 |
Index for
Section 1 |
|
 |
Alphabetical
listing for C |
|
 |
Bottom of
page |
|
ckfsec(1)
NAME
ckfsec - Check file and directory security
SYNOPSIS
ckfsec [-aeh] [-i flag...] [-mnsvw] directory [directory ...]
OPTIONS
-a "All" mode; has the same effect as a combination of -e, -v, and -w.
-e Explain mode; appends explanatory text to lines of the report.
-h Displays a usage message.
-i Suppresses reporting and checking as specified by one or more of the
following flags:
a Do not report in the summary whether Access Control Lists
(ACLs) are enabled on the system.
g Do not check for GID mismatches between a link and its target.
h Do not check for hardlinks (files with link count greater than
1).
m Do not check for symbolic links whose targets do not exist.
s Do not check for world-writable directories on which the sticky
bit is not set.
u Do not check for UID mismatches between a link and its target.
When specifying multiple flags, do not separate them by using spaces.
-m Restricts processing to files that are in the same file system as
directory.
-n Ignores file systems mounted through NFS.
-s Suppresses the summary lines that are otherwise included at the end of
the report. The summary lines report the total number of directories
that were processed, the number of world-writable directories that were
found, the total number of potential problems that were found, and
(unless the a flag is specified with -i) whether ACLs are enabled on
the system.
-v Verbose mode; includes in the report all files and directories that
were checked, not just those that have a potential problem.
-w Displays in the report the pathnames of all world-writable directories,
not just those found to be vulnerable.
If -w is not specified, the total count of world-writable directories
that were processed is included in summary lines at the end of the
report (unless -s is specified to omit the summary). This count always
includes all world-writable directories that were found, whether or not
they had the sticky bit set or contained vulnerable files.
OPERANDS
directory
The pathname of the top-level directory of the file tree to be checked.
A space-separated list of multiple pathnames may be specified to check
more than one tree.
DESCRIPTION
The ckfsec tool searches a directory tree for world-writable directories
and, in each of these, searches for and reports on the following potential
vulnerabilities:
· A symbolic link whose target has an owner or group different from the
link
· A symbolic link whose target does not exist
· A world-writable writable directory without the sticky bit set,
including the specified directory, if applicable
· A pipe
· A file with a link count greater than 1 (a file with "hard links")
Potential vulnerabilities are reported in the following format:
code type [uid] [gid] mtime file[ -> target] [explanatory_text]
In this format:
code
Indicates the problem. Each code value begins with W (warning) or E
(error) to indicate the severity, followed by one to three of the
following letters to indicate why file is potentially vulnerable:
g The GID of a symbolic link does not match the GID of its target.
This might mean that a nonprivileged user created a symbolic link
to point to a privileged file.
h The file has a link count greater than 1. This might mean that a
nonprivileged user created a hardlink that specifies a privileged
file.
m The symbolic link specifies a target that does not exist. This
might allow a nonprivileged user to trick a privileged process into
creating a privileged file. By itself, this condition is treated as
a warning.
p A pipe was found.
s The mode of the directory (if world-writable) is missing the sticky
bit.
u The UID of a symbolic link does not match the UID of its target.
This might mean that a nonprivileged user created a symbolic link
to point to a privileged file.
w The directory is world-writable, which allows nonprivileged users
to create links that can trick privileged programs into writing or
overwriting privileged files. A world-writable directory is
reported as a warning, unless its sticky bit is not set, in which
case the directory is reported as an error.
type
Specifies what file represents. Type identifiers are as follows:
d Directory
f Regular file (shown only if -v is specified)
h Hardlink
l Symbolic link
p Pipe
uid Identifies the owner (UID) of file.
gid Identifies the group (GID) of file.
mtime
Specifies the time that file was last modified.
file
Specifies the pathname of the file system object that is potentially
vulnerable.
-> target
If file is a symbolic link, specifies its target.
explanatory_text
Includes additional information about the potential problem. This
additional information is appended to report lines only if -e is
specified on the command line.
While traversing the specified directory tree, ckfsec does not process any
files found in secure subdirectories; however, the tool does process all
subdirectories.
The main body of the report that the tool produces lists files that are
potential vulnerabilities. If the -a or -v option is specified, the body of
the report lists all directories and files that were processed.
Unless the -s option is specified, the report ends with summary lines as
follows:
Total directories: count
World-writable dirs: count
Total problems: count
ACLs_statement
Unless omitted by the a flag for the -i option, ACLs_statement is one of
the following:
· This system has ACLs enabled. ACLs may introduce additional security
risks.
The ckfsec utility does not check ACLs. ACLs, depending on what they
contain, can either tighten or relax the security provided by
directory or file permissions alone. This informational message is
displayed to remind you that ACLs have not been checked and that you
should make sure that no world-writable directory has an ACL that
makes the system more vulnerable than it would be otherwise.
· ACLs are not enabled on this system.
This message is what you would expect if ACLs are not being used to
manage system security.
Note
ACL reporting is not supported for releases prior to Tru64 UNIX
Version 5.0A. If the ckfsec tool is installed and run on Tru64 UNIX
versions prior to Version 5.0A, ACLs_statement is not included in the
report.
The tool's report must be checked manually to determine whether any of the
files and directories identified as vulnerable represent an actual breach
of system security or are likely to be used in that way.
EXAMPLES
The following example shows a report from a ckfsec command that includes no
options:
# ckfsec /
Ews d 0777 0 0 2002/02/11 /tmp/one [1]
Eh h 0644 8941 0 2002/02/11 /tmp/backdoor [2]
Eg l 0777 8941 0 2002/02/11 /tmp/one/two/a.txt -> /home/brians/.profile [3]
Eu l 0777 0 0 2002/02/11 /tmp/one/two/three/a.txt -> /tmp/one/two/a.txt [4]
Eg l 0777 8941 0 2002/02/11 /tmp/one/two/a.txt -> /home/brians/.profile [5]
Eug l 0777 8941 33 2002/02/09 /tmp/README -> /etc/fstab [6]
Wm l 0777 8941 0 2002/02/09 /tmp/core -> /etc/nologin [7]
Total directories: 9
World-writable dirs: 5
Total problems: 7
ACLs are not enabled on this system.
In this example, the lines that start with error codes show the following:
[1] Reports a world-writable directory that does not have the sticky bit
set. The sticky bit prevents users (other than the directory owner, the
file owner, or the superuser) from deleting or renaming files in that
directory.
[2] Reports a file system object (in a world-writable directory) with a
link count greater than 1. The ls -i command might reveal, for example,
that backdoor is a hardlink to (has the same i-number as) the one
directory.
[3] Reports a GID mismatch.
[4] Reports a UID mismatch.
[4], [5]
Trace links two levels deep; therefore, Line 5 is indented accordingly.
These lines show that vulnerabilities are sometimes masked through
multiple links between different directories and files.
[6] Reports both a UID and GID mismatch. In this case, the link might cause
a privileged file to be overwritten.
[7] Reports a symbolic link to a file that does not currently exist. In
this case, the link target would be a problem if it were created in the
future.
SEE ALSO
Commands: dirclean(8)
Functions: mktemp(3), safe_open(3)
Others: sys_attrs_sec(5)
|
Index for
Section 1 |
|
|
Alphabetical
listing for C |
|
 |
Top of
page |
|