Top Ten Security Threats

I came across the following vulnerability breakdowns while reading through Richard’s BLOG:

Top Vulnerabilities in Cross-Platform Applications

        * C1. Backup Software
        * C2. Anti-virus Software
        * C3. PHP-based Applications
        * C4. Database Software
        * C5. File Sharing Applications
        * C6. DNS Software
        * C7. Media Players
        * C8. Instant Messaging Applications
        * C9. Mozilla and Firefox Browsers
        * C10. Other Cross-platform Applications

Most hosts are equipped with backup and anti-virus solutions, so this list is amusing and at the same time extremely scarey. Yikes!

Locating setuid and setgid files

One unnerving thing about UNIX Operating Systems is the number of setuid and setgid root binaries. These binaries run with root privileges, and are often the first binaries examined by individuals wishing to escalate privileges on a system. To keep tabs on setuid and setgid files, the following find(1) statement can be run periodically:

$ find / -type f \( -perm -2000 -o -perm -4000 \) | sort

This will find and sort all binaries with the setuid or setgid bit set. The output can be stored in a secure location, and periodically compared (with a trusted kernel and version of find) with the current set of binaries on a server. While not foolproof, it is definitely better that nothing. :)