Linux – world-writable file analysis linux question

linuxSecurity

I am trying to secure a linux Ubuntu box and I am no expert. I am following guidance available on the net.

Section 15.2 discusses world-writable files. The following command

find / -type f -perm -o+w -exec ls -l {} \;

returns a long list of files all located under /proc.

My question is: is this a good or a bad thing regarding security? Should I do something about these files?

Thanks!

Best Answer

The short answer is there's nothing you can do about it, so don't worry about it.

Files under /proc are generated automatically, and aren't "real" files. They are pointers to various OS settings and resources. You'll probably notice they all have a length of 0 as well.

You can safely ignore these.

Related Solutions

Linux – Security: world readable logs/configurations/directories on linux

You may want to dig a little deeper before 'fixing' this and make sure your changes are fully thought-out. Of the files you mentioned:

I happen to know that /etc/passwd has to be readable for any number of programs (ls) to access user name information in standard configurations. Nothing in /etc/passwd is secret or privileged on any modern machine as that's what the shadow files are for, or the secrets are hosted on the network via LDAP, Kerberos or some other such thing.

I'm less sure about the other two. cron runs as the user whose jobs it is executing, so it probably needs to be able to read that file as any user who can run cron. Any user on an average system can run last,w to see recent and current logins (read from lastlog and wtmp, afair), and so these files are readable. You may certainly remove those commands, or user access to them, and then you might want to change the perms on the files or remove them altogether, once you are quite certain they are not used.

The Securing Debian Manual may be able to answer more of these questions for you or explain things better. Although it is not actively maintained it is still quite good. Other distros have similar resources.

Linux – How to run a server on port 80 as a normal user on Linux

Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.

The long answer: you can redirect connections on port 80 to some other port you can open as normal user.

Run as root:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

EDIT: as per comment question - to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

Best Answer

Related Solutions

Linux – Security: world readable logs/configurations/directories on linux

Linux – How to run a server on port 80 as a normal user on Linux

Related Topic