CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Check Out this Related Man Page
CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Hi, i have a file like this:
A1
kdfjdljfdkljfdlf
A2
lfjdlfkjddkjf
A3
***no hit***
A4
ldjfldjfdk
A5
***no hit***
A6
jldfjdlfjdlkfjd
I want to remove the lines "***no hit*** and their above line to get an output file like this: (11 Replies)
Not my story, but interesting enough to be worth posting here IMHO. (Original is here)
The following is the 500-mile email story in the form it originally appeared, in a post to sage-members on Sun, 24 Nov 2002.:
From trey@sage.org Fri Nov 29 18:00:49 2002
Date: Sun, 24 Nov 2002 21:03:02... (3 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hi gurus,
I have a weird requirement. I need to convert the number to english lecture.
I have 1.2 ....19 numbers
I need to convert to first second third fourth, fifth, sixth...
Is there any way convert it using unix command?
thanks in advance. (8 Replies)
Hi,
Humorous UNIX Commands shows a fun way of using echo and dc to sort of obfuscate a string.
% echo 'sasb3135071790101768542287578439snlbxq'|dc
GET A LIFE!
I am just wanting to know if there is a way to sort of use dc and echo to print out an obfuscated/garbled string instead... (3 Replies)
Hi All,
Having recently started a new job, a Data Center Migration in fact I have been tasked with looking at some of the older Solaris boxes when I came across this little gem.
nismas# uname -a
SunOS nismas 5.5.1 Generic_103640-27 sun4u sparc SUNW,Ultra-1
nismas# uptime
10:37am up 2900... (2 Replies)
For any SunOS 5.XX release, it appears prior to the "login:" prompt (as if a "uname" command is run).
Would anyone know where that initial display of SunOS release comes from upon a remote login and how I can stop if from displaying?
Thank you (4 Replies)
I am trying to remove each line in which $2 is FP or RFP. I believe the below will remove one instance but not both. Thank you :).
file
12
123 FP
11
10 RFP
awk
awk -F'\t' '
$2 != "FP"' file
desired output
12
11 (6 Replies)
Hi everybody,
Which Unix base OS have best performance for HOST virtualization?
I tested SmartOS but it needs another OS to connect remotely!
Thanks in advance. (11 Replies)
I have this file:
>ID1
AA
>ID2
TTTTTT
>ID-3
AAAAAAAAA
>ID4
TTTTTTGGAGATCAGTAGCAGATGACAG-GGGGG-TGCACCCC
Add I am trying to use this script to output sequences longer than 15 characters:
sed -r '/^>/N;{/^.{,15}$/d}'
The desire output would be this:
>ID4... (8 Replies)
Hi,
I am having contents in a file like below,
cat testfile
rpool/swap
rpool/swap14
rpool/swap2
rpool/swap3
I want to sort the above contents like,
rpool/swap
rpool/swap2
rpool/swap3
rpool/swap14
I have tried in this way, (7 Replies)
Morning All
So, I am starting looking into the world of UNIX for a new job (luckily not my primary function!) and I am looking to get stared. Like anything I seem to learn best by trying things out first in an environment but I have a key question:
Currently I use Oracle VirtualBox, can... (8 Replies)