find

find

[Mikael Chambon]

Dear linux admin,

I apolozised in advance if it's the wrong mailing list.

I use a periodic shell script to check SUID files
on my linux servers using the command: 

"find / -type f -perm -4000 -print"

Does someone know if there is a way 
to tell find to discard /dev and /proc directories.

I am not really a shell guru so if someone could give me a hand to solve
this little problem I would really appreciate.

--
Mikael

Re: find

[César Soler]

Hi Mikael,

sure it could do better, but as a quick answer:

ls -ad /* | grep -v -e dev -e proc | while read dir; do
find /$dir -type f -perm -4000 -print
done

hope this help you...

Monday, July 28, 2003, 1:41:07 AM, you wrote:

MC> Dear linux admin,

MC> I apolozised in advance if it's the wrong mailing list.

MC> I use a periodic shell script to check SUID files
MC> on my linux servers using the command: 

MC> "find / -type f -perm -4000 -print"

MC> Does someone know if there is a way 
MC> to tell find to discard /dev and /proc directories.

MC> I am not really a shell guru so if someone could give me a hand to solve
MC> this little problem I would really appreciate.

MC> --
MC> Mikael


MC> -
MC> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
MC> the body of a message to majordomo@vger.kernel.org
MC> More majordomo info at  http://vger.kernel.org/majordomo-info.html


-- 
Best regards,
 César                            mailto:csoler@euskalnet.net

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: find

[Benjamin Walkenhorst]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday, 28. July 2003 01:41, Mikael Chambon wrote:

> I use a periodic shell script to check SUID files
> on my linux servers using the command:
>
> "find / -type f -perm -4000 -print"
>
> Does someone know if there is a way
> to tell find to discard /dev and /proc directories.

Well, first, /dev should not contain any regular files at all (except maybe
for MAKEDEV which should not be suid).
For /proc I am not sure... I guess, I'd rather pass find all the paths I want
it to search. This looks a little more ugly, but it should work as well:

find /bin /boot /etc /home /lib /opt /root /sbin /tmp /usr /var -type f -perm
- -4000 -print

There is probably a more elegant solution available that I am not aware of...
But this one shouldn't be too dirty...

Kind regards,

Benjamin Walkenhorst

- --
Benjamin Walkenhorst
eMail: krylon@gmx.net
homepage: http://www.krylon.de

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Public Key available at http://www.krylon.de

iD8DBQE/JNo2oYumWdMvhMQRAsmaAJ9W0lHa8H5PYl2DX9EHtEBHfTFYxwCgij99
rMqPtMVyro8cw85bzJzzMX4=
=oA/w
-----END PGP SIGNATURE-----

Re: find

[Glynn Clements]

Mikael Chambon wrote:

> I use a periodic shell script to check SUID files
> on my linux servers using the command: 
> 
> "find / -type f -perm -4000 -print"
> 
> Does someone know if there is a way 
> to tell find to discard /dev and /proc directories.

find / -path /dev -prune -o -path /proc -prune -o -type f -perm -4000 -print

-- 
Glynn Clements <glynn.clements@virgin.net>

RE: find

[johnjulian1]

"Mikael Chambon" <raid-ml@cronos.org> wrote:

>Dear linux admin,
>
>I apolozised in advance if it's the wrong mailing list.
>
>I use a periodic shell script to check SUID files
>on my linux servers using the command: 
>
>"find / -type f -perm -4000 -print"
>
>Does someone know if there is a way 
>to tell find to discard /dev and /proc directories.
>
>I am not really a shell guru so if someone could give me a hand to solve
>this little problem I would really appreciate.
>
>--
>Mikael
>

Most people don't expect to find programs in /dev and for that reason many root kits put their files there. It shouldn't add much time to include it and may find a bad guy.

__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

Re: find

[Scott Taylor]

At 16:41 07/27/03, you wrote:
>Dear linux admin,
>
>I apolozised in advance if it's the wrong mailing list.
>
>I use a periodic shell script to check SUID files
>on my linux servers using the command:
>
>"find / -type f -perm -4000 -print"

>Does someone know if there is a way
>to tell find to discard /dev and /proc directories.

Find has many options; very configurable searching.  For ignoring 
directories read up on -prune switch under 'man find'.

>I am not really a shell guru so if someone could give me a hand to solve
>this little problem I would really appreciate.

Shell way...

#!/bin/sh

cd /

for i in `ls`
   do
     if ([ -d $i ] && [ $i != "proc" ]); then
#      ... do something with $i here ...
     fi
   done