Re: Linux Hardening

From: Kurt Seifried (
Date: 05/27/02

From: "Kurt Seifried" <>
To: <>
Date: Mon, 27 May 2002 15:58:04 -0600

> Also:
> Be especially cautious of programs which have setuid/setgid
> permissions. Use:
> find /usr/bin -perm -02000 -o -perm -04000 -ls

Huh. That makes no sense. There's more to life then /usr/bin too.

find / -perm +6000 -ls

You can remove pretty much all root setuid/setgid bits with the exception of
sudo, password utilities (passwd, chsh, chfn), newgrp, at, crontab, and a
handful of others without significantly removing functionality.

Kurt Seifried,
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574