Checking file privileges
Another possible avenue of attack on your system is through the
placing of privileges on a program. You should check the
privileges on your system periodically. If you create a reference
file the first time you run this procedure, it will help you
quickly discover any future changes.
To obtain a list of privileges on files on your system, perform
the following:
-
Execute
find / -type f -perm -111 -print -exec filepriv {} \; > filename
The filename is the name of a temporary file. This can be
archived for later use as a reference file.
-
Check the filename file for any suspicious programs; for example,
programs that have more privileges than they should. Take corrective
action to remove the privileges using the
filepriv
command.
See
``Administering privilege''
for more information.
Next topic:
Example: checking file privileges
Previous topic:
Example: checking set-UIDs by filesystem
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004