Re: Linux Hardening

From: Kurt Seifried (kurt@seifried.org)
Date: 05/27/02


From: "Kurt Seifried" <kurt@seifried.org>
To: <focus-linux@securityfocus.com>
Date: Mon, 27 May 2002 15:58:04 -0600


> Also:
>
> Be especially cautious of programs which have setuid/setgid
> permissions. Use:
>
> find /usr/bin -perm -02000 -o -perm -04000 -ls

Huh. That makes no sense. There's more to life then /usr/bin too.

find / -perm +6000 -ls

You can remove pretty much all root setuid/setgid bits with the exception of
sudo, password utilities (passwd, chsh, chfn), newgrp, at, crontab, and a
handful of others without significantly removing functionality.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/