* Scott Gifford wrote:
> "Koen" <[EMAIL PROTECTED]> writes:
>
>> > Anyone know where I can find step-by-step documentation
>> > on Hardening RH Linux boxes? I usually just use Bastille
>> > Linux to do the hardening but I'd also like a better
>> > understanding to be able to also perform the task manually
>> > as well.
>
> [...]
>
>> What I do first after installation is an 'rpm -qa > rpmfiles' and check out
>> every rpm that's in there and see wether I really do need it. If not it's
>> easily removed with rpm -e.
>
> Also:
>
> Be especially cautious of programs which have setuid/setgid
> permissions. Use:
>
> find /usr/bin -perm -02000 -o -perm -04000 -ls
> [ .. ]
If you really want to remove all SUID permissions you can make a
script. I wouldn't do this on any of my systems but as I said earlier.
It is your system so if you break it. Don't say i didn`t warn you about
doing this ;)
,----
| find / -type f \( -perm -04000 \) \-exec /bin/chmod a-s {} \;
`----
.. or put this Script in you cron.daily
,----[ untested ]
| #!/bin/sh
| #
| # Lists SGID & SUID files and emails to you.
| #
| (
| echo "To: your name <yourname@yourdomain>"
| echo "From: system <root@yourdomain>"
| echo "Subject: Your Daily SGID & SUID - Report"
| # customie $PATH
| echo PATH=/sbin:/usr/sbin:/bin:/usr/bin:
| export PATH
| echo "List of SGID & SUID files:"
| echo
| # The "find command cat" line gets wraped in email.
| # you can remove the \ on the find line and move the
| # cat line back to the end of the find line
| find / -type f \( -perm -04000 -o -perm -02000 \) \
| \-exec ls -lg {} \;| cat
| # or qmail or exim or mail or ...
| ) 2>&1 | /usr/lib/sendmail -t
| exit 0
`----
HTH
--
http://3d-crew.com
ROOT: Robotic Organism Optimized for Troubleshooting
