What should go into a security-checking shell script?

[Greg Onufer]

A few things to think about:
	- Compare checksums of all vendor-supplied executables
	  with known-correct checksums.
	- Use find(1) to search the disks for set-uid
	  and set-gid executables as well as special 
	  devices (since they can only be made by root).
	- Check the validity of root's dot-files (incl.
	  root's default PATH).
	- Validate the permissions of all important 
	  configuration files (/etc/passwd, /etc/group,
	  /etc/{tty,ini}tab, UUCP L.sys/Systems files,
	  etc).
	- Check that all users have passwords, even going as far
	  as checking against the system dictionary to determine
	  if existing passwords are "easy" to break.

That's most of the checking I do locally, more ideas would be welcome!

Cheers!greg (Greg Onufer, cheers!greg at lll-winken.llnl.gov)