[ubuntu] setuid files [Archive]

View Full Version : [ubuntu] setuid files

sulekha

October 11th, 2008, 05:30 AM

Hi all,

I have read that

To check for a possible Trojan horse, examine the filesystem periodically for files with setuid permission. The following command lists these files:
Listing setuid files $ sudo find / -perm -4000 -exec ls -lh {} \; 2> /dev/null

can any one explain,why the permission is given as 4000 in this command
AFAIK i haven't seen any files with premission 4000

cariboo907

October 11th, 2008, 04:48 PM

Permissions of 4000 just means to set user ID on execution. A better way to scan for rootkits is to install rkhunter. Rkhunter scans for rootkits daily and emails you the results.

Jim

sulekha

October 13th, 2008, 01:36 PM

Permissions of 4000 just means to set user ID on execution. A better way to scan for rootkits is to install rkhunter. Rkhunter scans for rootkits daily and emails you the results.

Jim

what about chkrootkit ?