HPE Community
Operating System - HP-UX
1752369 Members
6153 Online
108787 Solutions
New Discussion юеВ

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

 
SOLVED
Go to solution
chicuks
Advisor

тАО09-30-2009 02:25 AM

тАО09-30-2009 02:25 AM

Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

HI,
please could anyone help me to provide script to check if nosuid, noexec, nodev options are realized in /home; /var; /tmp directories or not.

only to check
0 Kudos
8 REPLIES 8
Pete Randall
Outstanding Contributor

тАО09-30-2009 02:29 AM

тАО09-30-2009 02:29 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

Take a look at the "find" command - particularly the "-perm" option.


Pete

Pete
0 Kudos
kobylka
Valued Contributor

тАО09-30-2009 02:45 AM

тАО09-30-2009 02:45 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

Hi!

For just some dispersed dirs/files you could also easily use the test command to check for this:

for dir in /home /var /tmp
do
if [ -x $dir ]; then echo $dir is executable; fi
if [ -u $dir ]; then echo $dir is set-uid-on-exec; fi
if [ -c $dir ]; then echo $dir is character special file; fi
if [ -b $dir ]; then echo $dir is block special file; fi
done


or

for dir in /home /var /tmp
do
if [ ! -x $dir -a ! -u $dir -a ! -c $dir -a ! -b $dir ]; then echo $dir OK; fi
done

Kind regards,

Kobylka
0 Kudos
chicuks
Advisor

тАО09-30-2009 02:52 AM

тАО09-30-2009 02:52 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

hey Pete,

hallo,

do u mean this?

find / -type f \( -perm -04000 -o -perm -02000 \) -exec ls -ld {} \;

ok now i want to put the condition in the script if the avobe options nodev;noexec;nosuid is present in the the directory-/home;/var;/tmp
if its there the output it should echo OK
if its not there it should echo that the the options are not there in directories .

could u help me in this??
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-30-2009 04:14 AM

тАО09-30-2009 04:14 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

Hi:

> please could anyone help me to provide script to check if nosuid, noexec, nodev options are realized in /home; /var; /tmp directories or not.

This is very interesting. A similar question was posted yesterday:

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1374899

My first response there is the same as here:

The mount options 'noexec' and 'nodev' don't exist (as far as I know) in HP-UX.

To find any 'setuid' executables, do:

# find /home /var /tmp -type f -perm -u+s

To find simple executables:

# find /home /var /tmp -type f \( -perm -u+x -o -perm -g+x -o -perm -o+x \)

For device files, do:

# find /home /var/ /tmp \( -type b -o -type c \)

You might be interested in:

http://www.devshed.com/c/a/Security/Unix-Host-Security-Hacks-1-10/1/

Regards!

...JRF...
0 Kudos
Matti_Kurkela
Honored Contributor

тАО09-30-2009 05:05 AM

тАО09-30-2009 05:05 AM

Solution

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

"nosuid", "noexec" and "nodev" look like Linux filesystem mount options. Only the "nosuid" option is supported in HP-UX vxfs and hfs filesystems.

These are not directory-specific options: if these options are set when the filesystem is mounted, the options will take effect in the entire mounted filesystem.

The current mount options are listed in the output of the "mount" command. This is the same both in Linux and in HP-UX.

Here's a script for you:

#!/bin/sh

if mount | grep '^/home' | grep -q nosuid; then
echo "nosuid is in effect in /home"
else
echo "nosuid is NOT in effect in /home"
fi

if mount | grep '^/var' | grep -q nosuid; then
echo "nosuid is in effect in /var"
else
echo "nosuid is NOT in effect in /var"
fi

if mount | grep '^/tmp' | grep -q nosuid; then
echo "nosuid is in effect in /tmp"
else
echo "nosuid is NOT in effect in /tmp"
fi

This script will check the nosuid mount option only. It should work just the same in HP-UX and Linux.

MK
MK
0 Kudos
chicuks
Advisor

тАО09-30-2009 05:49 AM

тАО09-30-2009 05:49 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

HI MK

Thanks a lot .this is the help i was looking for :-)
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО09-30-2009 05:53 AM

тАО09-30-2009 05:53 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

Hi:

> Thanks a lot .this is the help i was looking for :-)

You can assign points for all responses to the level that you found them useful.

...JRF...
0 Kudos
chicuks
Advisor

тАО10-02-2009 01:21 AM

тАО10-02-2009 01:21 AM

Re: Script to check if nosuid, noexec, nodev options are active in /home; /var;/tmp

thanx
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.