Member Avatar for ViLeNT

I want to write a script that makes sure users' home directories don't contain world writable directories, directories owned by other users, or
other potential security problems. I'd like to echo any directory where
one user's home directory can be modified some by another user.

Can someone help me with these additions? I think this would be very important as well.

  • 2 Contributors
  • 6 Replies
  • 466 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by sknake
Member Avatar for sknake

Here is one such utility I wrote:

#!/bin/bash
if ( [ "$1" = "" ] ); then
  echo ""
  echo "-find:     put all exceptions to files"
  echo "-del:      delete all exception files"
  echo "-fixsuids: fix the most common suids"
fi

if ( [ "$1" = "-find" ] ); then
  #To generate "path" :
  find / -maxdepth 1 -type d | grep -v '^/$' | grep -v '^/proc$' > path

  #suid
  find `cat path` -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; > out.suids

  #write permissions
  find `cat path` -type f \( -perm -2 -o -perm -20 \) -exec ls -la {} \; > out.f.write
  find `cat path` -type d \( -perm -2 -o -perm -20 \) -exec ls -lad {} \; > out.d.write

  #
  find `cat path` -type f \( -nogroup -o -nouser \) -exec ls -la {} \; > out.f.nouser
  find `cat path` -type d \( -nogroup -o -nouser \) -exec ls -lad {} \; > out.g.nouser
fi

if ( [ "$1" = "-del" ] ); then
  rm out.*
fi

if ( [ "$1" = "-fixsuids" ] ); then
   fsuids="wall ping ping6 mount umount su sudo traceroute6 traceroute \
           write newgrp cardctl cardinfo chsh chfn"

  for i in $fsuids
  do
    bin=`which $i`
    bin=`readlink -f $bin`
    if test -f $bin; then
      echo "Fixing $bin..."
      chown root:wheel $bin
      chmod o-rx `which $i`

    fi
  done

fi

unset i bin

You may want to run the suid part manually though -- I think when you chown a suid it removes the suid bit altogether for security reasons. Be sure you test that before running it on a production system.

Member Avatar for ViLeNT

Do you mind commenting your statements so I may see what each line is doing? I'm having some trouble translating this. Thank you so much for your help

Member Avatar for ViLeNT

Also can you explain exactly what this does when I run it? I ran it and typed ./checkeperm -find and it scrolls things such as:

for quite some time.

find: /var/www/htdocs/finaid/_notes: Permission denied
find: /var/www/htdocs/finaid/javascript: Permission denied
find: /var/www/htdocs/finaid/loans: Permission denied
find: /var/www/htdocs/finaid/needaid/css: Permission denied
find: /var/www/htdocs/finaid/needaid/_baks: Permission denied
find: /var/www/htdocs/finaid/needaid/_notes: Permission denied
find: /var/www/htdocs/finaid/2009-2010: Permission denied
find: /var/www/htdocs/finaid/2008-2009: Permission denied

Member Avatar for sknake

Did you run it as root?

The script for this is really excessive and not needed

#!/bin/bash
if ( [ "$1" = "" ] ); then
  echo ""
  echo "-find:     put all exceptions to files"
  echo "-del:      delete all exception files"
  echo "-fixsuids: fix the most common suids"
fi

if ( [ "$1" = "-find" ] ); then
  #To generate "path" :
  #this excludes directories from the search such as /proc
  #you can add your manual exclusions here. These are dirs off
  #the root /
  find / -maxdepth 1 -type d | grep -v '^/$' | grep -v '^/proc$' > path

  #suid
  #finds all suid files in the search directories listed in ./path
  find `cat path` -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; > out.suids

  #write permissions
  #finds o+x files
  find `cat path` -type f \( -perm -2 -o -perm -20 \) -exec ls -la {} \; > out.f.write
  #finds o+x directories
  find `cat path` -type d \( -perm -2 -o -perm -20 \) -exec ls -lad {} \; > out.d.write

  #finds all files that do not have a user associate with them. This happens if you
  #add a user, they create a file, then you delete them.
  find `cat path` -type f \( -nogroup -o -nouser \) -exec ls -la {} \; > out.f.nouser
  #same as above but directories
  find `cat path` -type d \( -nogroup -o -nouser \) -exec ls -lad {} \; > out.g.nouser
fi

if ( [ "$1" = "-del" ] ); then
  #cleans up the temp files
  rm out.*
fi

if ( [ "$1" = "-fixsuids" ] ); then
  #dont use this, it doesnt work right
   fsuids="wall ping ping6 mount umount su sudo traceroute6 traceroute \
           write newgrp cardctl cardinfo chsh chfn"

  for i in $fsuids
  do
    bin=`which $i`
    bin=`readlink -f $bin`
    if test -f $bin; then
      echo "Fixing $bin..."
      chown root:wheel $bin
      chmod o-rx `which $i`

    fi
  done

fi

unset i bin

After you run the script as root check the out.* files it creates in the working directory. It will give you a list of files/dirs that meet the criteria

Member Avatar for ViLeNT

So basically this is going to create a list of files and directories that meet the criteria O+X and or SUID and echo these results and must be run as root to work properly. Is this correct?

and -del is used to delete -find results incase I want to run it again correct?

So whereever I execute this file the out.* is going to be placed there?

Member Avatar for sknake

Yes. You can change the behavior to use stdout but it will likely scroll the data off of your screen.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.