``ncheck -s'' sometimes misses security-relevant files
Paul Eggert
eggert at sm.unisys.com
Sat Dec 17 04:54:40 AEST 1988
The Sun Security Features Guide (Part #800-1735-10, 9 May 1988, p. 52)
recommends that ``ncheck -s'' be used periodically to scan filesystems for
security-relevant files. Unfortunately, ``ncheck -s'' has an internal
limit on the number of files that it reports. If a filesystem has many
such files, ``ncheck -s'' sometimes silently fails to report some of them.
In SunOS 4.0, where a server's filesystem contains all its clients'
devices, the limit is easily exceeded. The following SunOS 4.0 shell
command yields all the information that ``ncheck -s'' yields, and can be
used as a workaround.
find mount_point -xdev \
\( -type b -o -type c -o ! -type d \( -perm -4000 -o -perm -2000 \) \) -ls
[[ It's just a little slower (even if ncheck worked correctly). --wnl ]]
More information about the Comp.sys.sun
mailing list