Securing-Optimizing-RH-Linux-1_2_60
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
60
·
To locate all group & world-writable directories on your system, use the command:
[root@deep /]# find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \;
NOTE: A file and directory integrity checker like Tripwire software can be used regularly to scan,
manage and find modified group or world writable files and directories easily. See in this book
under the chapter 10 Securities Software (Monitoring Tools) for more information about
Tripwire.
36. Unowned files
Dont permit any unowned file. Unowned files may also be an indication an intruder has accessed
your system. If you find unowned file or directory on your system, verify it integrity and if all look
fine give it an owner name. Some time you may uninstall a program and get unowned file or
directory related to this software, in this case you can remove the file or directory safety.
·
To locate files on your system that do not have an owner, use the following command:
[root@deep /]# find / -nouser -o -nogroup
NOTE: Once again, files reported under /dev directory dont count.
37. Finding .rhosts files
Finding all the .rhosts files that could exist in your server should be a part of your regular system
administration duties, as these files should not be permitted on your system. Remember that a
cracker only needs one insecure account to potentially gain access to your entire network.
·
You can locate all .rhosts files on your system with the following command:
[root@deep /]# find /home -name .rhosts
You can also use a cron job to periodically check for, report the contents of and delete
$HOME/.rhosts files. Also, users should be made aware that you regularly perform this type of
audit, as directed by policy.
·
To use a cron to periodically check and report via mail all .rhosts files, do the following:
Create as root the find_rhosts_files script file under /etc/cron.daily directory (touch
/etc/cron.daily/find_rhosts_files) and add the following lines in this script file:
#!/bin/sh
/usr/bin/find /home -name .rhosts | (cat <<EOF
This is an automated report of possible existent .rhosts files on the server
deep.openarch.com, generated by the find utility command.
New detected .rhosts files under the /home directory include:
EOF
cat
) | /bin/mail -s "Content of .rhosts file audit report" root
Now make this script file executable then change, verify the owner, and group to by root
[root@deep /]# chmod 755 /etc/cron.daily/find_rhosts_files
[root@deep /]# chown 0.0 /etc/cron.daily/find_rhosts_files
Each day a mail will be send to root with a subject: Content of .rhosts file audit report
containing potential new finding .rhosts files.