As a system administrator you use the find
command
to locate suspicious files.
These are files whose presence indicates something is wrong.
Some attributes that make a file suspicious include:
/dev
/bin
Additionally after an update of system software you may
locate files with
or
.rpmnew
extensions.
These need to be examined so that the associated service
configuration can be updated correctly.
.rpmsaved
Not all suspicious files indicate a problem!
For example it is common for some files to be
word-writable, including symlinks and
certain directories (such as /tmp
)
that have the sticky (or text) bit set.
Directories and database files often have the
setGID set, and so on.
What is needed is that the System Administrator examine these
to make sure they don't indicate problems.
Write a find
command (or pipeline) that searches
mounted disks looking for suspicious files and reporting
their pathnames.
Be sure not to include non-Unix/Linux filesystems
in your search; that is, skip /proc
and other
fake
filesystems, any removable media, any Windows
partitions, and any remotely mounted filesystems (such as
NFS or Samba shares).
Correctly skipping non-suspicious files is worth 50%. Each of the suspicious file indicators listed above that you actually test for correctly are worth 5% each.
Please review the find command tutorial resource from our class web page.
You should also review the filesystem Hierarchy Standard to determine the likely contents of standard directories.
A while-list of previously found suspicious files that turned out to be all right, and having the script skip them would make the reports better. Of course you than need to manage (add new entries to the list, delete entries from the list when the file is changed or deleted) and secure the white-list itself from modification (say by a digital signature). This is not easy to get right and is not a requirement for this project.
A copy of your command/pipeline/script.
You can send as email to . Please see your syllabus for more information about submitting projects.