- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: SUID and SGUID
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2013 12:31 AM
06-13-2013 12:31 AM
SUID and SGUID
Dear Gurus,
Currently I am implementing security controls on Unix servers, from ISO 27001 Aduit report once of control says unauthorized set-UID or set-GID applications do not exist on the system.
using the script I mange to list all the files which has SUID and SGID permissions. I am not sure what will the effect or impact on the system if I remove those permissions? could you please advice from the below files or or reffer to attached files and advice which files will be safe to remove suid or sgid permissions.
-r-s------ root sys /opt/omni/lbin/inet
-r-sr-xr-x root bin /opt/perf/bin/glance
-r-sr-xr-x root bin /opt/perf/bin/xglance
-r-sr-xr-x root bin /opt/prm/bin/prmmove
-r-sr-xr-x root bin /opt/prm/bin/prmrun
-rwsr-xr-x root bin /opt/ssh/libexec/ssh-keysign
-r-sr-xr-x root bin /usr/bin/at
-r-sr-xr-x root bin /usr/bin/bdf
-r-sr-xr-x root bin /usr/bin/chfn
-r-sr-xr-x root bin /usr/bin/chsh
-r-sr-xr-x root bin /usr/bin/crontab
-r-sr-xr-x root bin /usr/bin/df
-r-sr-xr-x root bin /usr/bin/login
-r-sr-sr-x root mail /usr/bin/mail
-r-sr-xr-x root bin /usr/bin/mediainit
-r-xr-sr-x bin sys /usr/bin/netstat
-r-sr-xr-x root bin /usr/bin/newgrp
-r-sr-xr-x root bin /usr/bin/nfsstat
-r-sr-xr-x root bin /usr/bin/passwd
-r-sr-xr-x root sys /usr/bin/privrun
-r-sr-xr-x root bin /usr/bin/rcp
-r-sr-xr-x root bin /usr/bin/remsh
-r-sr-sr-x root mail /usr/bin/rmail
-r-sr-xr-x root bin /usr/bin/su
-r-sr-xr-x root bin /usr/bin/yppasswd
-r-sr-sr-x root bin /usr/lbin/chgpt
-r-xr-sr-x bin sys /usr/lbin/fs/hfs/diskusg
-r-xr-sr-x bin sys /usr/lbin/fs/vxfs/diskusg
-r-xr-sr-x bin sys /usr/lbin/fs/vxfs5.0/diskusg
-r-sr-xr-x daemon bin /usr/lbin/grmd
-r-sr-xr-- root lp /usr/lbin/netlp.asx
-r-sr-xr-x root bin /usr/lbin/protect_pty
-r-xr-sr-x bin mail /usr/lbin/rmmail
-r-sr-xr-x root bin /usr/lbin/rwrite
-r-sr-xr-x uucp bin /usr/lbin/uucp/uucico
-r-sr-xr-x uucp bin /usr/lbin/uucp/uuclean
-r-sr-xr-x uucp bin /usr/lbin/uucp/uusched
-r-sr-xr-x uucp bin /usr/lbin/uucp/uusub
-r-sr-xr-x uucp bin /usr/lbin/uucp/uuxqt
-r-sr-xr-x lp bin /usr/sbin/accept
-r-sr-xr-x root bin /usr/sbin/acct/accton
-r-sr-xr-x root bin /usr/sbin/arp
-r-sr-xr-x root sys /usr/sbin/authadm
-r-sr-xr-x root sys /usr/sbin/cmdprivadm
-rwsr-sr-x root sys /usr/sbin/dad
-r-sr-xr-x root bin /usr/sbin/keyenvoy
-r-xr-sr-x root sys /usr/sbin/lanscan
-r-sr-xr-x root bin /usr/sbin/lpadmin
-r-sr-xr-x lp bin /usr/sbin/lpfence
-r-sr-xr-x lp bin /usr/sbin/lpmove
-r-sr-xr-x root bin /usr/sbin/lpsched
-r-sr-xr-x lp bin /usr/sbin/lpshut
-r-sr-xr-x root sys /usr/sbin/lvm_wrapper
-r-sr-xr-x root sys /usr/sbin/lvmcmd
-r-sr-xr-x root sys /usr/sbin/lvmpcmd
.......
......
......
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_38682/LP2-SPOOL/usr/sbin/rlpdaemon
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_38682/LP2-SPOOL/usr/sbin/rlpstat
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_39365/UX2-CORE/usr/bin/login
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_39367/UX2-CORE/usr/bin/passwd
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_39418/SYS2-ADMIN/usr/bin/mediainit
-r-sr-xr-x root bin /var/adm/sw/save/PHCO_39690/UX2-CORE/sbin/shutdown
........
Regards
Jilan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2013 04:49 AM
06-13-2013 04:49 AM
Re: SUID and SGUID
>advice which files will be safe to remove suid or sgid permissions.
Just about none of them are safe to remove, these are needed for proper system operation and so are authorized.
And these programs will no longer work for normal users if SUID root is removed.
If you need to prove they belong to HP-UX can do the following:
1) Put the list of files in a file, one per line
2) swlist -l file | grep -f the-file-list
Any file not showing up would be suspicious.
You could also do a "swverify \*" to make sure all files have the correct permission and checksum.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2013 03:11 AM
06-16-2013 03:11 AM
Re: SUID and SGUID
Dennis, Thanks for the informatio. I just tried your suggestion and found good information.
i copied files one after another generated by the script and in one file and names as suid.txt and executed #swlist -l file | grep -f suid.txt it doesnot show anything ended up # prompt
later on i tried to execute swverify /* and ran the swjob and found permision issue for some folders....
just curious know what would be impact If i remove the suid permission to /var/adm/sw/save/PHXX_XXXX files? as I know the patches has been applied already to the server?
Regards
Jilan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2013 04:44 AM
06-17-2013 04:44 AM
Re: SUID and SGUID
>it does not show anything ended up # prompt
Make sure there are no leading trailing blanks/tabs in suid.txt. bin/bdf should be there.
>swlist -l file | ...
If you are going to do this several times, you should save the swlist output in a file.