#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_ctrlaltdel: looks for 'ctraltdel' line in /etc/inittab which would
# 		indicate that users can reboot the system
# 04.25.2001
# Javier Fernandez-Sanguino <jfs@computer.org>
#
# 10/19/2003 - jfs - Fixed check to avoid false positives (Debian Bug #215872)
# 08/09/2003 - jfs - Improved checked (might give false positives if comments
#		     where used)
# 07/25/2002 - jfs - Changed TigerInstallDir to .
#
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}
. $basedir/config

. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds AWK GREP || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}
#------------------------------------------------------------------------

echo
echo "# Checking for vulnerabilities in inittab configuration..."
haveallcmds AWK GREP || exit 1
haveallfiles BASEDIR WORKDIR || exit 1

if [ -r /etc/inittab ] ; then
	$GREP shutdown /etc/inittab | $GREP -v ^# | $AWK -F : '{ print $2, $3, $4'} |
	while read runlevels key command
# Inittab is made up of four fields: name, runlevels, key and command
	do
	if [ $key = "ctrlaltdel" -a -n "`echo $command |$GREP shutdown`" ] 
	then
		message FAIL lin007w "" "Normal users can reboot the system through ctrl+alt+del in runlevels $runlevels"
	fi
	done
fi
