| pinga123 |
10-22-2010 04:38 AM |
Need to remove Group write permission .
How would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days.
This is what i got from internet souce but i m not able to modify it according to my distribution.
find /etc -perm -0070 -a -mtime +X ! -type l ?print
Here is the exact statement from link i m referring to.
Quote:
#
2.6 Group Write Permissions
By default many of the files and directories in the LINUX Operating System come with the group-write permission bit enabled allowing the group members to write to the object yet this functionality is rarely required. The group write bit should removed from all operating system files or directories that do not explicitly require it to be enabled.
# Risks: Unintentional or Malicious alteration of critical OS files may leave the system vulnerable to exploitation impacting data confidentiality, integrity or availability.
# Compliance:
+ ISO 17799 Policy: 9.6.1
+ DISA STIG Section: 3.5
# Requirements:
A search of an atypical LINUX box using the find command can identify all files with world write permissions where the atime or mtime have not been updated since the operating system was installed. These files can have their group write permissions safely removed.
For example the following command can find all the objects under the root directory that have group write permission enabled and have not been accessed in the last X days:
find /etc -perm -0070 -a -mtime +X ! -type l ?print
Assuming X is the number of days since the OS was installed then the objects this command identifies can safely have the group write bit disabled.
Note the " ! -type l " is needed to eliminate sym links for since they always have perms 777 this will eliminate false positives.
|
I m getting following error.
Quote:
# find /etc -perm -0070 -a -mtime 4 ! -type l ?print
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression]
|
|
