World Writeable System Files

mccartjd · 05-30-2008, 06:08 AM

Hello,

As part of a security lockdown procedure, I need to account for many of the world writable system files on an installation.

These files in question here are:

srw-rw-rw- 1 root root 0 May 29 06:41 /etc/httpd/run/acpid.socket

srwxrwxrwx 1 root root 0 May 29 06:42 /etc/httpd/run/dbus/system_bus_socket

srwxrwxrwx 1 htt htt 0 May 29 06:42 /etc/httpd/run/iiim/.iiimp-unix/9010

srwxrwxrwx 1 canna canna 0 May 29 06:42 /etc/httpd/run/.iroha_unix/IROHA

Need these be of concern if httpd is not running? On the Web, I seem to be able to find only obscure references to irona, iiim, etc.

Thank you for any help,
John

ilikejam · 05-30-2008, 06:40 AM

You're OK - acpid.socket allows any app to gather ACPI events, and system_bus_socket allows apps to talk to each other over the system bus - both of these should be available to all users.

If you're not running httpd, then there's most likely nothing listening on the other two sockets. You can check with:

Code:

netstat -pan | egrep 'iiimp|IROHA'

.

Dave

mccartjd · 05-30-2008, 07:10 AM

Typed command netstat -pan | egrep 'iiimp|IROHA' and results are below:

unix 2 [ ACC ] STREAM LISTENING 8667 4463/htt_server /va r/run/iiim/.iiimp-unix/9010

unix 2 [ ACC ] STREAM LISTENING 8662 4475/cannaserver /va r/run/.iroha_unix/IROHA

Based on the above what are your first thoughts?

If I'm not using Apache webserver was considering uninstalling the Apache in hopes of removing the httpd directory therefore removing the world writable system "files". I'm very new to LINUX and wondered if removing Apache "httpd -k uninstall" if it will cleanly remove the httpd directory and respective files and result in no damaging reprocutins? Can I just place the files in a directory only accessed by root thereby general users can not access the files (IROHA, 9010, system_bus_socket, acpid.socket)

unSpawn · 05-30-2008, 07:37 AM

IIIM appears to be the "Internet/Intranet Input Method" server which Canna ties in to. if you don't write need Kanji etc input methods you could first try to remove iiim/canna and related packages.

seraphim172 · 05-30-2008, 04:09 PM

iiimp and IROHA are not needed by Apache/Httpd, so removing Apache will not affect these in any way. I have Apache running without iiimp and IROHA. I guess they are rather related to canna or something else.

Linux Archive

sundialsvcs · 05-30-2008, 06:58 PM

Notice the leading "s" in that directory-listing: this means that the entry is a socket.

Now... what's a socket? Well, it's a program-to-program communication port. It's possible for sockets to be denoted by these file-like entries in a directory, but they're not files. The "rwxrwxrwx" does not mean that it's really "a world-writeable file."

You'll also see an "l" (ell) in the first column... once again, a "symbolic link," not a file.

mccartjd · 06-02-2008, 05:58 AM

Great if this is a symbolic link then I will not change the permissions since the focus is on world-writeable file in the /etc directory.

Take care,
John