Verify Permissions on Important Files and Directories

Post date: Oct 10, 2012 2:21:31 PM

1.Verify permissions on passwd, shadow, group, and gshadow files

cd /etc

chown root:root passwd shadow group gshadow

chmod 644 passwd group

chmod 400 shadow gshadow

2.Verify all world-writable directories have sticky bits set

Find all the files that are world-writable and do not have their sticky bits set.

find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

Set the sticky bit ( # chmod +t {dir} ) for all the directories that result from running the aforementioned command.

3.Find unauthorized world-writable files

Find all the files that are world-writable and fix each file listed.

find / -xdev -type f -perm -0002 -print

Set the right permissions (# chmod o-w {file}) for all the files generated by running the aforementioned command.

4.Find and repair un-owned files

Find all the files that do not belong to a valid user or group and either assign an owner or remove the file, as appropriate.

find / -xdev \( -nouser -o -nogroup \) -print

5.Verify all world-writable directories have proper ownership

Find all the directories that are world-writable and ensure they are owned by either root or a system account (assuming only system accounts have a UID lower than 500). If the command generates any output, verify the assignment is correct or reassign it to root.

find / -xdev -type d -perm -0002 -uid +500 -print