Genral Web Comments
Tuesday, August 30, 2005
 
Chapter�2.�Securing the File System
Chapter�2.�Securing the File System


Insecure files summary

Once you have obtained the list(s) of world-writable files and directories, you will want to save those lists in a secure place. Make a copy of the lists on a floppy, or other secure location, so you have them to reference, if needed. If you are using gpg, or have installed the md5 utility, you will want to run a checksum of your file, or digitally sign it, so that in the event you need to reference that file, you are able to verify that it has not been tampered with.

You will also want to periodically re-check your file system to make sure that no new files with the above permissions issues have been introduced into your system, that you are unaware of. To accomplish this, you can copy the following script, which combines the above commands, and run it from the cron tab on a regular basis.

#!/bin/bash

#simple script to check for world writable files and setUID/setGID files.

# baseline world-writable files list
BL_WWF='/SCRIPTS/security/harden/world-writable-files.txt'

#baseline setuid files list
BL_SUID='/SCRIPTS/security/harden/setuid-files.txt'

TODAY=`date +%y%m%d`

printf "Checking the file system for world-writable files ..... "
find / \( -type d -o -type f \) -perm +002 > /tmp/${TODAY}-wwf.txt
printf " done.\n"

printf "Checking the file system for setUID/GID files ..... "
find / -type f \( -perm -04000 -o -perm -02000 \) > /tmp/${TODAY}-suid.txt
printf " done.\n"

diff ${BL_WWF} /tmp/${TODAY}-wwf.txt > /tmp/${TODAY}-wwf.diff

diff ${BL_SUID} /tmp/${TODAY}-suid.txt > /tmp/${TODAY}-suid.diff

printf "Changed world-writable files:\n"
cat /tmp/${TODAY}-wwf.diff | mail -s "World Writable Files for ${TODAY}" charlie@localhost

printf "Changed setUID/GID files:\n"
cat /tmp/${TODAY}-suid.diff | mail -s "setU/GID Files for ${TODAY}" charlie@localhost

This may take a few minutes depending upon the size of your file system. For example, on a file system spanning multiple drives, and totaling approximately 160GB, it could take as long as 10 minutes.

To run the script from the crontab, enter a line like the following into the cron:

0 0 * * * /SCRIPTS/security/harden/check_files.sh

This will run the script every night at midnight. You will want to make adjustments for your own application.

- posted by Gp @ 9:31 AM

Powered by Blogger