ProLiant Servers - Netservers

SUID settings on RedHat Linux with Proliant Support Pack

 
CA1350361
New Member

SUID settings on RedHat Linux with Proliant Support Pack

I'm trying to lock down the rights on a Redhat Linux DL380.

As a policy we turn off SUID bits on all files except for /bin/passwd and a few other special files. As you may know, this prevents potentially dangerous processes to be initiated that have the permissions of the owner of the file.

When we find all files with permissions of +4000, we get:

/usr/bin/passwd (which is OK)

but also a ton of files like:

/var/spool/compaq/hpasm/registry/stdeq/serial.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.1
/var/spool/compaq/hpasm/registry/stdeq/usbPort.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.3
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.2
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.2.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.6
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.6.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.29
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.29.0
...
...
/var/spool/compaq/hpasm/registry/scsi/scsilist
/opt/hp/hpsmh/data/cgi-bin/vcagent/cgi

Which are not OK because of the security issue.

So I turned off SUId permission with:

chmod u-s /var/spool/compaq/hpasm/registry/stdeq/*

but after a reboot all the SUID settings have reverted back to their insecure level.

Is there a justification for leaving this SUID bit set on all these files? It seems like a security issue to me.

And how do I permanently turn off this setting? Thanks.

-tom