码迷,mamicode.com
首页 > 其他好文 > 详细

跟踪设有setuid的程序

时间:2019-10-22 00:43:41      阅读:94      评论:0      收藏:0      [点我收藏+]

标签:grep   tput   bsp   系统   efault   setuid命令   span   show   user   

大家都知道,设置有s位的程序非常危险,简直就是个不定时炸弹。作为管理员,必须找出系统中所有的setui或者setgid权限。

脚本会检查系统所有的setuid命令,查看是组可写还是全局可写,在最近的$mtime天有没有被修改过。

#!/bin/bash

# findsuid--Checks all SUID files or programs to see if they‘re writeable

mtime="7"       # How far back (in days) to check for modified cmds

verbose=0       # By default, let‘s be quiet about things.

if [ "$1" = "-v" ] ; then

  verbose=1          # User-specified findsuid v, so let‘s be verbose.

fi

# "find perm" looks at the permissions of the file: 4000 and above are setuid/setgid.

find / -type f -perm +4000 -print0 | while read -d ‘‘ -r match

do

  if [ -x "$match" ] ; then

    # Let‘s split out file owner and permissions from the "ls ld" output.

    owner="$(ls -ld $match | awk ‘{print $3}‘)"

    perms="$(ls -ld $match | cut -c5-10 | grep ‘w‘)"

 

    if [ ! -z $perms ] ; then

      echo "**** $match (writeable and setuid $owner)"

    elif [ ! -z $(find $match -mtime -$mtime -print) ] ; then

      echo "**** $match (modified within $mtime days and setuid $owner)"

    elif [ $verbose -eq 1 ] ; then

      # By default, only dangerous scripts are listed. If verbose, show all.

      lastmod="$(ls -ld $match | awk ‘{print $6, $7, $8}‘)"

      echo "     $match (setuid $owner, last modified $lastmod)"

    fi

  fi

done

exit 0

跟踪设有setuid的程序

标签:grep   tput   bsp   系统   efault   setuid命令   span   show   user   

原文地址:https://www.cnblogs.com/xyz999/p/11717353.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!