It is very possible that your Linux server has more packages installed than your really need. To make it worse, those extra packages may contain handful of binaries with setuid and setguid turned on. This can lead to unnecessary risk as it could be just a matter of time that some of your shell users exploits this vulnerabilities to get a root privileges.

The following command creates a list of all executables on your system with setuid and setgid.

find / * -perm +6000 -type f -exec ls -ld {} \; > setugid.txt

Review setugid.txt list carefully and remove "s" bits from binary with:

# chmod a-s /path/to/binary/file

Please keep in mind that you do not have to ( or should not ) remove setuid and setgid from all binaries you find. You should start only with binaries which are not in use. By removing setuid and setgid from a executable binary file you do not render this executable unusable, however, only superuser will be able to put these binaries into action by executing them.

Free Linux eBooks

Do you have the right skills?

Our IT Skills Watch page reflects an up to date IT skills demand leaning towards the Linux and Unix environment. We have considered a number of skills and operating systems.

See the result...

Linux Online Training

Learn to run Linux servers and prepare for LPI certification with Linux Academy. 104 available video lessons with PDF course notes with your own server!

Go to top