#!/bin/sh -e

##########################################################################
#   Title:
#       Optional, defaults to the name of the script sans extention
#
#   Section:
#       8
#
#   Synopsis:
#       
#   Description:
#       Check a system file for security issues
#       
#   Arguments:
#       
#   Returns:
#
#   Examples:
#
#   Files:
#
#   Environment:
#
#   See also:
#       
#   History:
#   Date        Name        Modification
#   2015-05-23  Jason Bacon Begin
#   2024-11-11  Jason Bacon Add man page template and usage
##########################################################################

usage()
{
    printf "Usage: $0 filename\n"
    exit 1
}


##########################################################################
#   Main
##########################################################################

if [ $# != 1 ]; then
    usage
fi
filename=$1

if [ ! -e $filename ]; then
    printf "$0: $filename: No such file or directory.\n"
    exit 1
fi

owner=`ls -l $filename | awk '{ print $3 }'`
group=`ls -l $filename | awk '{ print $4 }'`
# FIXME: Check permissions and suid bits
if [ $owner != root ] || [ $group != root ] && [ $group != wheel ] && [ $group != bin ]; then
    printf "%s is not owned by root:root or root:wheel or root:bin.\n" $filename
    ls -l $filename
    exit 1
fi

perms=`ls -l $filename`
file_type=`printf '%s' $perms | cut -c 1-1`
if [ $file_type != '-' ]; then
    printf "$filename is not a regular file!\n"
    exit
fi

group_write=`printf '%s' $perms | cut -c 6-6`
if [ $group_write != '-' ]; then
    printf "$filename is group writable!\n"
    exit
fi

world_write=`printf '%s' $perms | cut -c 9-9`
if [ $world_write != '-' ]; then
    printf "$filename is world writable!\n"
    exit
fi
