#!/bin/bash
#set -o xtrace
#This script is for grading your system. Please do NOT alter it, as it
#will put your results in a standard format to make it easy for me to
#grade.
echo "This is the Fall 2011 version for CIS126DL using Centos 6.0" 
echo "This is your final system grading script. It is quite simplistic, "
echo "but do NOT alter it, as I will expect things to come out in a "
echo "particular order, and if they do not, I will not grade your output"
echo "nor will I give you any credit for it."
echo "Now, before you continue, you must make sure that all your"
echo "assignments are DONE as well as the following"
echo "If you shut down sendmail, turn it back on!"
echo "ALSO, your NETWORK MUST BE UP TO CONTINUE"
echo "Your writediary program should be copied to /root and"
echo "Porsentryd should be in /etc/rc.d/init.d and set up"
echo "via chkconfig in run level 3"
echo "You can check the gradefile that is created as /root/gradefilefall2011" 
echo "if it looks good"
echo "Then copy /root/gradefile to your users directory"
echo "Use chown username:username  to set the group and ownership"
echo "use webct to attach this file to the appropriate dropbox"

#set this directory to where YOUR chkrootkit install is located
#DO NOT put a / on the end of the path
chkrootdir=/home/philw/chkrootkit-0.49


echo "Are you ready to continue? type y or n "
read choice
if [ $choice = n ]; then
	echo "Please get everything ready and try again"
	exit 1;
else
    echo "Let's get going then"
fi
echo "A gradefile will be created in the /root directory called"
echo "gradefilefall2011"
file=~/gradefilefall2011
#This line sets the date and wipes the gradefile clean
date > $file
echo "What is your name?"
read student
echo "STUDENT NAME" >> $file
echo "$student" >> $file
echo "Fall 2011 Gradescript for CIS126DL" >> $file
echo "Stops at portSentry, newuser script, if required, MUST be emailed seperately" >> $file
echo "************************************************" >> $file
echo "Do you have any special notes, such as using a laptop/vmware?"
echo "Please type out a short sentence explaining or just type NA"
echo "SPECIAL NOTES" >> $file
read specialnotes
echo "$specialnotes" >> $file
echo "***********************************************" >> $file
date >> $file
echo "Grading Pico Extra Credit assignment"
echo "******************************************************" >> $file
echo ' PICO ASSIGNEMENT (5pts Extra Credit) ' >> $file
echo >> $file
if [ -a /usr/bin/pico.orig ]; then
  echo "Good, pico.orig exists, continuing"

ls -l /usr/bin/pico* >>$file
cat /usr/bin/pico >> $file
fi
echo "******************************************************" >> $file
echo 'PRINTER CONFIGURATION (10pts total)' >> $file
cat /etc/cups/printers.conf >> $file


echo "Done grading Printer configuration"
echo >> $file
echo "*****************************************************" >> $file
echo "Checking to see if runlevel 3 is properly set up"
echo "Check to see that vsftpd, httpd is in runlevel 3" >> $file
echo "And check that httpd, portsentry is in runlevel 3" >> $file
echo " and that portmap, netfs, pcmcia etc are NOT" >> $file
echo " 15 pts for this section" >> $file
ls /etc/rc.d/rc3.d/ >> $file
echo "********" >> $file
echo 'is there a file in /var/ftp/pub? (5pts)' >> $file
ls /var/ftp/pub  >> $file
echo "*****************************************************" >> $file
echo >> $file
echo "CHECK resolv.conf" >> $file
cat /etc/resolv.conf >> $file
echo >> $file
date >> $file
echo >> $file
echo "****************************************************" >> $file
echo "Checking  group, skel and user files" >> $file
echo 'GROUP FILE (5/40 pts)' >> $file
echo "The adm, account and backup groups hould have users in the password" >> $file
cat /etc/group >> $file
echo "Look for those group numbers in  /etc/password" >> $file
cat /etc/passwd >> $file
echo >> $file
echo '*****CHECKING THE VARIOUS SKEL DIRECTORIES!(20/40pts)' >> $file
echo "hopefully you have used /etc/skel, /etc/adm and /etc/backup"
echo "Checking /etc/skel:" >> $file
ls -la /etc/skel >> $file
echo "Checking /etc/adm:" >> $file
ls -la /etc/adm >> $file
echo "Checking /etc/backup:" >> $file
ls -la /etc/backup >> $file
echo >> $file
echo "*****************" >> $file
echo 'CHECKING /home for and user setup. (15/40pts)' >> $file
ls -la /home/* | less >> $file
echo 'Checking /opt for acctrecv setup' >> $file
ls -la /opt/* | less >> $file
echo >> $file
echo "****************" >> $file
echo "Checking the sudoers file " >> $file
cat /etc/sudoers | grep -i adm >> $file
cat /etc/sudoers | grep -i backup >> $file
cat /etc/sudoers | grep -i account >> $file
echo "****************************************************" >> $file
echo "CHECKING VARIOUS RPMS THEY HAD TO INSTALL" >> $file
echo >> $file
#echo "Checking Snort 10pts" >> $file
#rpm -qf /etc/snort/snort.conf >> $file
#ls /etc/snort/rules >> $file
echo "***************************************************" >> $file
echo 'Checking chkrootkit installation (10pts)' >> $file
$chkrootdir/chkrootkit >> $file
echo "Checking for keepassx" >> $file
rpm -qf /usr/bin/keepassx >> $file
echo "***************************************" >> $file
echo "Checking to see if the repos are setup right (15/20pts)" >> $file
cat /etc/yum.repos.d/* >> $file

yum check-update
updates=$?
if [ $updates != 0 ]; then
echo "There are still updates that should be installed!!" >> $file
else
echo 'All updates are installed via YUM (5/20pts) ' >> $file
fi

echo "***************************************" >> $file
echo "checking kernel version" >> $file
ls -l /boot   >> $file
uname -a >> $file
echo "******************************************************" >> $file
echo 'CHECKING PORTSENTRY SETUP (20pts)' >> $file
grep iptable /usr/local/psionic/portsentry2/portsentry.conf >> $file
echo "Checking portsentry.ignore" >> $file
cat /usr/local/psionic/portsentry2/portsentry.ignore >> $file
echo >> $file
echo "IS PORTSENTRY COMMENTED OUT IN RC.LOCAL?" >> $file
echo "And is the proc setting still in RC.LOCAL?" >> $file
cat /etc/rc.d/rc.local >> $file

echo >> $file
echo "***********************************************" >> $file
#echo "Making sure /tmp is noexec" >> $file 
#cat /etc/fstab >> $file
echo "***********************************************" >> $file
#echo 'Checking for SSHD configuration (5pts)' >> $file
#grep "PermitRootLogin" /etc/ssh/sshd_config >> $file
#echo "************************************************" >> $file
echo 'The root crontab file contains (5pts)' >> $file
#crontab -l >> $file
cat /var/spool/cron/root >> $file

date >> $file

echo "******************************************************" >> $file
echo "CHECKING SCRIPTS" >> $file 
echo >> $file 
date >> $file 
echo 'Checking Writediary (10pts)' >> $file 
echo "What did you name your writediaryprogram? (Must be in /root)" 
echo "JUST the name, no path" 
read diary 
ls -l /root/$diary >> $file 
cat /root/$diary >> $file 
echo >> $file 
echo "*************" >> $file
echo >> $file
echo 'CHECKING PORTSENTRY SCRIPT (30pts)' >> $file 
ls -l /etc/rc.d/init.d/portsentryd >> $file 
cat /etc/rc.d/init.d/portsentryd >> $file
echo >> $file 
echo "********************************************" >> $file
date >> $file 
echo "done check /root/gradefilefall2011 "
echo "You can submit this to webct from within your VMWare if you wish"
echo "But you will have to cp the file to your users home directory and"
echo "then chown username:username ~username/gradefilefall2011 before you send it"
#cat /root/gradefilespring2011 | mail waclawski@mesacc.edu