[GLLUG] Setuid and file permissions scripts

Lachniet, Mark mlachniet at sequoianet.com
Wed Sep 13 07:59:30 EDT 2006


As you may know, one of the many things you need to worry about for
security on a *nix box is your file permissions.  World writable files
(especiallly scripts that get run by root), inappropriate setuid
permissions (that might allow a backdoor) are all risks.

I run the following script nightly so I get an emailed report of these
types of files.  Although its not perfect, it will sometimes be obvious
if someone has monkeyed around.  This is also a good script to run when
you are first sitting down to harden a production server as it can tell
you what files you can secure.  For example, removing setuid on games,
and utilities that you *never* expect your users to run

You'll need to download logwatch.pl if you want the full
functionality...  http://www2.logwatch.org:8080/tabs/download/.   With
logwatch.pl it will also parse through some of your log files to give
you some statistics on mail and web usage.

Change the email address at the end of the script to your own.

Cheers,

Mark

-------8<---------------

lachniet:/etc/cron.daily # cat findstuff.sh
#!/bin/sh -f
mv ~/files ~/files.old
touch ~/files
echo *** START >> ~/files
/etc/log.d/scripts/logwatch.pl --detail High --print >> ~/files
date >> ~/files
uname -a >> ~/files
echo *************** >> ~/files
echo find SUID files >> ~/files
echo *************** >> ~/files
find / -perm -u+s | grep -v mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find GID files >> ~/files
echo *************** >> ~/files
find / -perm -g+s  | grep -v mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find group world writable files >> ~/files
echo *************** >> ~/files
find / -perm -g+w ! \( -type l -o -type p \)  |grep -v /dev  | grep -v
mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find other world writable files >> ~/files
echo *************** >> ~/files
find / -perm -o+w ! \( -type l -o -type p \)  |grep -v /dev  | grep -v
mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo Last few users  >> ~/files
echo *************** >> ~/files
last -n 20 >> ~/files
echo *************** >> ~/files
echo What  >> ~/files
echo *************** >> ~/files
/usr/bin/w >> ~/files
mail -s whatever mark < ~/files



More information about the linux-user mailing list