Security Toolbox
Auditing Security
There are many applications and application suites available to perform regular security audits and track changes to critical files. In addition, you have the power to perform a quick security audit on your system by using the find command. This is by no means a deep security audit but just a quick and dirty scan of your system to find files that have the SUID/SGID permission set that shouldn’t. Having these permissions bits set on files owned by root is a serious vulnerability, because they can allow users who do not have root access to execute commands as root and potentially initiate a root account compromise.
What you’re looking for is files that have permissions set similar to the following:
-rwSr-xr-x (SUID) or –rw-r-Sr-x (SGID)
The following find command locates all files with the SUID permission set for root:
# find / -type f -perm -u=s -ls
Here are some examples of files that match this permission:
12734848 44 -rwsr-xr-x 1 root root 44320 Mar 14 05:37 /usr/bin/mount 12734863 32 -rwsr-xr-x 1 root root 32208 Mar 14 05:37 /usr/bin/su 12734867 32 -rwsr-xr-x 1 root root 32048 Mar 14 05:37 /usr/bin/umount 13025626 144 ---s--x--x 1 root root 147392 Oct 30 2018 /usr/bin/sudo 12777317 60 -rwsr-xr-x 1 root root 57664 Nov 20 2018 /usr/bin/crontab 13037754 28 -rwsr-xr-x 1 root root 27832 Jun 10 2014 /usr/bin/passwd
Similarly, the find command to locate files that have the SGID permission set is as follows:
# find / -type f -perm -u=s -ls
And here are some examples of matching files:
12649555 16 -r-xr-sr-x 1 root tty 15344 Jun 9 2014 /usr/bin/wall 12734873 20 -rwxr-sr-x 1 root tty 19624 Mar 14 05:37 /usr/bin/write 13015059 376 ---x--s--x 1 root nobody 382240 Apr 10 2018 /usr/bin/ssh-agent
As you can see from you own listing, the number of files with SGID set is far fewer than those with SUID set. Some system files require SUID/SGID permission to be set, but there are very few of them. You need to perform a baseline audit of your systems upon initial installation and then track those changes periodically to be sure that no rogue programs or users have exploited this security flaw.
Conclusion
There are several other Linux hardening methods such as PAM, iptables, enabling SELinux, removing any X display managers, and regular port monitoring, but these are outside the scope of this article. I may revisit them in future installments individually. As stated previously, you can’t remove all network access to your servers, because that defeats the purpose of having a server. But now you have a small but powerful toolbox of utilities and techniques that will help you to keep your systems safer.

« Previous 1 2 3
Buy Linux Magazine
Direct Download
Read full article as PDF:
News
-
KDE Launches the Qt 5 Patch Collection
To support and maintain a stable Qt 5 for KDE Gears and Frameworks, KDE will maintain a patch collection.
-
Linux Creator Warns Next Kernel Could be Delayed
Linus Torvalds has issued concern about the size of kernel 5.12 and possible delays for its release.
-
System76 Updates its Pangolin Laptop
System76 has released a much-anticipated AMD version of their most popular laptop, the Pangolin.
-
New Debian-Based Distribution Arrives on the Market
TelOS is a new Debian-based Linux distribution with a customized, touch-screen-ready KDE Plasma 5 desktop.
-
System76 Releases New Thelio Desktop
One of the most ardent supporters of open source hardware has released a new desktop machine for home or office.
-
Mageia 8 Now Available with Linux 5.10 LTS
The latest release of Mageia includes improved graphics support for both AMD and NVIDIA GPUs.
-
GNOME 40 Beta has been Released
Anyone looking to test the beta for the upcoming GNOME 40 release can now do so.
-
OpenMandriva Lx 4.2 has Arrived
The latest stable version of OpenMandriva has been released and offers the newest KDE desktop and ARM support.
-
Thunderbird 78 Ported to Ubuntu 20.04
The Ubuntu developers have made the decision to port the latest release of Thunderbird to the LTS version of the platform.
-
Elementary OS is Bringing Multi-Touch Gestures to the OS
User-friendly Linux distribution, elementary OS, is working to make using the fan-favorite platform even better for laptops.