|
Softwares          |
Main /
SecuringANewLinuxServerMain.SecuringANewLinuxServer HistoryHide minor edits - Show changes to output Added lines 1-3:
(:Google1:) (:Googlemm:) ---- Added lines 39-41:
---- (:Googletxt:) Changed lines 1-2 from:
%blue%Locate and Remove SUID/SGID's SUID (set user ID) or a SGID (set group ID) program is one that allows an ordinary user to execute it with elevated privileges. to:
%blue%'''Locate and Remove SUID/SGID's SUID (set user ID) or a SGID (set group ID) program is one that allows an ordinary user to execute it with elevated privileges'''. Changed lines 7-8 from:
*Sets the user ID bit on the file "myfile". The command: to:
*'''Sets the user ID bit on the file "myfile". The command:''' Changed lines 18-19 from:
*To set the sticky bit in a directory, do the following: to:
*'''To set the sticky bit in a directory, do the following:''' Added lines 1-35:
%blue%Locate and Remove SUID/SGID's SUID (set user ID) or a SGID (set group ID) program is one that allows an ordinary user to execute it with elevated privileges. chmod +s myfile The SUID/SGID bit can be removed with, for example, chmod -s *Sets the user ID bit on the file "myfile". The command: chmod g+s myfile %green%STICKY DIRECTORIES When the sticky bit is set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable. *To set the sticky bit in a directory, do the following: chmod +t d/tmp [root@wordsworth /]# find / -perm -4000 /bin/ping6 /bin/umount /bin/traceroute6 /bin/mount /bin/traceroute /bin/ping /bin/su [root@wordsworth /]# ll /bin/ping -rwsr-xr-x 1 root root 33272 May 4 2006 /bin/ping Check '''-rwsr-xr-x''' |