How can I find suid files In Linux?

Gabriel9999

Member
Joined
Mar 12, 2019
Messages
38
Reaction score
4
Credits
130
From security perspective of my linux boxes I want to list suid enabled files with the find command.
 


Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,761
Reaction score
3,370
Credits
18,550

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
6,642
Reaction score
5,404
Credits
19,758
I'd ping Jas or Ken on this but I did not want to impinge on their Easters, but I see Jas has already liked Brian's, so who knows?

Brian's returned nil to me, but Samuel's was way too verbose, after 20 minutes it is still running, needs more filters.

Just to explain - I am running 35 or so Linux on a Dell Inspiron, plus I also run Timeshift.

The command

Code:
find / -perm /u=s

goes through everything in my /media/chris . including all the Timeshift, which is on a separate linked 4 GB WD My Book.

Spoiler 1 shows a few

/media/chris/Mageia7Beta-WD/usr/bin/passwd
/media/chris/Mageia7Beta-WD/usr/bin/ml85p
/media/chris/Mageia7Beta-WD/usr/bin/ttink
/media/chris/Mageia7Beta-WD/usr/bin/ping
/media/chris/Mageia7Beta-WD/usr/bin/gpgsm
/media/chris/Mageia7Beta-WD/usr/bin/fusermount
/media/chris/Mageia7Beta-WD/usr/bin/mtink
/media/chris/Mageia7Beta-WD/usr/bin/umount
/media/chris/Mageia7Beta-WD/usr/bin/chfn
/media/chris/Mageia7Beta-WD/usr/bin/gpasswd
/media/chris/Mageia7Beta-WD/usr/bin/Xwrapper
/media/chris/Mageia7Beta-WD/usr/bin/cronnext
/media/chris/Mageia7Beta-WD/usr/bin/su
/media/chris/Mageia7Beta-WD/usr/bin/lbp460
/media/chris/Mageia7Beta-WD/usr/bin/pkexec
/media/chris/Mageia7Beta-WD/usr/bin/sudo
/media/chris/Mageia7Beta-WD/usr/bin/mount
/media/chris/Mageia7Beta-WD/usr/bin/crontab
/media/chris/Mageia7Beta-WD/usr/bin/chsh
/media/chris/Mageia7Beta-WD/usr/bin/lbp660
/media/chris/Mageia7Beta-WD/usr/bin/newgrp
/media/chris/Mageia7Beta-WD/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Mageia7Beta-WD/usr/libexec/Xorg.wrap
/media/chris/Mageia7Beta-WD/usr/libexec/openssh/ssh-keysign
/media/chris/Mageia7Beta-WD/usr/libexec/dbus-1/dbus-daemon-launch-helper
/media/chris/Mageia7Beta-WD/usr/lib64/kde4/libexec/fileshareset
/media/chris/Mageia7Beta-WD/usr/sbin/userhelper
/media/chris/Mageia7Beta-WD/usr/sbin/pppd
/media/chris/Mageia7Beta-WD/usr/sbin/mount.nfs
/media/chris/Mageia7Beta-WD/usr/sbin/unix_update
/media/chris/Mageia7Beta-WD/usr/sbin/fileshareset
/media/chris/Mageia7Beta-WD/usr/sbin/unix_chkpwd
/media/chris/Mageia7Beta-WD/usr/sbin/usernetctl
/media/chris/Mageia7Beta-WD/usr/sbin/pam_timestamp_check
/media/chris/Mageia7Beta-WD/usr/sbin/mount.davfs
/media/chris/Mageia7Beta-WD/usr/sbin/traceroute
/media/chris/Condres-Cinn-WD/usr/bin/newgidmap
/media/chris/Condres-Cinn-WD/usr/bin/newuidmap
/media/chris/Condres-Cinn-WD/usr/bin/chage
/media/chris/Condres-Cinn-WD/usr/bin/newgrp
/media/chris/Condres-Cinn-WD/usr/bin/mount.cifs
/media/chris/Condres-Cinn-WD/usr/bin/chsh
/media/chris/Condres-Cinn-WD/usr/bin/su
/media/chris/Condres-Cinn-WD/usr/bin/passwd
/media/chris/Condres-Cinn-WD/usr/bin/unix_chkpwd
/media/chris/Condres-Cinn-WD/usr/bin/sudo
/media/chris/Condres-Cinn-WD/usr/bin/gpasswd
/media/chris/Condres-Cinn-WD/usr/bin/umount
/media/chris/Condres-Cinn-WD/usr/bin/chfn
/media/chris/Condres-Cinn-WD/usr/bin/mount
/media/chris/Condres-Cinn-WD/usr/bin/ksu
/media/chris/Condres-Cinn-WD/usr/bin/pkexec
/media/chris/Condres-Cinn-WD/usr/bin/bwrap
/media/chris/Condres-Cinn-WD/usr/bin/sg
/media/chris/Condres-Cinn-WD/usr/bin/expiry
/media/chris/Condres-Cinn-WD/usr/bin/crontab
/media/chris/Condres-Cinn-WD/usr/bin/fusermount
/media/chris/Condres-Cinn-WD/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/media/chris/Condres-Cinn-WD/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Condres-Cinn-WD/usr/lib/xf86-video-intel-backlight-helper
/media/chris/Condres-Cinn-WD/usr/lib/chromium/chrome-sandbox
/media/chris/Condres-Cinn-WD/usr/lib/mail-dotlock
/media/chris/Condres-Cinn-WD/usr/lib/ssh/ssh-keysign


and Spoiler 2 shows some of the Timeshift

/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/sudo
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/crontab
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/ksu
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/newgrp
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.cifs
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/umount
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.ecryptfs_private
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/unix_chkpwd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/ndisc6
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/passwd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/expiry
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/sg
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/newgidmap
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.nfs
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/fusermount
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/su
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/bwrap
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/rdisc6
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/gpasswd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/fusermount3
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/Xorg.wrap
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/xf86-video-intel-backlight-helper
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/mail-dotlock
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/ssh/ssh-keysign
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/chromium/chrome-sandbox
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chage
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chsh
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/mount
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chfn


... so depending on the OP's needs, more information might help narrow down the best option.

I'm out for my evening, and the process is still running, lol.

Cheers all and

avagudEaster

and be safe on the roads.

Wiz
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top