Ask a Question related to Linux / Unix Administration, Design and Development.
-
Kevin Collins #1
Necessary world-writable files/directories
Hi,
I've got a list of world-writable files and directories that exist on ALL
my HP-UX systems. There are a few which I suspect may be needed for normal
operations, however since we ignite all of our systems from the same image, its
possible that some of these have been wrong "forever" in our environment.
If you can shed any light on these, I would greatly appreciate it.
/opt/apache/logs
/opt/tomcat/logs
/opt/tomcat/work
/var/X11/Xserver/logs
/var/adm/automount.log
/var/adm/streams
/var/dmi/socket/dmispSocket
/var/news
/var/obam/translated
/var/opt/common
/var/opt/omni/log
/var/opt/perf/datafiles/.perflbd.socket
/var/preserve
/var/rbootd
/var/spool/pwgr/daemon
/var/spool/uucppublic
/var/stm/config/tools/exercise/hosts.cfg
/var/stm/logs/ui_activity_log
Thanks,
Kevin
Kevin Collins Guest
-
Message "Insecure world writable dir ..."
When File.popen() is passed an executable whose path contains a world writable directory, it produces a warning message. While I think this is a... -
Upload files and directories
I am in dire need of a script that will upload everything from one server to another one that I can cron. Right now I have to do it by hand and... -
[PHP] Purging old files from directories
Thank you :) On 8/1/03 10:06 AM, "Marek Kilimajer" <kilimajer@webglobe.sk> wrote: -
[PHP] SquirrelMail + Writable Directories
|-----Original Message----- |From: Jasper Bryant-Greene |Sent: Monday, July 14, 2003 12:14 AM |To: php-general@lists.php.net |Subject: ... -
SquirrelMail + Writable Directories
My question is simple - I want to install Squirrelmail on my webserver, but I can't chmod or chown the data directory. Is there any way to stop... -
Ronald D. Morley #2 Re: Necessary world-writable files/directories
Kevin Collins on Friday 14 May 2004 14:43 using recycled electrons
wrote:
Hi Kevin,> Hi,
>
> I've got a list of world-writable files and directories that exist on
> ALL my HP-UX systems. There are a few which I suspect may be needed
> for normal operations, however since we ignite all of our systems from
> the same image, its possible that some of these have been wrong
> "forever" in our environment.
>
> If you can shed any light on these, I would greatly appreciate it.
>
> /opt/apache/logs
> /opt/tomcat/logs
> /opt/tomcat/work
> /var/X11/Xserver/logs
> /var/adm/automount.log
> /var/adm/streams
> /var/dmi/socket/dmispSocket
> /var/news
> /var/obam/translated
> /var/opt/common
> /var/opt/omni/log
> /var/opt/perf/datafiles/.perflbd.socket
> /var/preserve
> /var/rbootd
> /var/spool/pwgr/daemon
> /var/spool/uucppublic
> /var/stm/config/tools/exercise/hosts.cfg
> /var/stm/logs/ui_activity_log
>
> Thanks,
>
> Kevin
It's been a while since I've worked with HP-UX, though I don't think
this is an HP-UX specific issue per se. AFAIK none of the log files
should be world writable. They should be writable only by the
application that owns them and should have perms 750. You don't want
world writable logs as they are your main way of detecting and tracing
possible cracking activity.
Likewise, the pwgr/daemon should be writable only by its owner. I
don't recall for certain, but I believe that this daemon can safely
have 750 perms also. It should definitely not be world writable as
that introduces a possible backdoor/trojan to anyone who can compromise
it. That holds true for executables in general; keep their perms as
tight as possible and never grant the world write access to them.
HTH,
Ron
--
Little known facts: the dirtiest words used on television during the
1950's were uttered by June Cleaver.
"Gee, Ward, weren't you a little hard on the Beaver last night?"
GnuPG key available at: pgp.mit.edu
Ronald D. Morley Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
