On Sat, 2004-10-02 at 13:21, Paul W. Frields wrote: > On Fri, 2004-10-01 at 18:45, tuxxer wrote: > [...snip...] > > An html view of the doc, as well as ongoing developments (in html > > format), will still be available at the link below. Please provide > > direct feedback, criticisms, praise, jeers, etc. to the list, or my > > email off-list, if desired. > > > > http://members.cox.net/tuxxer > > Hi Charlie, you may want to change the bottom example in Section 2.1. > The way I read it, you are doing 64 (!!!) complete traversals of the > file system to find these files, when only one is necessary. Try > removing the "for" loops and doing instead: > > find / -perm +002 | tee -a world-writable-files.txt > > Keep in mind that this list will include a lot of /dev entries that > don't really indicate a problem (tty's and such), not to mention links. > You might want to declare that you do not want to look at block or > character special devices, or links, and just regular files and > directories. Although it's conceivable one might miss something glaring, > system hardening should probably be done before one is connected to the > Internet, and right after installation, so it's unlikely that skipping > these files would expose you to much risk. > > find / \( -type d -o -type f \) -perm +002 | tee -a world-writable.txt > > -- > Paul W. Frields, RHCE Much more elegant, and quite effective. Thanks. I've updated it in the html draft at http://members.cox.net/tuxxer, but I'm not going to submit a new tarball until I have more of Chapter 3 done (or completely done). Also, it was pointed out that I missed a step when uploading the tarball to the bug. I didn't select the MIME type. So, if you have any issues, the file is a gzipped-tarball in *.tgz format. Sorry, I'll get it next time. ;-) -Charlie -- -- tuxxer <tuxxer(a)cox(dot)net> <== tuxxer's gpg key fingerprint ==> 57EB F948 76AE 25BC E340 EFA9 FAF6 E1AC F1E1 1EA1
Attachment:
signature.asc
Description: This is a digitally signed message part
