Binaries

Finding setuid binaries on Linux and BSD

To perform a basic audit of the binaries on your system, we can search for setuid binaries. Finding these setuid binaries is easy with the find command.

Summary of Finding setuid binaries on Linux and BSD

Why setuid? Binaries with the setuid bit enabled, are being executed as if they were running under the context of the root user. This enables normal (non-privileged) users to use special privileges, like opening sockets. While this seems unnecessary for a normal user, it is actually needed for simple commands like ping. Finding files with setuid bit To discover all files with the setuid bit, we can use the find command.

Read the full article…

PCI DSS (v3) Linux: No write access to shared system binaries (A.1.2.c)

PCI compliance (A.1.2.c) demands that no write access is allowed to shared system binaries. For this to test we can use several tools to determine if write access is allowed.

Summary of PCI DSS (v3) Linux: No write access to shared system binaries (A.1.2.c)

A.1.2.c Verify that an entity’s users do not have write access to shared system binaries Shared system binaries should be protected, as they form the basis of your system. PCI compliance (A.1.2.c) demands that users do not have write access to shared systems binaries. The only exception is of course the root user, so software upgrades are still possible. Paths for system binaries Depending on the distribution used there are several directories which have shared system binaries.

Read the full article…