|^rlogin|^rexec" | grep -c "pam_rhosts_auth"`
  else #No pam files to check, exit
    exit 0 
  fi
  if [ "$PAM" != 0 ]; then
    echo "--WARN-- [RHOSTS001w] rlogin, rsh, or rexec authentication via rhosts ENABLED in the PAM configuration."
  fi
fi
