Many posts here go into great detail about which services to lock down on *nix servers and which versions of security toolz to run such as tripwire and such. One area that seems to get neglect is SUID files, GUID files and world-writable files.

Whenever I am asked to prepare a *nix server, I *always* issue these commands to check and see which files are SUID,GUID and world-writable.

* For SUID:
==============================

find / -type f -perm -4000 -ls

** For GUID
==============================
find / type f -perm -2000 -ls

For World-Writable
==============================
find / -perm -2 -type f -print

You may ask, well, what is the significance of this? It's simple. If I'm looking to comprimise your server and I have exausted all the typical easy avenues, I will eventually begin looking for world writable filez in order to gain root access. In addition, I will certainly look for SUID files that programs use on your machine. Pay close attention to the /dev partition too as it is *very* dangerous to have devices that are world-writable.

Once you lock down file permissions, services and have applied the proper security patches, you shold have a solid *nix system. At this point I usually hammer against the box to be sure that I haven't missed anything. Only after this point, will I install the necessary software and then hammer on it one more time before approving it for internet exposure.

Anyway, just wanted to share a little *nix tip with the AO community.

* Fat finger typo pointed out by Itch
** Fat finger typo pointed out by Itch
--TH13