Security audit programs
Mark Bush
bush at ecs.ox.ac.uk
Thu Mar 28 00:00:21 AEST 1991
In article <612 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>In article <40371 at cup.portal.com>, PLS at cup.portal.com (Paul L Schauble) writes:
>> I have a vague recollection of a program posted to comp.sources a while
>> back that would scan a filesystem and catalog setuid and setgid program
>> files.
>
> find / -perm -4000 -o -perm -0200 -exec ls -ld {} ';'
>
Hmmm...your `ld' flags suggest you mean to find directories? Personally, I
prefer to ignore directories when I do these searches...the set groupid flag
on directories is used a lot here (SunOS). Add a `! -type d' to the list to
ignore them...makes the output easier to peruse. 8*)
What I run here on each filesystem containing user areas is:
find . -xdev \! -type d \( -perm -04000 -o -perm -02000 \) -ls -exec file {} \;
(The -xdev is not normally needed, but, on the server, I may find the need
for mounting things in strange places! 8*)
Mark
More information about the Comp.unix.admin
mailing list