Make your Linux server safer: remove SUID/SGID root settings from binaries

First let’s refresh some definitions…set user ID (SUID)

The SUID permission causes a script to run as the user who is the owner of the script, rather than the user who started it. It is normally considered extremely bad practice to run a program in this way as it can pose many security problems.

set group ID (SGID)

The SGID permission causes a script to run with its group set to the group of the script, rather than the group of the user who started it. It is normally considered extremely bad practice to run a program in this way as it can pose many security problems.

Latest versions of the #Linux kernel will even prohibit the running of shell scripts that have SGID/SUID attribute set.

Use of the SUID bit on binaries (to run with root privileges, aka ”setuid bit”) MUST be limited to those shown in
the following list:

/bin/ping
/bin/su
/usr/bin/at
/usr/bin/chage
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/passwd

The other binaries that were installed with the SUID bit set MUST have this bit removed. Administrators can still run
these binaries normally, but they are not available for ordinary users. There are also a number of SGID ﬁles on the system that are needed, it may depending on the number of tools, or your distribution. Use Google and query the web for the right list 😉

Similarly, the SGID bit MUST NOT be used to give group ”root” privileges to any binary.
To generate a list of all SUID/SGID programs on the system simply run the following command:

# find / -not -fstype ext3 -prune -o \ -type f \( -perm -4000 -o -perm -2000 \) \ -print

Then, for each ﬁle in this list that is not one of the permitted SUID or SGID programs, run the command

chmod -s FILE

to remove the SUID and SGID bits. When done, re-run the ﬁnd command to verify that the list matches the
permitted programs.

I recommend you installing also FAF (File Anomaly Finder) on your server to check periodically for file with too much rights or privileges

Featured

Swifi won Trust Square biggest blockchain Hackathon #SBHACK21

Featured

Install MongoDB High Availability on Microsoft Azure

Install RabbitMQ on Microsoft Azure

Accessing Git and Nexus with custom SSL certificates

m-Clippy WON Migros Category prize in Europe's Biggest Hackathon Hack Zurich 2020

Featured

Special 35th Anniversary Super Mario Bros edition Game & Watch console available on Nov. 13 for 60$

Featured

A Passive Cooling for Raspberry Pi 4

Ninebot KickScooter MAX G30D

Cryptocurrency monitor with Unicorn HAT

Bitcoin, Ethereum price Monitoring on your raspberry Pi

Featured

DJI Fpv speed racing drone RC Quadcopter FPV

Featured

Enable 1200 mw Mode on DJI FPV System

Enable FCC Mode on DJI FPV System (700mw 8 Channels)

Armattan Marmotte 5 DJI Edition

Must Have DJI FPV System Accessories and Upgrade Parts

Featured

Lake Zürich

Featured

Grimsel Pass

Furka Pass

Susten Pass

Little India in Singapore

Make your Linux server safer: remove SUID/SGID root settings from binaries

set group ID (SGID)

Categories

Featured

Swifi won Trust Square biggest blockchain Hackathon #SBHACK21

Featured

Install MongoDB High Availability on Microsoft Azure

Featured

Special 35th Anniversary Super Mario Bros edition Game & Watch console available on Nov. 13 for 60$

Featured

A Passive Cooling for Raspberry Pi 4

Featured

DJI Fpv speed racing drone RC Quadcopter FPV

Featured

Enable 1200 mw Mode on DJI FPV System

Featured

Lake Zürich

Featured

Grimsel Pass

Make your Linux server safer: remove SUID/SGID root settings from binaries

set group ID (SGID)

Related Posts

Categories

Tags