forked from konstruktoid/hardening
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suid
35 lines (31 loc) · 965 Bytes
/
suid
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
function f_suid {
echo "[$SCRIPT_COUNT] Remove suid bits"
if ! [ -f ./misc/suid.list ]; then
echo "The list with SUID binaries can't be found."
else
while read -r suid; do
file=$(command -v "$suid")
if [ -x "$file" ]; then
if stat -c "%A" "$file" | grep -qi 's'; then
if [[ $VERBOSE == "Y" ]]; then
echo "$file"
fi
fi
chmod -s "$file"
oct=$(stat -c "%A" "$file" | sed 's/s/x/g')
ug=$(stat -c "%U %G" "$file")
dpkg-statoverride --remove "$file" 2> /dev/null
dpkg-statoverride --add "$ug" "$oct" "$file" 2> /dev/null
fi
done <<< "$(grep -E '^[a-zA-Z0-9]' ./misc/suid.list)"
fi
while read -r suidshells; do
if [ -x "$suidshells" ]; then
chmod -s "$suidshells"
if [[ $VERBOSE == "Y" ]]; then
echo "$suidshells"
fi
fi
done <<< "$(grep -v '^#' /etc/shells)"
((SCRIPT_COUNT++))
}