Hi
I'm logged in to an AIX box now and we need to do an audit on this box.
cbssapr01:# pwd
/
Which command will show all the files and directories owned by root user with permissions as 777 ?
Try this,
find . -user root -perm 777
1 Like
Don't forget to search for the most dangerous ones:
2777 (sgid) and 4777 (suid) and 6777 (sgid and suid).
1 Like
This command shows the soft links also. How to ignore the soft links and just view the files and directories alone.
find . -user root -perm 777 -ls
find . -user root -perm 777 \( -type f -o -type d \) -ls
Use -type option in find command
f ---> file
d ---> directory
this wont find a file with rwsr-xr-x for example
is it possible to use wildcards, or just search for the sticky bit?
of course it's possible to use find, and grep for rwsr-xr-x, or other variations, but this will take forever when run in /
Sorry but are you joking ?
If you do not know how to check permissions you should not be doing audits, ask your boss to hire professional
@funksen
The original post was about 777 permissions. It is possible to use the "or" features of "find" to search for more than one set of permissions in the same pass.
If this is a one-off exercise on a small system then multiple passes may be acceptable.
I periodically search for "suid" and/or "sgid" files (in one pass) and compare with a master list. This "find" uses the wildcard feature of "-perm". It's actually been more useful for finding files where someone has accidentally changed the permissions than finding hacks.