find / -perm -4000 -o -perm -2000 > suid.. help with bash script to run nightly.?

Question

help me with this this problem. so far i have "find / -perm -4000 -o -perm -2000 | xargs ls -l > suild.list" argument that i want to write as a bash script.

I would like to write this as a bash script and be be able to run this nightly everyday. But im not familiar with the unix scripting language.

for crontab job, i need to write as * 24 * * *? I think? but i'm having trouble writing as a script.

24 might work, but I would put a zero there. – Dennis Williamson Feb 05 '10 at 03:03 — Dennis Williamson, Feb 05 '10 at 03:03

score 1 · Answer 1 · answered Feb 05 '10 at 03:07

It's not necessary to use xargs in this case. Just use -ls with find.

#!/bin/bash
find / -perm -4000 -o -perm -2000 -ls > suild.list

If you want to mail it and log it by appending to the file:

#!/bin/bash
find / -perm -4000 -o -perm -2000 -ls | tee -a suild.list

score 0 · Answer 2 · answered Feb 05 '10 at 02:19

Your command is already a bash script.

You would need to add a header:

#!/usr/bin/env bash

And you would need to set the executable (+x) bit on the script.

If you wanted to mail the results out to the administrator, you could remove the redirect to suild.list at the end.

score 0 · Answer 3 · edited Jun 11 '20 at 10:02

!/bin/bash

find / -perm -4000 -o -perm -2000 -ls | tee -a suild.list

How can i use an if / else statement with this if wanted to create the full script. e.g. i wanted to say if this suild.list file does not exist, then use the find command to generate the new suid or else use the find / -perm -4000 -o -perm -2000 -ls | tee -a suild.list argument and compare the changes if any new suid has been created. for security reasons.

score 0 · Answer 4 · answered Feb 08 '10 at 06:23

It sounds like you don't so much as want a full list each time the script is run but rather a list of any new/uknown files that are set suid/guid. If that's so then:

Get a list of current results:

# find / -path '/proc' -prune -perm -4000 -o -perm -2000
/usr/bin/write
/usr/bin/wall
/usr/bin/crontab
/usr/bin/locate
/usr/bin/ssh-agent

Create a shell script that find and compares the results to the previous list. The list is just a variable in the script. You could have it be it's own file though.

#!/bin/bash

approved="
/usr/bin/write
/usr/bin/wall
/usr/bin/crontab
/usr/bin/locate
/usr/bin/ssh-agent
"

results=$(/usr/bin/find / -path '/proc' -prune -perm -4000 -o -perm -2000)

for line in $results; do
    if ! echo -n $approved | /bin/grep -q $line; then
        ls -a $line
    fi
done

Result when new file shows up:

# ./suid_check.sh 
/sbin/netreport

Throw it in cron and configure cron to email STDOUT.

find / -perm -4000 -o -perm -2000 > suid.. help with bash script to run nightly.?

4 Answers4

!/bin/bash