book

Mastering Linux Security and Hardening - Second Edition

by Donald A. Tevault

February 2020

Intermediate to advanced

666 pages

15h 45m

English

Packt Publishing

Read now

Unlock full access

Content preview from Mastering Linux Security and Hardening - Second Edition

Finding spurious SUID or SGID files

One quick security trick is to run the find command to take inventory of the SUID and SGID files on your system. You can also save the output to a text file so that you can verify whether anything has been added since you ran the command. Your command will look something like this:

sudo find / -type f \( -perm -4000 -o -perm -2000 \) > suid_sgid_files.txt

Here's the breakdown:

/: We're searching through the entire filesystem. Since some directories are only accessible to someone with root privileges, we need to use sudo.
-type f: This means that we're searching for regular files, which includes executable program files and shell scripts.
-perm 4000: We're searching for files with the 4000, or SUID, permission ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Mastering Linux Security and Hardening - Third Edition

Donald A. Tevault

Linux Basics for Hackers

OccupyTheWeb .

Mastering Windows Security and Hardening - Second Edition

Mark Dunkerley, Matt Tumbarello

UNIX and Linux System Administration Handbook, 5th Edition

Trent R. Hein, Evi Nemeth, Garth Snyder, Ben Whaley, Dan Mackin

Publisher Resources

ISBN: 9781838981778Supplemental Content