File System Checks

Examples of find tool
Check file permissions: Most files should be -rw-r-, most dirs drwxr-x---

Check for files or dirs that are world readable find. -perm +o+r find. -perm +004

Check for files or dirs that are not world readable find. -perm -o-r find. -perm -004 find. -perm -o-r -exec chmod go+r {} \;

Check for files or dirs that are world writeable find. -perm +o+w find. -perm +002 find. -perm +002 -exec ls -ld {} \; find. -perm +002 -exec chmod o-w {} \; find. -perm +022 -exec chmod go-w {} \; find. -perm +002 ! -type l

Check for files that have the x bit set find. -type f -perm +111 find. -type f -perm +111 ! -name *.cgi -exec chmod a-x {} \; find. -type f -perm +111 -exec setexecutablepermssion.sh {} \;

see below for content of setexecutablepermssion.sh

Check for dirs with the r or x bit not set for user or group (ignore other) find. -type d ! -perm -550 find. -type d ! -perm -550 -exec chmod ug+rx {} \; find. -type d ! -perm -555 -exec chmod a+rx {} \;

Check for files or dirs that are group writeable, without the group s-bit set find. -perm +020 ! -perm +2000 find. -perm +020 ! -perm +2000 -exec ls -ld {} \;

Check for executable files with an s-bit set find. -type f -perm +111 -perm +6000 find /bin /sbin /usr -type f -perm +111 -perm +6000 find /bin /sbin /usr -type f -perm +111 -perm +4000 -user root -exec ls -l {} \; find /bin /sbin /usr -type f -perm +111 -perm +2000 -group root -exec ls -l {} \;

Check for files with settings other then -rw-r- find. -type f ! -perm 640

Check for files with settings other then -rw-r--r-- find. -type f ! -perm 644

Check for files with settings other then -rw-rwSr-- find. -type f ! -perm 4644

Check for files with settings other then -rwSrwSr-- find. -type f ! -perm 6644

Check for dirs with settings other then drwxr-x--- find. -type d ! -perm 750

Check for dirs with settings other then drwxr-xr-x find. -type d ! -perm 755

Check for dirs with settings other then drwxrwsr-x find. -type d ! -perm 4755

Check for owner other then freek find. ! -user freek find. ! -user freek -exec ls -ld {} \;

Check for owner other then shares find. ! -user shares

Check for files without known user find. -nouser

setexecutablepermssion.sh
if [ -z $1 ]; then echo "usage: find . -type f -perm +111 -exec $0 {} \;" echo "Checks if file is executable, and if not, removes executable bit" echo "Depends on the 'file' program" exit 1; fi if file $1 | sed "s/.*: //" | grep executable > /dev/null 2>&1; then echo "$1 is executable" else echo "$1 is just a regular file; remove executable bit" chmod a-x "$1" fi
 * 1) !/bin/sh
 * 1) usage: find . -type f -perm +111 -name -exec $0 {} \;