Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!mcsun!ukc!ox-prg!bush
From: bush@ecs.ox.ac.uk (Mark Bush)
Newsgroups: comp.unix.admin
Subject: Re: Security audit programs
Message-ID: <1505@culhua.prg.ox.ac.uk>
Date: 27 Mar 91 14:00:21 GMT
References: <40371@cup.portal.com> <612@minya.UUCP>
Sender: news@prg.ox.ac.uk
Organization: Oxford University Computing Laboratory
Lines: 22

In article <612@minya.UUCP> jc@minya.UUCP (John Chambers) writes:
>In article <40371@cup.portal.com>, PLS@cup.portal.com (Paul L Schauble) writes:
>> I have a vague recollection of a program posted to comp.sources a while
>> back that would scan a filesystem and catalog setuid and setgid program
>> files.
>
>	find / -perm -4000 -o -perm -0200 -exec ls -ld {} ';'
>

Hmmm...your `ld' flags suggest you mean to find directories?  Personally, I
prefer to ignore directories when I do these searches...the set groupid flag
on directories is used a lot here (SunOS).  Add a `! -type d' to the list to
ignore them...makes the output easier to peruse. 8*)

What I run here on each filesystem containing user areas is:

find . -xdev \! -type d \( -perm -04000 -o -perm -02000 \) -ls -exec file {} \;

(The -xdev is not normally needed, but, on the server, I may find the need
for mounting things in strange places! 8*)

Mark