HPE Community
Operating System - HP-UX
1834458 Members
2601 Online
110067 Solutions
New Discussion

List of valid files to have SUID and GUID bit set

 
SOLVED
Go to solution
Bill Costigan
Honored Contributor

‎10-14-2002 09:08 AM

‎10-14-2002 09:08 AM

List of valid files to have SUID and GUID bit set

Is there a list somewhere of the HP-UX files that should have the SUID or GUID bit set. I'd like to compare that with the files on my system that actually have the bit set.

Thanks,
Bill
0 Kudos
Reply
10 REPLIES 10
Christopher Caldwell
Honored Contributor

‎10-14-2002 10:40 AM

‎10-14-2002 10:40 AM

Re: List of valid files to have SUID and GUID bit set

Use swverify to check permissions.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎10-14-2002 11:02 AM

‎10-14-2002 11:02 AM

Re: List of valid files to have SUID and GUID bit set

Not that I know of because over time this gets changed from installation of patches (especially security patches), software, etc, etc.
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎10-14-2002 11:32 AM

‎10-14-2002 11:32 AM

Re: List of valid files to have SUID and GUID bit set

I assume the swverify will check that all files installed with swinstall have the original bits set. This will also reflect new patches that might have changed the recommended bit settings.

Is this true?

But there is no way to ensure someone didn't add a file and set its SUID or GUID bits?

Is this also true?



0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎10-14-2002 11:46 AM

‎10-14-2002 11:46 AM

Solution

Re: List of valid files to have SUID and GUID bit set

>I assume the swverify will >check that all files >installed with swinstall >have the original bits set. >This will also reflect new >patches that might have >changed the recommended bit >settings.

>Is this true?

Yes.

>But there is no way to >ensure someone didn't add a >file and set its SUID or >GUID bits?

Find that which swverify says has setuid,setgid set. Make a list. Find that which find says has setuid,setgid set. Take a diff.

(Painful, but it would work).

Is this also true?
Reply
S.K. Chan
Honored Contributor

‎10-14-2002 11:48 AM

‎10-14-2002 11:48 AM

Re: List of valid files to have SUID and GUID bit set

Well, swverify won't tell you what has changed (for example a specific file that had just got its SUID set). To detect this kind of changes, you got to run somekind of security checking software regularly and produces report of all SUID files or write your own script. Here we regularly run full Medusa report (once a week) that enables our system security guru to detect if any files was added/changed that has its SUID/GUID set.
Reply
Bill Hassell
Honored Contributor

‎10-14-2002 11:49 AM

‎10-14-2002 11:49 AM

Re: List of valid files to have SUID and GUID bit set

The file settings in Software Distributor (ie, swinstall) are stored in the information files found in /var/adm/sw/products. The INFO file has all the correct ownerships and mode flags. You'll need to use sed or awk to hook the filename/directoryname together with the mode and ownership information. Since this can be scripted, you can run the script to produce a list of valid SUID/GID files and use that in scanning for rogues.


Bill Hassell, sysadmin
Reply
Bill Costigan
Honored Contributor

‎10-14-2002 12:33 PM

‎10-14-2002 12:33 PM

Re: List of valid files to have SUID and GUID bit set

Thanks to all !!
0 Kudos
Reply
RAC_1
Honored Contributor

‎10-14-2002 01:17 PM

‎10-14-2002 01:17 PM

Re: List of valid files to have SUID and GUID bit set

how about using find with -perm option to find out SUID/GUID files?

But this will be using a lot CPU and time consuming command.
There is no substitute to HARDWORK
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎10-14-2002 04:07 PM

‎10-14-2002 04:07 PM

Re: List of valid files to have SUID and GUID bit set

I keep a list on my web-site of the settings just after an install:

http://newfdawg.com/SecBook-ListSource.htm

- Chris
Reply
Bill Costigan
Honored Contributor

‎10-15-2002 04:39 AM

‎10-15-2002 04:39 AM

Re: List of valid files to have SUID and GUID bit set

Thanks Chris

That was what I was looking for.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.