File System Checks

From Exterior Memory
Jump to: navigation, search

File System Checks

Examples of find tool

Check file permissions: Most files should be -rw-r-----, most dirs drwxr-x---

Check for files or dirs that are world readable 

find . -perm +o+r
find . -perm +004

Check for files or dirs that are not world readable 

find . -perm -o-r
find . -perm -004
find . -perm -o-r -exec chmod go+r {} \;

Check for files or dirs that are world writeable 

find . -perm +o+w
find . -perm +002
find . -perm +002 -exec ls -ld {} \;
find . -perm +002 -exec chmod o-w {} \;
find . -perm +022 -exec chmod go-w {} \;
find . -perm +002 ! -type l

Check for files that have the x bit set 

find . -type f -perm +111
find . -type f -perm +111 ! -name *.cgi -exec chmod a-x {} \;
find . -type f -perm +111 -exec setexecutablepermssion.sh {} \;

see below for content of setexecutablepermssion.sh

Check for dirs with the r or x bit not set for user or group (ignore other) 

find . -type d ! -perm -550
find . -type d ! -perm -550 -exec chmod ug+rx {} \;
find . -type d ! -perm -555 -exec chmod a+rx {} \;

Check for files or dirs that are group writeable, without the group s-bit set 

find . -perm +020 ! -perm +2000
find . -perm +020 ! -perm +2000 -exec ls -ld {} \;

Check for executable files with an s-bit set 

find . -type f -perm +111 -perm +6000
find /bin /sbin /usr -type f -perm +111 -perm +6000
find /bin /sbin /usr -type f -perm +111 -perm +4000 -user root -exec ls -l {} \;
find /bin /sbin /usr -type f -perm +111 -perm +2000 -group root -exec ls -l {} \;

Check for files with settings other then -rw-r----- 

find . -type f ! -perm 640

Check for files with settings other then -rw-r--r-- 

find . -type f ! -perm 644

Check for files with settings other then -rw-rwSr-- 

find . -type f ! -perm 4644

Check for files with settings other then -rwSrwSr-- 

find . -type f ! -perm 6644

Check for dirs with settings other then drwxr-x--- 

find . -type d ! -perm 750

Check for dirs with settings other then drwxr-xr-x 

find . -type d ! -perm 755

Check for dirs with settings other then drwxrwsr-x 

find . -type d ! -perm 4755

Check for owner other then freek 

find . ! -user freek
find . ! -user freek -exec ls -ld {} \;

Check for owner other then shares 

find . ! -user shares

Check for files without known user 

find . -nouser

setexecutablepermssion.sh

#!/bin/sh
if [ -z $1 ]; then
    echo "usage: find . -type f -perm +111 -exec $0 {} \;"
    echo "Checks if file is executable, and if not, removes executable bit"
    echo "Depends on the 'file' program"
    exit 1;
fi
# usage: find . -type f -perm +111 -name -exec $0 {} \;
if file $1 | sed "s/.*: //" | grep executable > /dev/null 2>&1; then
    echo "$1 is executable"
else
    echo "$1 is just a regular file; remove executable bit"
    chmod a-x "$1"
fi
Retrieved from "http://www.macfreek.nl/memory/index.php?title=File_System_Checks&oldid=5661"