On Sun, Jul 26, 2009 at 07:32:36PM -0400, Steve Grubb wrote:
> echo "Hardening files..."
> find / -type f -perm /00700 -a -uid 0 -exec chmod u-wrx {} \; 2>/dev/null
> find / -type f -perm /00070 -a -gid 0 -exec chmod g-wrx {} \; 2>/dev/null
> echo "Hardening directories..."
> find / -type d -perm /00200 -a -uid 0 -exec chmod u-w {} \; 2>/dev/null
> find / -type d -perm /00020 -a -gid 0 -exec chmod g-w {} \; 2>/dev/null
> echo "Correcting a couple things..."
> find /sbin -type f -perm /00000 -a -uid 0 -exec chmod u+x {} \; 2>/dev/null
> find /usr/sbin -type f -perm /00000 -a -uid 0 -exec chmod u+x {} \; 2>/dev/null
>
> This project also plans to set the permissions for /etc/shadow and
> /etc/gshadow to 0000 so that daemons running as root, but without DAC_OVERRIDE
> cannot read the shadow file. Login, [gkx]dm, and sshd will still have
> DAC_OVERRIDE or this wouldn't work.
>
> Does a system running like this still work? Yes it does. But there is still
F10 does not work with this setup here:
$ sudo -i
sudo: /etc/sudoers is mode 00, should be 0440
sudo: no valid sudoers sources found, quitting
Regards
Till
Attachment:
pgpkopKTqKGyn.pgp
Description: PGP signature