[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
/etc/security search for world/groupwritable files
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: /etc/security search for world/groupwritable files
- From: Han Boetes <han_(_at_)_mijncomputer_(_dot_)_nl>
- Date: Sat, 24 Dec 2005 17:14:07 +0100
- Mail-followup-to: tech_(_at_)_openbsd_(_dot_)_org
I recently found a worldwritable file, extracted by some tarball
and though it would be nice if cron would find files like that and
report about them.
So here is an extension to /etc/security that takes care of
them. I added it at the bottom of /etc/security
The Settings variables maybe should be sourced from another file,
but for my purposes this works fine.
I hope you find it useful.
# Check for world/groupwritable files.
# These dirs will be ignored recursively.
PRUNEPATHS="/proc /mnt /dev /tmp /usr/tmp /var/tmp"
# These files and dirs are allowed to be group-writable and will
# be ignored.
# These files and dirs are allowed to be world-writable and will
# be ignored.
unset includes or
if [ -n "$PRUNEPATHS" ]; then
for path in $PRUNEPATHS; do
includes="$includes $or -path $path -prune"
if [ -n "$FILESYSTEMS" ]; then
includes="$includes -or ("
for fstype in $FILESYSTEMS; do
includes="$includes $or -fstype $fstype"
find / $includes \( -perm -0002 -or -perm -0020 \) ! -perm -1000 ! -type l > $TMP1 2>&1
# Now filter out the prunepath names since with this command they
# show up.
if [ -n "$PRUNEPATHS $WORLDWRITABLE $GROUPWRITABLE" ]; then
set -- $PRUNEPATHS $WORLDWRITABLE $GROUPWRITABLE
while [ $# -gt 1 ]; do
egrep -v "^$filters\$" $TMP1 > $TMP2
cat $TMP2 > $TMP1
# Add the groupwritable files that happen to be worldwritable.
find $GROUPWRITABLE -prune -perm -0002 >> $TMP1
if [ -s $TMP1 ]; then
echo 'These files are world-writeable or group writable!!'
ls -ld $(< $TMP1 )
Visit your host, monkey.org