Securing-Optimizing-RH-Linux-1_2_59
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
59
[root@deep /]# chmod a-s /bin/umount
[root@deep /]# chmod a-s /bin/ping
[root@deep /]# chmod a-s /sbin/netreport
If you want to know what those programs do, make a man program-name and read.
As an example:
[root@deep /]# man netreport
33. Unusual or hidden files
It is important to not forget to look everywhere on the system for unusual or hidden files (files that
start with a period and are normally not shown by the ls command), as these can be used to
hide tools and information (password cracking programs, password files from other systems,
etc.). A common technique on UNIX systems is to put a hidden directory or file in a user's
account with an unusual name, something like '...' or '.. ' (dot dot space) or '..^G' (dot dot control-
G). The find program can be used to look for hidden files.
As an example:
[root@deep /]# find / -name ".. " -print -xdev
[root@deep /]# find / -name ".*" -print -xdev | cat -v
NOTE: Files with names such as '.xx' and '.mail' have been used (that is, files that might appear to
be normal).
34. Find all files with the SUID/SGID bit enabled
All SUID and SGID files that still exist on your system after we have removed those that won't
absolutely require such privilege is a potential security risk, and should be monitored closely.
Because these programs grant special privileges to the user who is executing them, it is
necessary to ensure that insecure programs will not be installed.
A favorite trick of crackers is to exploit SUID "root" programs, and leave a SUID program as a
backdoor to get in the next time. Find all SUID and SGID programs on your system, and keep
track of what they are, so you are aware of any changes, which could indicate a potential intruder.
·
Use the following command to find all SUID/SGID programs on your system:
[root@deep /]# find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;
NOTE: See in this book under the chapter 10 Securities Software (Monitoring Tools) for more
information about the software sXid that will make the job for you automatically each day and
report the results via mail.
35. Find group and World Writable files and directories
Group and world writable files and directories particularly system files (partions), can be a
security hole if a cracker gain access to your system and modifies them. Additionally, world-
writable directories are dangerous, since they allow a cracker to add or delete files as he/she
wishes on these directories. In the normal course of operation, several files will be writable,
including some from the /dev, /var/catman directories, and all symbolic links on your system.
·
To locate all group & world-writable files on your system, use the command:
[root@deep /]# find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;