#!/bin/sh
#SYSTEMS: Solaris
#Check if /etc/default/inetinit exists and whether the value of 
#TCP_STRONG_ISS is set to '2'.
#NOTE: Irix can be checked by looking for the 'tcpiss=md5' tunable
#kernel parameter.  This can be done with the following command:
#'/usr/sbin/systune tcpiss_md5'.  It should return 'tcpiss_md5 = 1'.
MSG="# Checking TCP sequence number generation parameter..."
SYSTEM=`uname -s`
######Solaris######
if [ "$SYSTEM" = "SunOS" ]; then
  echo ""; echo "$MSG"
  INETINIT=/etc/default/inetinit
  if [ -f $INETINIT ]; then
    CHK=`grep "TCP_STRONG_ISS=" $INETINIT | awk -F'=' '{print $2}'`
    if [ "$CHK" != "2" ]; then  #setting is not equal to '2'.
      echo "--WARN-- [TCP001w] TCP initial sequence number generation parameter not set or not set strong enough."
    fi
  else
    echo "--WARN-- [TCP001w] The file $INETINIT was not found."
  fi
fi
    

