User Tools

Site Tools


linux:security

Disable Useless SUID and SGID Commands

Find

find /  -path /proc -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

Unset UID

chmod u-s /path/to/binary_file

Unset GID

chmod g-s /path/to/binary_file


Find World-Writeable Files

find / -path /proc -prune -o -perm -2 ! -type l –ls

Mount data partitions

Block execution of programs, device files or setuid bit

/dev/sda5 	 /nas          ext4    defaults,nosuid,nodev,noexec 1 2

To prevent privilege-escalation and arbitrary script execution create a separate partition for /tmp and mount it as nosuid, nodev and noexec.

/dev/sda6  	/tmp         ext4    defaults,nosuid,nodev,noexec 0 0

Disable Ctrl+Alt+Del

# systemctl mask ctrl-alt-del.target
linux/security.txt · Last modified: 2016/09/08 12:07 by Jan Forman