LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   World Writeable System Files (https://www.linuxquestions.org/questions/linux-newbie-8/world-writeable-system-files-645805/)

mccartjd 05-30-2008 06:08 AM
World Writeable System Files
 
Hello,

As part of a security lockdown procedure, I need to account for many of the world writable system files on an installation.

These files in question here are:

srw-rw-rw- 1 root root 0 May 29 06:41 /etc/httpd/run/acpid.socket

srwxrwxrwx 1 root root 0 May 29 06:42 /etc/httpd/run/dbus/system_bus_socket

srwxrwxrwx 1 htt htt 0 May 29 06:42 /etc/httpd/run/iiim/.iiimp-unix/9010

srwxrwxrwx 1 canna canna 0 May 29 06:42 /etc/httpd/run/.iroha_unix/IROHA

Need these be of concern if httpd is not running? On the Web, I seem to be able to find only obscure references to irona, iiim, etc.

Thank you for any help,
John:confused:

ilikejam 05-30-2008 06:40 AM
You're OK - acpid.socket allows any app to gather ACPI events, and system_bus_socket allows apps to talk to each other over the system bus - both of these should be available to all users.

If you're not running httpd, then there's most likely nothing listening on the other two sockets. You can check with:
Code:
netstat -pan | egrep 'iiimp|IROHA'
.

Dave

mccartjd 05-30-2008 07:10 AM
Typed command netstat -pan | egrep 'iiimp|IROHA' and results are below:


unix 2 [ ACC ] STREAM LISTENING 8667 4463/htt_server /va r/run/iiim/.iiimp-unix/9010

unix 2 [ ACC ] STREAM LISTENING 8662 4475/cannaserver /va r/run/.iroha_unix/IROHA

Based on the above what are your first thoughts?

If I'm not using Apache webserver was considering uninstalling the Apache in hopes of removing the httpd directory therefore removing the world writable system "files". I'm very new to LINUX and wondered if removing Apache "httpd -k uninstall" if it will cleanly remove the httpd directory and respective files and result in no damaging reprocutins? Can I just place the files in a directory only accessed by root thereby general users can not access the files (IROHA, 9010, system_bus_socket, acpid.socket)

unSpawn 05-30-2008 07:37 AM
IIIM appears to be the "Internet/Intranet Input Method" server which Canna ties in to. if you don't write need Kanji etc input methods you could first try to remove iiim/canna and related packages.

seraphim172 05-30-2008 04:09 PM
iiimp and IROHA are not needed by Apache/Httpd, so removing Apache will not affect these in any way. I have Apache running without iiimp and IROHA. I guess they are rather related to canna or something else.

Linux Archive

sundialsvcs 05-30-2008 06:58 PM
Notice the leading "s" in that directory-listing: this means that the entry is a socket.

Now... what's a socket? Well, it's a program-to-program communication port. It's possible for sockets to be denoted by these file-like entries in a directory, but they're not files. The "rwxrwxrwx" does not mean that it's really "a world-writeable file."

You'll also see an "l" (ell) in the first column... once again, a "symbolic link," not a file.

mccartjd 06-02-2008 05:58 AM
Great if this is a symbolic link then I will not change the permissions since the focus is on world-writeable file in the /etc directory.

Take care,
John


All times are GMT -5. The time now is 04:38 PM.