Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!snorkelwacker.mit.edu!mit-eddie!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.admin
Subject: Re: Security audit programs
Message-ID: <612@minya.UUCP>
Date: 26 Mar 91 04:40:52 GMT
References: <40371@cup.portal.com>
Lines: 26

In article <40371@cup.portal.com>, PLS@cup.portal.com (Paul L Schauble) writes:
> I have a vague recollection of a program posted to comp.sources a while
> back that would scan a filesystem and catalog setuid and setgid program
> files.
> 
> Can anyone give me a pointer to this, or to similar commercial programs that
> can be used for a periodic security audit?

Hardly a need for a special program.  What I do is:

	find / -user root -perm -4000 -exec ls -ld {} ';'

This of course only checks for setuid-root programs, which are the really 
suspicious ones.  To answer your question more exactly:

	find / -perm -4000 -o -perm -0200 -exec ls -ld {} ';'

(Actually, I wouldn't be very surprised to find that someone had written
a separate program to duplicate this special case.  People do silly things
like that all the time. ;-)

-- 
All opinions Copyright (c) 1991 by John Chambers.  Inquire for licensing at:
Home: 1-617-484-6393 
Work: 1-508-486-5475
Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc