This file is indexed.

/usr/sbin/st_snapshot is in systraq 0.0.20081217-7.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/sh -e

# $Id: st_snapshot 393 2008-12-15 08:37:21Z joostvb $

#
# Copyright (C) 2001, 2002, 2003, 2004, 2008 Joost van Baal
# 
#     This program is free software; you can redistribute it and/or modify
#     it under the terms of the GNU General Public License as published by
#     the Free Software Foundation; either version 2 of the License, or
#     (at your option) any later version.
# 
#     This program is distributed in the hope that it will be useful,
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#     GNU General Public License for more details.
# 
#     You should have received a copy of the GNU General Public License
#     along with this program (see COPYING); if not, check with
#     http://www.gnu.org/copyleft/gpl.html or write to the Free Software 
#     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.
#

# st_snapshot - calculate md5sum and stat ownership and
#              permissions of critical system files

patterns=$1     # typically /usr/local/etc/systraq/snapshot_${mode}.list,
                #    ${mode} is either root or pub
homepatterns=$2 # typically /usr/local/etc/systraq/snapshot_${mode}.homelist
                #
                # in case mode is pub, typically ST_OPHOMES is set to a
                # non-empty value

test $# -eq 2 || {
    echo >&2 $0: give 2 args indicating patterns homepatterns, not $# && exit 1
}

test -r $patterns || {
    echo >&2 $0: patterns file $patterns not readable && exit 1
}

test -r $homepatterns || {
    echo >&2 $0: homepatterns file $homepatterns not readable && exit 1
}

HOMES=
for h in `getent passwd | cut -d: -f6 | sort -u`
do
  [ -d $h ] && HOMES="$HOMES $h"
done

# monitor homedir's, but do not descend in them
if test -n "$ST_OPHOMES"
then
    echo '# ownership and permissions of homedirs'
    for h in $HOMES
    do
        if test -e $h
        then
            # suppress timestamp
            ls -ld $h | {
                while read p n u g s m d t f
                do
                    echo $p $u $g $f
                done
            }
        fi
    done
fi

files=`grep -v '^#' $patterns`

{
    while read p
    do
        if echo $p | grep -qv '^#'
        then
            for h in $HOMES
            do
                # exclude / as homedir: this would interact terribly with
                # monitoring ~/etc/ .
                [ "$h" != "/" ] && files="$h/$p $files"
            done
        fi
    done
} < $homepatterns

fs=
for f in $files
do
    if test -e $f
    then
        fs="$fs $f"
    fi
done

echo "# remainder of file built from $patterns and $homepatterns"

if test -n "$ST_SUM"
then
    echo "# $ST_SUM of critical files"
    find $fs -type f -print0 | xargs -0 $ST_SUM
else
    echo >&2 "$0: warning: environment variable ST_SUM unset, skipping generating checksums for files in $fs.  Please set ST_SUM to sha256sum."
fi

echo "# ownership and permissions of critical files"
find $fs -type f -ls | {
    # change
    # 223325 3 -rwxrwxr-x 1 joostvb joostvb 2733 Aug 18 22:04 cdrip
    # into
    # -rwxrwxr-x joostvb joostvb cdrip
    while read i m p n u g s m d t f
    do
        echo $p $u $g $f
    done
}