Hands-on lab – searching for SUID and SGID files

You can perform this lab on either of your virtual machines. You'll save the output of the find command to a text file. Let's get started:

  1. Search through the entire filesystem for all the files that have either SUID or SGID set before saving the output to a text file:
 sudo find / -type f -perm /6000 -ls > suid_sgid_files.txt
  1. Log into any other user account that you have on the system and create a dummy shell script file. Then, set the SUID permission on that file and log back out and into your own user account:
su - desired_user_account
touch some_shell_script.sh
chmod 4755 some_shell_script.sh
ls -l some_shell_script.sh
exit
  1. Run the find command again, saving the output to a different text file:
sudo find / -type f -perm /6000 -ls > suid_sgid_files_2.txt

  1. View the difference between the two files:
diff suid_sgid_files.txt suid_sgid_files_2.txt

That's the end of the lab – congratulations!

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.172.146