Full Disclosure mailing list archives
Re: New RFID Mailing List Owner 0day
From: nocfed <nocfed () gmail com>
Date: Fri, 28 Sep 2007 12:47:07 -0500
On 9/28/07, full-disclosure () hushmail com <full-disclosure () hushmail com> wrote:
#!/bin/sh # # Secure v9.3.1b # This is to be used on a NEW install only! # This script will go through your box and lock the inside down. # Copyright audit () radiusnet net | munge () attrition org, (munge () radiusnet net) # Thanks to jericho from attrition for pointing out some issues with it. # This script was done thanks to A LOT of alcohol and sleepless nights thinking about # how things can be changed to make it faster and set the perms correctly. # This script was created for use on Slackware! "As if there's any better disto" # If can be used on other versions of Linux. # Ensure that you are uid 0 (root) set `id` if [ $1 != "uid=0(root)" ]; then echo "You MUST be root to run this script!" exit 5 fi # Change the perms for /etc chmod 711 /etc echo "/etc Perms changed" sleep 3 # Change the perms for /tmp and /var/tmp chmod 1733 /tmp chmod 1733 /var/tmp echo "All *tmp* Perms changed" sleep 3 echo "Now we start the fun dir's. The following are the most important!!" # Start on the *bin* directories cd /bin chmod 510 * | chown root.users * chmod 500 umount mount telnet chmod 511 ls dircolors date false true uname login chmod 4510 ping chown root.staff ping chown root.root su chmod u+s su echo "/bin directory is complete" sleep 3 # Now we start on the /usr/sbin directory cd /usr/sbin chmod 510 * | chown root.users * chmod u+s sendmail chmod 500 ttysnoop echo "/usr/sbin dir is complete" sleep 3 # Start /usr/bin cd /usr/bin chmod 510 * | chown root.users * chmod u+s passwd chmod 4510 traceroute chown root.staff traceroute echo "/usr/bin dir is complete" sleep 3 # Make changes in /etc cd /etc chmod 600 inetd.conf echo "Perms changed in /etc" sleep 3 # Make a backup of the original syslog.conf and install a better logging one in it's place. cd /root mv /etc/syslog.conf /etc/syslog.bak cp /root/slack/syslog.conf /etc killall -HUP syslogd echo "syslog.conf updated" sleep 3 # Tighten up the log file perms now cd /var/log chmod 600 syslog log.auth log.cron log.daemon log.kern log.mail log.mark log.syslog chmod 600 log.user messages ftp.log secure.log chown root.wheel syslog log.auth log.cron log.daemon log.kern log.mail log.mark log.syslog chown root.wheel log.user messages ftp.log secure.log echo "Log files secured" sleep 3 # Check for SUID files cd /root echo "Now checking for SUID files" find / \( -perm -4000 -o -perm -2000 ! -type d \) -exec ls -ldb {} \; >> suid-results echo "Check in /root for a file called suid-results and you will have a list of what still" echo "has the SUID bit" sleep 3 echo "#######################################################" echo "Congratulations, your box is now more secure!" echo "Be sure to add the users to the appropriate groups" echo "Make sure you go through and double check the perms!!" echo "This was made to make things quicker but you still should" echo "double check the perms!!" echo "MAKE SURE YOU ADD USERS THAT YOU WANT TO BE ABLE TO SU TO ROOT" echo "TO THE ROOT AND WHEEL GROUPS OR THEY WON'T BE ABLE TO!!!!!!." echo "Make sure ALL your users are listed in /etc/groups on the users line" echo "or they will be doing alot of bitching" echo "Once modified, reboot your system to enable all changes" echo "This is NOT a full blown security script, so don't expect" echo "your box to be 100% locked down after running it." echo "It was created to help speed things up!!" echo "#######################################################"
Woohoo! You now have a non multi-user system! Comparing a string for the UID? Why? Expecting TMPDIR to only be those two locations? Why? Breaking many programs by setting TMPDIR to not be listed by group and other? Why? Expecting ``users'' and ``staff'' groups? Why? Mixing symbolic and octal chmods? Why? Not using functions? Why? Expecting your binaries to be in a static location? Why? Sleeps? Why? 5,000 echo's? Why? Piping chmod into chown? Why? Globbing entire directories? Why? Using -exec in find? Why? hints: id -u $TMPDIR getent group $GROUPNAME Use only octals no hint needed. just use them. which || whereis - walk through list and read don't use them cat <<_EOF_ what? find . -maxdepth 1 -type f find / \( ... \) -ls _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New RFID Mailing List Owner 0day full-disclosure (Sep 28)
- Re: New RFID Mailing List Owner 0day nocfed (Sep 28)
- Re: New RFID Mailing List Owner 0day Jeffrey Denton (Sep 29)