Classical document: basic Linux network security configuration overview

◆ 20, is the root-owned programs.

Removal is root has a program of the s-bit flags and, of course, some programs need this, use the command ' chmoda-s ' complete this. Note: the preceding with (*), of those programs generally do not need to have the s bit flags. root@deep]# find/-typef\(-perm-04000-o-perm-02000\)\-execls–lg{}\;-rwsr-xr-x1rootroot33120Mar211999/usr/bin/at*-rwsr-xr-x1rootroot30560Apr1520:03/usr/bin/cage*-rwsr-xr-x1rootroot29492Apr1520:03/usr/bin/gpasswd-rwsr-xr-x1rootroot3208Mar221999/usr/bin/disable-paste-rwxr-sr-x1rootman32320Apr91999/usr/bin/man-r-s--x--x1rootroot10704Apr1417:21/usr/bin/passwd-rws--x--x2rootroot517916Apr61999/usr/bin/suidperl-rws--x--x2rootroot517916Apr61999/usr/bin/sperl5.00503-rwxr-sr-x1rootmail11432Apr61999/usr/bin/lockile-rwsr-sr-x1rootmail64468Apr61999/usr/bin/procmail-rwsr-xr-x1rootroot21848Aug2711:06/usr/bin/crontab-rwxr-sr-x1rootslocate15032Apr1914:55/usr/bin/slocate*-r-xr-sr-x1roottty6212Apr1711:29/usr/bin/wall*-rws--x--x1rootroot14088Apr1712:57/usr/bin/cfn*-rws--x--x1rootroot13800Apr1712:57/usr/bin/cs*-rws--x--x1rootroot5576Apr1712:57/usr/bin/newgrp*-rwxr-sr-x1roottty8392Apr1712:57/usr/bin/write-rwsr-x---1rootsquid14076Oct714:48/usr/lib/squid/pinger-rwxr-sr-x1rootutmp15587Jun909:30/usr/sbin/utempter*-rwsr-xr-x1rootroot5736Apr1915:39/usr/sbin/usernetctl*-rwsr-xr-x1rootbin16488Jul609:35/usr/sbin/traceroute-rwsr-sr-x1rootroot299364Apr1916:38/usr/sbin/sendmail-rwsr-xr-x1rootroot34131Apr1618:49/usr/libexec/pt_cown-rwsr-xr-x1rootroot13208Apr1314:58/bin/su*-rwsr-xr-x1rootroot52788Apr1715:16/bin/mount*-rwsr-xr-x1rootroot26508Apr1720:26/bin/umount*-rwsr-xr-x1rootroot17652Jul609:33/bin/ping-rwsr-xr-x1rootroot20164Apr1712:57/bin/login*-rwxr-sr-x1rootroot3860Apr1915:39/sbin/netreport-r-sr-xr-x1rootroot46472Apr1716:26/sbin/pwdb_ckpwdroot@deep]# chmoda-s/usr/bin/cageroot@deep]# chmoda-s/usr/bin/gpasswdroot@deep]# chmoda-s/usr/bin/wallroot@deep]# chmoda-s/usr/bin/cfnroot@deep]# chmoda-s/usr/bin/csroot@deep]# chmoda-s/usr/bin/newgrproot@deep]# chmoda-s/usr/bin/writeroot@deep]# chmoda-s/usr/sbin/usernetctlroot@deep]# chmoda-s/usr/sbin/tracerouteroot@deep]# chmoda-s/bin/mountroOt @ deep] # chmoda-s/bin/umountroot @ deep] # chmoda-s/bin/pingroot @ deep] # chmoda-s/sbin/netreport you can use the following command to find all of the band s bit flag program: root @ deep] # find/-typef\ (-perm-04000-o-perm-02000\) \-execls-lg {} \; the results >; suid-sgid-results output to the file suid-sgid-results. In order to find all writable files and directories, use the following command: root @ deep] # find/-typef\ (-perm-2-o-perm-20\)-execls-lg {} \; >; ww-files-resultsroot @ deep] # find/-typed\ (-perm-2-o-perm-20\)-execls-ldg {} \; >; ww-directories-results used the following command to find no owner of a file: root @ deep] # find/-nouser-o-nogroup >; unowed-results with the following command to find all the .rhosts file: root @ deep] # find/rhost-results home-name.rhosts >;