Bug #129957 Update (Fedora Hardening)
tuxxer at cox.net
Sat Oct 2 16:12:42 UTC 2004
On Sat, 2004-10-02 at 13:21, Paul W. Frields wrote:
> On Fri, 2004-10-01 at 18:45, tuxxer wrote:
> > An html view of the doc, as well as ongoing developments (in html
> > format), will still be available at the link below. Please provide
> > direct feedback, criticisms, praise, jeers, etc. to the list, or my
> > email off-list, if desired.
> > http://members.cox.net/tuxxer
> Hi Charlie, you may want to change the bottom example in Section 2.1.
> The way I read it, you are doing 64 (!!!) complete traversals of the
> file system to find these files, when only one is necessary. Try
> removing the "for" loops and doing instead:
> find / -perm +002 | tee -a world-writable-files.txt
> Keep in mind that this list will include a lot of /dev entries that
> don't really indicate a problem (tty's and such), not to mention links.
> You might want to declare that you do not want to look at block or
> character special devices, or links, and just regular files and
> directories. Although it's conceivable one might miss something glaring,
> system hardening should probably be done before one is connected to the
> Internet, and right after installation, so it's unlikely that skipping
> these files would expose you to much risk.
> find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt
> Paul W. Frields, RHCE
Much more elegant, and quite effective. Thanks. I've updated it in the
html draft at http://members.cox.net/tuxxer, but I'm not going to submit
a new tarball until I have more of Chapter 3 done (or completely done).
Also, it was pointed out that I missed a step when uploading the tarball
to the bug. I didn't select the MIME type. So, if you have any issues,
the file is a gzipped-tarball in *.tgz format. Sorry, I'll get it next
<== tuxxer's gpg key fingerprint ==>
57EB F948 76AE 25BC E340 EFA9 FAF6 E1AC F1E1 1EA1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/docs/attachments/20041002/859d5a7d/attachment.bin
More information about the docs