Security
  Home arrow Security arrow Page 4 - Unix Host Security: Hacks 1-10
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SECURITY

Unix Host Security: Hacks 1-10
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 37
    2004-05-04

    Table of Contents:
  • Unix Host Security: Hacks 1-10
  • Secure Mount Points Hack #1
  • Scan for SUID and SGID Programs Hack #2
  • Scan For World- and Group-Writable Directories Hack #3
  • Create Flexible Permissions Hierarchies w/ith POSIX ACLs Hack #4
  • Protect Your Logs from Tampering Hack #5
  • Delegate Administrative Roles Hack #6
  • Automate Cryptographic Signature Verification Hack #7
  • Check for Listening Services Hack #8
  • Prevent Services from Binding to an Interface Hack #9
  • Restrict Services with Sandboxed Environments Hack #10
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Unix Host Security: Hacks 1-10 - Scan For World- and Group-Writable Directories Hack #3
    (Page 4 of 11 )


    Quickly scan for directories with loose permissions.


    World- and group-writable directories present a problem: if the users of a system have not set their umask properly, they will inadvertently create insecure files, completely unaware of the implications. With this in mind, it seems it would be good to scan for directories with loose permissions. Much like “Scan for SUID and SGID Programs” [Hack #2], this can be accomplished by running the find command:

    # find / -type d \( -perm -g+w -o -perm -o+w \) -exec ls -lad {} \;

    Any directories that are listed in the output should have the sticky bit set, which is denoted by a t in the directory’s permission bits. A world-writable directory with the sticky bit set ensures that even though anyone may create files in the directory, they may not delete or modify another user’s files. If you see a directory in the output that does not contain a sticky bit, consider whether it really needs to be world-writable or whether the use of groups or ACLs [Hack #4] will work better for your situation. If you really do need the directory to be world-writable, set the sticky bit on it using chmod +t.

    To get a list of the directories that don’t have their sticky bit set, run this:

    # find / -type d \( -perm -g+w -o -perm -o+w \) \
    -not -perm -a+t -exec ls -lad {} \;

    If you’re using a system that creates a unique group for each user (e.g., you create a user andrew, which in turn creates a group andrew as the primary group), you may want to modify the commands to not scan for group-writable directories. (Otherwise, you will get a lot of output that really isn’t pertinent.) To do this, run the command without the -perm -g+w portion.

    Buy the book!If you've enjoyed what you've seen here, or to get more information, click on the "Buy the book!" graphic. Pick up a copy today!

    Visit the O'Reilly Network http://www.oreillynet.com for more online content.

    Next: Create Flexible Permissions Hierarchies w/ith POSIX ACLs Hack #4 >>
     

    More Security Articles
    More By O'Reilly Media


     
    >>> Be the FIRST to comment on this article!

       

    SECURITY ARTICLES

    - An Epilogue to Cryptography
    - A Sequel to Cryptography
    - An Introduction to Cryptography
    - Security Overview
    - Network Security Assessment
    - Firewalls
    - What’s behind the curtain? Part II
    - What’s behind the curtain? Part I
    - Vectors
    - PKI: Looking at the Risks
    - A Quick Look at Cross Site Scripting
    - PKI Architectures: How to Choose One
    - Trust, Access Control, and Rights for Web Se...
    - Basic Concepts of Web Services Security
    - Safeguarding the Identity and Integrity of X...
    Find More Security Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway