[GLLUG] Setuid and file permissions scripts

[Lachniet, Mark]

Sorry apparently my CRLF was mangled.  Here it is as an attachment.

Mark


-----Original Message-----
From: linux-user-bounces at egr.msu.edu
[mailto:linux-user-bounces at egr.msu.edu] On Behalf Of Lachniet, Mark
Sent: Wednesday, September 13, 2006 8:00 AM
To: Linux User
Subject: [GLLUG] Setuid and file permissions scripts

As you may know, one of the many things you need to worry about for
security on a *nix box is your file permissions.  World writable files
(especiallly scripts that get run by root), inappropriate setuid
permissions (that might allow a backdoor) are all risks.

I run the following script nightly so I get an emailed report of these
types of files.  Although its not perfect, it will sometimes be obvious
if someone has monkeyed around.  This is also a good script to run when
you are first sitting down to harden a production server as it can tell
you what files you can secure.  For example, removing setuid on games,
and utilities that you *never* expect your users to run

You'll need to download logwatch.pl if you want the full
functionality...  http://www2.logwatch.org:8080/tabs/download/.   With
logwatch.pl it will also parse through some of your log files to give
you some statistics on mail and web usage.

Change the email address at the end of the script to your own.

Cheers,

Mark

-------8<---------------

lachniet:/etc/cron.daily # cat findstuff.sh #!/bin/sh -f mv ~/files
~/files.old touch ~/files echo *** START >> ~/files
/etc/log.d/scripts/logwatch.pl --detail High --print >> ~/files date >>
~/files uname -a >> ~/files echo *************** >> ~/files echo find
SUID files >> ~/files echo *************** >> ~/files find / -perm -u+s
| grep -v mailman | grep -v proc >> ~/files echo *************** >>
~/files echo find GID files >> ~/files echo *************** >> ~/files
find / -perm -g+s  | grep -v mailman | grep -v proc >> ~/files echo
*************** >> ~/files echo find group world writable files >>
~/files echo *************** >> ~/files find / -perm -g+w ! \( -type l
-o -type p \)  |grep -v /dev  | grep -v mailman | grep -v proc >>
~/files echo *************** >> ~/files echo find other world writable
files >> ~/files echo *************** >> ~/files find / -perm -o+w ! \(
-type l -o -type p \)  |grep -v /dev  | grep -v mailman | grep -v proc
>> ~/files echo *************** >> ~/files echo Last few users  >>
~/files echo *************** >> ~/files last -n 20 >> ~/files echo
*************** >> ~/files echo What  >> ~/files echo *************** >>
~/files /usr/bin/w >> ~/files mail -s whatever mark < ~/files

_______________________________________________
linux-user mailing list
linux-user at egr.msu.edu
http://mailman.egr.msu.edu/mailman/listinfo/linux-user
-------------- next part --------------
lachniet:/etc/cron.daily # cat findstuff.sh
#!/bin/sh -f
mv ~/files ~/files.old
touch ~/files
echo *** START >> ~/files
/etc/log.d/scripts/logwatch.pl --detail High --print >> ~/files
date >> ~/files
uname -a >> ~/files
echo *************** >> ~/files
echo find SUID files >> ~/files
echo *************** >> ~/files
find / -perm -u+s | grep -v mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find GID files >> ~/files
echo *************** >> ~/files
find / -perm -g+s  | grep -v mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find group world writable files >> ~/files
echo *************** >> ~/files
find / -perm -g+w ! \( -type l -o -type p \)  |grep -v /dev  | grep -v  mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo find other world writable files >> ~/files
echo *************** >> ~/files
find / -perm -o+w ! \( -type l -o -type p \)  |grep -v /dev  | grep -v  mailman | grep -v proc >> ~/files
echo *************** >> ~/files
echo Last few users  >> ~/files
echo *************** >> ~/files
last -n 20 >> ~/files
echo *************** >> ~/files
echo What  >> ~/files
echo *************** >> ~/files
/usr/bin/w >> ~/files
mail -s whatever mark < ~/files