Security audit programs
John Chambers
jc at minya.UUCP
Tue Mar 26 14:40:52 AEST 1991
In article <40371 at cup.portal.com>, PLS at cup.portal.com (Paul L Schauble) writes:
> I have a vague recollection of a program posted to comp.sources a while
> back that would scan a filesystem and catalog setuid and setgid program
> files.
>
> Can anyone give me a pointer to this, or to similar commercial programs that
> can be used for a periodic security audit?
Hardly a need for a special program. What I do is:
find / -user root -perm -4000 -exec ls -ld {} ';'
This of course only checks for setuid-root programs, which are the really
suspicious ones. To answer your question more exactly:
find / -perm -4000 -o -perm -0200 -exec ls -ld {} ';'
(Actually, I wouldn't be very surprised to find that someone had written
a separate program to duplicate this special case. People do silly things
like that all the time. ;-)
--
All opinions Copyright (c) 1991 by John Chambers. Inquire for licensing at:
Home: 1-617-484-6393
Work: 1-508-486-5475
Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc
More information about the Comp.unix.admin
mailing list