FINDSUID
Section: User Commands (1S)
Index
Return to Main Contents
NAME
suid.chk - find changes in setuid and setgid files
SYNOPSIS
suid.chk
[
-m user
]
[
-n
]
[
-o file
]
[
-s secure_dir
]
[
-S start_dir
]
[
-x
]
DESCRIPTION
suid.chk
is a shell script intended to be run periodically by cron (8)
in order to spot changes in files with the suid or sgid bits set.
suid.chk
uses find (1)
to search system directories for all files with the 4000 or 2000 permission
bits set. It then compares these files with the contents of a ``stop file''
(by default suid.stop) containing
``ls -lga''
output for known setuid or setgid programs. In addition, it flags any
setuid or setgid programs that are either world-writable or shell scripts.
Any additions or changes to this list represent potential security
problems, so they are reported by mail to system administrators for further
investigation.
OPTIONS
- -m user
-
Mail the results to this user.
- -n
-
Do *not* follow NFS mounted partitions. This is probably not
portable on most machines -- check the string in the source code
that does the work; on a sun, it's:
- -o
-
Writes the results to a file, rather than mailing it.
- -s secure_dir
-
Sets the secure dir, good for running this in cron --
else it'll think it's "/", and you'll chmod that to 700 :-)
- -S
-
Set the search directory where the find starts. Warning -- does not
work with the
-x
flag!
"-type d \( -fstype nfs -prune \)";
FILES
suid.stop (the ``stop file'')
SEE ALSO
find(1), chmod(1), cron(8)
BUGS
The location of the stop file and the directories to be searched
are all defined by shell variables in the source. The
-S
and
-x
flags do not work together.
Keeping the stop files up to date with changes to all
the suid files on more than a couple of hosts is a royal pain!
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- FILES
-
- SEE ALSO
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 23:44:34 GMT, February 06, 2023