May 12th, 2003, 07:32 PM
Additional Security Measures for *nix
Many posts here go into great detail about which services to lock down on *nix servers and which versions of security toolz to run such as tripwire and such. One area that seems to get neglect is SUID files, GUID files and world-writable files.
Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.
* For SUID:
find / -type f -perm -4000 -ls
** For GUID
find / type f -perm -2000 -ls
find / -perm -2 -type f -print
You may ask, well, what is the significance of this? It's simple. If I'm looking to comprimise your server and I have exausted all the typical easy avenues, I will eventually begin looking for world writable filez in order to gain root access. In addition, I will certainly look for SUID files that programs use on your machine. Pay close attention to the /dev partition too as it is *very* dangerous to have devices that are world-writable.
Once you lock down file permissions, services and have applied the proper security patches, you shold have a solid *nix system. At this point I usually hammer against the box to be sure that I haven't missed anything. Only after this point, will I install the necessary software and then hammer on it one more time before approving it for internet exposure.
Anyway, just wanted to share a little *nix tip with the AO community.
* Fat finger typo pointed out by Itch
** Fat finger typo pointed out by Itch
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden