#!/bin/sh
# Simplest check for local (probably webmaster) attacks..
cat /home/httpd/cgi-bin/* 2>/dev/null| grep setuid >> /var/log/local_intrusion.log 
cat /home/httpd/cgi-bin/* 2>/dev/null| grep setgid >> /var/log/local_intrusion.log
cat /home/httpd/html/dms/gbin/* 2>/dev/null| grep setuid >> /var/log/local_intrusion.log
cat /home/httpd/html/dms/gbin/* 2>/dev/null| grep setgid >> /var/log/local_intrusion.log
if [ -s /var/log/local_intrusion.log ] 
 then 
   cat /var/log/local_intrusion.log | mail -s "Warning: possible local intrusion in cgi-bin." root,olli@grex.cyberspace.org
fi