#!/bin/bash
#
#
# Check for Setuid and GroupUid bits
# ----------------------------------
#	Intruders often leave setuid copies of /bin/sh or /bin/time around
#	to allow them root access at a late time.
#
#
# Original Version
# -------------------
#	http://www.Linux-Sec.net/IDS/suid.check.sh.txt
#
#
#
# More Info
# ------------------
#	http://www.cert.org/tech_tips/intruder_detection_checklist.html
#
#
# 01-Sep-02 amo Date-of-birth
#
#
#
# ncheck -s /dev/hda1  ... /dev/hdaXX
#
#
#
# Remove these files or downgrade its permission
# ------------------
#
find / -user root -perm -4000 -print
#
find / -group root -perm -2000 -print
find / -group kmem -perm -2000 -print
#
#
# Look for wierd filenames too
#	". ."
#	"..."
#	
#
# End of file