Unix Linux files hacks for better security. SUID/SetUID/SGID removal

A few simple shell commands to use. Checking for the "dangerous" "superuser" files.

For security reasons, you should try and avoid having SUID/SetUID/SGID bit on files on your systems. Have a cron job to check for files with the SUID/SetUID/SGID bit set. Consult the documenations, like the man pages, and have the SUID/SGID removed if possible. Test the application in a test environment, and check if it's fully operational before changing permissions on your live/production systems.

Here is a few simple commands you could setup to run with cron, on a daily basis, to
check for SUID/SetUID bit files on you systems.

To find files with the SUID bit set, you could run

# find / -type f -perm 04000 -ls

[root@SUID ~]# ls -lrt /usr/X11R6/bin/Xorg
-rws--x--x 1 root root 1996468 Dec 9 2004 /usr/X11R6/bin/Xorg <--- SUID file example.


To find files with the SGID bit set, you could run

# find / -type f -perm 02000 -ls


To find World-Writable Files

find / -perm -2 -type f -print

Change all files that has no valid reason to be world writable.

Hardening SuSE, Red Hat, Fedora, Gentoo, Solaris, Debian and Slackware tools.

Bastille: http://www.bastille-linux.org/
Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X.


Sun Solaris Hardening
Sun has released JASS v0.11, a hardening tool for Solaris. here, we take it for a test drive.
http://www.sun.com/blueprints/tools

JASS stands JumpStart Architecture and Security Scripts (Toolkit).
http://www.sun.com/blueprints/browsesubject.html#security

Yassp Security Draft
http://www.boran.com/security/sp/Solaris_hardening3.html