Unix/Linux Go Back    


Linux 2.6 - man page for check-setuid (linux section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


CHECKSECURITY(8)								 CHECKSECURITY(8)

NAME
       checksecurity - check for changes to setuid programs

SYNOPSIS
       checksecurity

DESCRIPTION
       The  checksecurity  command scans the mounted files systems (subject to the filter defined
       in /etc/checksecurity.conf) and compares the list of setuid programs to the  list  created
       on the previous run. Any changes are printed to standard output. Also, it generates a list
       of nfs and afs filesystems that are mounted insecurely (i.e. they are  missing  the  nodev
       and either the noexec or nosuid flags).

       checksecurity   is   run   by   cron   on   a  daily  basis,  and  the  output  stored  in
       /var/log/setuid/setuid.changes.

CONFIGURATION
       The checksecurity.conf file defines several configuration variables: CHECKSECURITY_FILTER,
       CHECKSECURITY_NOFINDERRORS,    CHECKSECURITY_NONFSAFS,	CHECKSECURITY_EMAIL,   CHECKSECU-
       RITY_DEVICEFILTER, CHECKSECURITY_PATHFILTER, and LOGDIR.  Each is described below.

       The CHECKSECURITY_FILTER environment variable which is the argument of 'grep -vE'  applied
       to the output of the mount command. In other words, the value of CHECKSECURITY_FILTER is a
       regular expression that removes matching lines  from  those  file  systems  that  will  be
       scanned.  The  default  value removes all file systems of type proc, bind, msdos, iso9660,
       ncpfs, nfs, afs, smbfs, auto, ntfs, coda file systems, anything mounted on /dev/fd*,  any-
       thing mounted on /mnt or /amd, and anything mounted with option nosuid or noexec.

       The  checksecurity.conf	file  is  sourced from checksecurity, so you could do some fairly
       tricky things to define CHECKSECURITY_FILTER.

       The CHECKSECURITY_NOFINDERRORS environment variable, if set to the  literal  "TRUE",  dis-
       ables find errors from checksecurity (actually, it re-routes them to /dev/null ).

       The  CHECKSECURITY_NONFSAFS  environment  variable, if set to the literal "TRUE", disables
       the message about nfs and afs file systems that are mounted without the nodev  and  either
       the noexec or nosuid options.

       If  set, the CHECKSECURITY_EMAIL variable defines who is sent a copy of the setuid.changes
       file.

       The CHECKSECURITY_DEVICEFILTER variable specifies a find clause for which  matching  block
       and  character device files will not be monitored for changing owners and permissions. For
       example, if you don't want to check for permission changes on  tty  device  files  beneath
       /dev, you could set the following:

	      CHECKSECURITY_DEVICEFILTER='-path /dev/tty*'

       Note  that any added or modified suid programs under that path would still be detected. If
       you want to specify multiple expressions, separate them with '-o', but there is no need to
       surround the whole clause with parentheses. To disable this filter, specify it as '-false'
       (which is the default).

       Note that if the system gets restarted often checksecurity will report a lot of changes in
       the  /dev/ subdirectory due to timestamp changes. In this case you might want to change it
       to:

	      CHECKSECURITY_DEVICEFILTER='-path /dev/'

       The CHECKSECURITY_PATHFILTER variable specifies a find clause which will  be  pruned  from
       the  search  path.   This means that the entire subtree will be completely skipped.  Thus,
       specifying

	      CHECKSECURITY_PATHFILTER='-path /var/ftp'

       then the entire /var/ftp tree will be skipped. To  disable  this  filter,  specify  it  as
       '-false' (which is the default).

       LOGDIR  sets  the  name of the directory which stores the files which track the permission
       and ownership changes. By default, they are in /var/log/setuid.

FILES
       /etc/checksecurity.conf
	      checksecurity configuration file

       /var/log/setuid/setuid.today
	      setuid files from the most recent run

       /var/log/setuid/setuid.yesterday
	      setuid files from the previous run

Debian Linux				 2 February 1997			 CHECKSECURITY(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 11:44 AM.