X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Factive-response%2Fbin%2Fdisable-account.sh;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Factive-response%2Fbin%2Fdisable-account.sh;h=70dd204b90e7a5643d151d180aec770ed5e996ad;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/debian/ossec-hids/var/ossec/active-response/bin/disable-account.sh b/debian/ossec-hids/var/ossec/active-response/bin/disable-account.sh new file mode 100755 index 0000000..70dd204 --- /dev/null +++ b/debian/ossec-hids/var/ossec/active-response/bin/disable-account.sh @@ -0,0 +1,85 @@ +#!/bin/sh +# Disable an account by setting "passwd -l" or chuser +# Requirements: System with a passwd that supports -l and -u +# or a system with chuser (AIX) +# Expect: username (can't be "root") +# Authors: Ahmet Ozturk and Daniel B. Cid +# Last modified: Jan 19, 2005 + + +UNAME=`uname` +PASSWD="/usr/bin/passwd" +CHUSER="/usr/bin/chuser" +ACTION=$1 +USER=$2 +IP=$3 + +LOCAL=`dirname $0`; +cd $LOCAL +cd ../ +PWD=`pwd` +echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log + + +if [ "x${USER}" = "x" ]; then + echo "$0: [ add | delete ] " + exit 1; +elif [ "x${USER}" = "xroot" ]; then + echo "$0: Invalid username." + exit 1; +fi + + +# We should run on linux and on SunOS the passwd -u/-l +if [ "X${UNAME}" = "XLinux" -o "X${UNAME}" = "XSunOS" ]; then + # Checking if passwd is present + ls ${PASSWD} >> /dev/null 2>&1 + if [ $? != 0 ]; then + exit 0; + fi + + CMD=${PASSWD} + if [ "x${ACTION}" = "xadd" ]; then + ARGS="-l" + elif [ "x${ACTION}" = "xdelete" ]; then + ARGS="-u" + else + echo "$0: invalid action: ${ACTION}" + exit 1; + fi + + +# On AIX, we run CHUSER +elif [ "X${UNAME}" = "XAIX" ]; then + # Checking if chuser is present + ls ${CHUSER} >> /dev/null 2>&1 + if [ $? != 0 ]; then + exit 0; + fi + + CMD=${CHUSER} + + # Disabling an account + if [ "x${ACTION}" = "xadd" ]; then + ARGS="account_locked=true" + # Unblock the account + elif [ "x${ACTION}" = "xdelete" ]; then + ARGS="account_locked=false" + # Invalid action + else + echo "$0: invalid action: ${ACTION}" + exit 1; + fi + + +# We only support Linux, SunOS and AIX +else + exit 0; +fi + + +# Execute the command +${CMD} ${ARGS} ${USER} + +exit 1; +