perl code to monitor for setuid bit
Written by jlgaddis on March 23, 2006 – 10:33 pm -We have a certain application that requires the setuid bit to be set on a certain executable in order for a certain process to work. Yes, I’m being intentionally vague here and, yes, I realize the dangers of setuid executables. That said…
I received an e-mail today telling me that the “certain process” didn’t seem to be working properly. The last “good run” was on March 7th, a bit over two weeks ago. I got looking into the matter and discovered entries in logfiles warning that the intended operation couldn’t be completed because the “certain executable” wasn’t setuid root. (These log files are massive, too large for me to visually read through everyday or I would be — duh). Anyways, I determined that, on March 7th, a vendor supplied update was installed (by me, even!) that updated the “certain executable”, restoring it’s non-setuid state. Restored the setuid bit and was ready to call it done when I decided that it’d be nice to prevent this from happening again. What I ended up with is the following bit of Perl that checks $filename to see if the setuid bit is set and emails $administrator if it’s not. I set this up to run from cron on a frequent basis, then called it “done”. Note: I’ve intentionally obfuscated a few things here, but maybe this snippet can be of benefit to someone else.
#!/usr/bin/perl #Well, it lost my indentation when I pasted it, but you get the picture…$Id: monitor_setuid.pl, v 1.0 2006/03/23 20:23:17 jlgaddis Exp $
#
This script checks $filename for the existance of the setuid
bit. If $filename is not setuid, an e-mail is generated to
$administrator warning them of the fact.
#
use Net::SMTP;
$filename = “/path/to/setuid/executable”; $administrator = “you\@example.com”;
stat($filename); if (-u $filename != 1) { $smtp = Net::SMTP->new(‘localhost’) or die(“Can’t connect to localhost:25/TCP”); $smtp->mail(‘from@your-domain.com’); $smtp->to($administrator); $smtp->data(); $smtp->datasend(“Subject: SETUID CHECK FOR $filename FAILED\n”); $smtp->datasend(“\n”); $smtp->datasend(“An automated check for the existance of the setuid\n”); $smtp->datasend(“bit on $filename failed.\n\n”); $smtp->datasend(“THIS FILE IS NOT SETUID!\n”); $smtp->datasend(“\n”); $smtp->dataend(); $smtp->quit; }
exit 0;
Tags: linux, security | No Comments »
