Linux安全配置步骤大全( 3)

    21. 被root拥有位
   
    移走那些被root拥有s位标志当然有些需要这个用命令‘chmod a-s’完成这个
   
    注:前面带(*)号那些般不需要拥有s位标志
   
    [root@deep]# find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls –lg {} \;
    -rwsr-xr-x 1 root root 33120 Mar 21 1999 /usr/bin/at
    *-rwsr-xr-x 1 root root 30560 Apr 15 20:03 /usr/bin/chage
    *-rwsr-xr-x 1 root root 29492 Apr 15 20:03 /usr/bin/gpasswd
    -rwsr-xr-x 1 root root 3208 Mar 22 1999 /usr/bin/disable-paste
    -rwxr-sr-x 1 root man 32320 Apr 9 1999 /usr/bin/man
    -r-s--x--x 1 root root 10704 Apr 14 17:21 /usr/bin/passwd
    -rws--x--x 2 root root 517916 Apr 6 1999 /usr/bin/suidperl
    -rws--x--x 2 root root 517916 Apr 6 1999 /usr/bin/sperl5.00503
    -rwxr-sr-x 1 root mail 11432 Apr 6 1999 /usr/bin/lockfile
    -rwsr-sr-x 1 root mail 64468 Apr 6 1999 /usr/bin/procmail
    -rwsr-xr-x 1 root root 21848 Aug 27 11:06 /usr/bin/crontab
    -rwxr-sr-x 1 root slocate 15032 Apr 19 14:55 /usr/bin/slocate
    *-r-xr-sr-x 1 root tty 6212 Apr 17 11:29 /usr/bin/wall
    *-rws--x--x 1 root root 14088 Apr 17 12:57 /usr/bin/chfn
    *-rws--x--x 1 root root 13800 Apr 17 12:57 /usr/bin/chsh
    *-rws--x--x 1 root root 5576 Apr 17 12:57 /usr/bin/grp
    *-rwxr-sr-x 1 root tty 8392 Apr 17 12:57 /usr/bin/write
    -rwsr-x--- 1 root squid 14076 Oct 7 14:48 /usr/lib/squid/pinger
    -rwxr-sr-x 1 root utmp 15587 Jun 9 09:30 /usr/sbin/utempter
    *-rwsr-xr-x 1 root root 5736 Apr 19 15:39 /usr/sbin/usernetctl
    *-rwsr-xr-x 1 root bin 16488 Jul 6 09:35 /usr/sbin/traceroute
    -rwsr-sr-x 1 root root 299364 Apr 19 16:38 /usr/sbin/sendmail
    -rwsr-xr-x 1 root root 34131 Apr 16 18:49 /usr/libexec/pt_chown
    -rwsr-xr-x 1 root root 13208 Apr 13 14:58 /bin/su
    *-rwsr-xr-x 1 root root 52788 Apr 17 15:16 /bin/mount
    *-rwsr-xr-x 1 root root 26508 Apr 17 20:26 /bin/umount
    *-rwsr-xr-x 1 root root 17652 Jul 6 09:33 /bin/ping
    -rwsr-xr-x 1 root root 20164 Apr 17 12:57 /bin/login
    *-rwxr-sr-x 1 root root 3860 Apr 19 15:39 /sbin/netreport
    -r-sr-xr-x 1 root root 46472 Apr 17 16:26 /sbin/pwdb_chkpwd
    [root@deep]# chmod a-s /usr/bin/chage
    [root@deep]# chmod a-s /usr/bin/gpasswd
    [root@deep]# chmod a-s /usr/bin/wall
    [root@deep]# chmod a-s /usr/bin/chfn
    [root@deep]# chmod a-s /usr/bin/chsh
    [root@deep]# chmod a-s /usr/bin/grp
    [root@deep]# chmod a-s /usr/bin/write
    [root@deep]# chmod a-s /usr/sbin/usernetctl
    [root@deep]# chmod a-s /usr/sbin/traceroute
    [root@deep]# chmod a-s /bin/mount
    [root@deep]# chmod a-s /bin/umount
    [root@deep]# chmod a-s /bin/ping
    [root@deep]# chmod a-s /sbin/netreport
   
    你可以用下面命令查找所有带s位标志:
   
    [root@deep]# find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;
   
    >; suid-sgid-results
   
    把结果输出到文件suid-sgid-results中
   
    为了查找所有可写文件和目录用下面命令:
   
    [root@deep]# find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; >; ww-files-results
   
    [root@deep]# find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; >; ww-directories-results
   
    用下面命令查找没有拥有者文件:
   
    [root@deep]# find / -nouser -o -nogroup >; unowed-results
   
    用下面命令查找所有.rhosts文件:
   
    [root@deep]# find /home -name .rhosts >; rhost-results
   
    建议替换常见网络服务应用
   
    WuFTPD
   
    WuFTD从1994年就开始就不断地出现安全漏洞黑客很容易就可以获得远程root访问(Remote Root Access)权限而且很多安全漏洞

延伸阅读