|
UNIX Hints & Hacks |
 |
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
This is a way to check whether users have any suspicious files that can be used to compromise a system. It also shows whether there is anything the user is doing that goes against a corporate policy that has been put in place.
|
Note - Depending on how these commands are used and by whom, a person with access has the ability to abuse their privileges. |
Flavors: AT&T, BSD
Shells: All
Syntax:
find path-name-list [ expression ]
The following command can search a system for a filename and output the contents into a file to be viewed at a later date. From a security standpoint, key files can be passed in to the command to search for any users who are up to no good.
# find / -name .rhosts -print > /usr/local/admin/gotcha.txt # find / -name passwd -print >> /usr/local/admin/gotcha.txt # find / -name sulog -print >> /usr/local/admin/gotcha.txt
As you look at these commands, I'm sure you realize they are the find command in its simplest form. It merely searches the system starting at the root level. When it comes to finding the name of the word defined in the command to search for, it redirects the output of the path and name to a file. You probably use this nearly every day searching for regular files you misplaced, but it is still a powerful tool from the security side.
Flavors: AT&T, BSD
Syntax:
find path-name-list [ expression ]
Users who maintain history files of past commands that were executed can learn what other commands are used by users. They might think of some new UNIX hack that you don't have. This is, of course, an abuse of root powers, but you might also find out who is attempting to gain root access or probing around in the system.
# find / -type f -name .bash_history | xargs cat > /tmp/history.txt # find / -type f -name bookmarks.html | xargs grep -i xxx > /tmp/history.txt
These two lines are very powerful commands, I will touch more on these later in Chapter 6, "File Management." For now, these commands search for a file and, when it is found, display the contents or grep out a pattern.
This makes a good addition to any security sweeping programs or scripts that you can run throughout the systems to find suspicious files or data that users might have.
One of the most fun parts of being an administrator is hearing the boss say, "I need you to look into what this user is up to, because I might need to build a case against him." So, as part of my sweep, I run the simple find commands discussed-- Jackpot! You can find anything from pornographic material and spamming to boss-bashing. Try to read between the obvious simple commands and use it to your advantage, like I do here.
Man page:
find
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||
|
Chapter 3: Security |
|
||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.