- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers - Netservers
- >
- Who Me Too'd this topic
ProLiant Servers - Netservers
1753430
Members
4748
Online
108793
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Who Me Too'd this topic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2005 03:06 AM
12-12-2005 03:06 AM
SUID settings on RedHat Linux with Proliant Support Pack
I'm trying to lock down the rights on a Redhat Linux DL380.
As a policy we turn off SUID bits on all files except for /bin/passwd and a few other special files. As you may know, this prevents potentially dangerous processes to be initiated that have the permissions of the owner of the file.
When we find all files with permissions of +4000, we get:
/usr/bin/passwd (which is OK)
but also a ton of files like:
/var/spool/compaq/hpasm/registry/stdeq/serial.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.1
/var/spool/compaq/hpasm/registry/stdeq/usbPort.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.3
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.2
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.2.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.6
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.6.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.29
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.29.0
...
...
/var/spool/compaq/hpasm/registry/scsi/scsilist
/opt/hp/hpsmh/data/cgi-bin/vcagent/cgi
Which are not OK because of the security issue.
So I turned off SUId permission with:
chmod u-s /var/spool/compaq/hpasm/registry/stdeq/*
but after a reboot all the SUID settings have reverted back to their insecure level.
Is there a justification for leaving this SUID bit set on all these files? It seems like a security issue to me.
And how do I permanently turn off this setting? Thanks.
-tom
As a policy we turn off SUID bits on all files except for /bin/passwd and a few other special files. As you may know, this prevents potentially dangerous processes to be initiated that have the permissions of the owner of the file.
When we find all files with permissions of +4000, we get:
/usr/bin/passwd (which is OK)
but also a ton of files like:
/var/spool/compaq/hpasm/registry/stdeq/serial.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.1
/var/spool/compaq/hpasm/registry/stdeq/usbPort.2
/var/spool/compaq/hpasm/registry/stdeq/usbPort.3
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.0.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.2
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.2.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.6
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.6.0
/var/spool/compaq/hpasm/registry/stdeq/pcislot.0.29
/var/spool/compaq/hpasm/registry/stdeq/pcifunc.0.29.0
...
...
/var/spool/compaq/hpasm/registry/scsi/scsilist
/opt/hp/hpsmh/data/cgi-bin/vcagent/cgi
Which are not OK because of the security issue.
So I turned off SUId permission with:
chmod u-s /var/spool/compaq/hpasm/registry/stdeq/*
but after a reboot all the SUID settings have reverted back to their insecure level.
Is there a justification for leaving this SUID bit set on all these files? It seems like a security issue to me.
And how do I permanently turn off this setting? Thanks.
-tom
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP