#!/bin/sh
# SYSTEMS: Solaris, Linux
# A script to check RPC services considered to be high on 
# SANS's list of top 20 vulnerabile inet services.
MSG="# Checking RPC services..."
SYSTEM=`uname -s`
######Solaris & Linux######
if [ "$SYSTEM" = "SunOS" -o "$SYSTEM" = "Linux" ]; then
  echo ""; echo "$MSG"
# List of RPC services and their RPC program numbers...
         CMSD=100068
        STATD=100024
       MOUNTD=100005
      SADMIND=100232
     CACHEFSD=100235
    SNMPXDMID=100249
  TTDBSERVERD=100083
  #
  RPCS="100068 100024 100005 100232 100235 100249 100083"
  for i in `echo $RPCS`; do
    CHK=`rpcinfo -p | awk '{print $1}' | grep $i`
    if [ "$CHK" != "" ]; then
      if [ "$i" = $CMSD ]; then ANS="rpc.cmsd"; fi
      if [ "$i" = $STATD ]; then ANS="rpc.statd"; fi
      if [ "$i" = $MOUNTD ]; then ANS="rpc.mountd"; fi
      if [ "$i" = $SADMIND ]; then ANS="sadmind"; fi
      if [ "$i" = $CACHEFSD ]; then ANS="cachefsd"; fi
      if [ "$i" = $SNMPXDMID ]; then ANS="snmpXdmid"; fi
      if [ "$i" = $TTDBSERVERD ]; then ANS="rpc.ttdbserverd"; fi
      echo "--WARN-- [RPC001w] The RPC service '$ANS' (RPC Program Number:$i) was found to be running on this system."
    fi
  done
fi
