How can I find suid files In Linux?

Gabriel9999

Member
Joined
Mar 12, 2019
Messages
38
Reaction score
4
Credits
130
From security perspective of my linux boxes I want to list suid enabled files with the find command.
 


I'd ping Jas or Ken on this but I did not want to impinge on their Easters, but I see Jas has already liked Brian's, so who knows?

Brian's returned nil to me, but Samuel's was way too verbose, after 20 minutes it is still running, needs more filters.

Just to explain - I am running 35 or so Linux on a Dell Inspiron, plus I also run Timeshift.

The command

Code:
find / -perm /u=s

goes through everything in my /media/chris . including all the Timeshift, which is on a separate linked 4 GB WD My Book.

Spoiler 1 shows a few

/media/chris/Mageia7Beta-WD/usr/bin/passwd
/media/chris/Mageia7Beta-WD/usr/bin/ml85p
/media/chris/Mageia7Beta-WD/usr/bin/ttink
/media/chris/Mageia7Beta-WD/usr/bin/ping
/media/chris/Mageia7Beta-WD/usr/bin/gpgsm
/media/chris/Mageia7Beta-WD/usr/bin/fusermount
/media/chris/Mageia7Beta-WD/usr/bin/mtink
/media/chris/Mageia7Beta-WD/usr/bin/umount
/media/chris/Mageia7Beta-WD/usr/bin/chfn
/media/chris/Mageia7Beta-WD/usr/bin/gpasswd
/media/chris/Mageia7Beta-WD/usr/bin/Xwrapper
/media/chris/Mageia7Beta-WD/usr/bin/cronnext
/media/chris/Mageia7Beta-WD/usr/bin/su
/media/chris/Mageia7Beta-WD/usr/bin/lbp460
/media/chris/Mageia7Beta-WD/usr/bin/pkexec
/media/chris/Mageia7Beta-WD/usr/bin/sudo
/media/chris/Mageia7Beta-WD/usr/bin/mount
/media/chris/Mageia7Beta-WD/usr/bin/crontab
/media/chris/Mageia7Beta-WD/usr/bin/chsh
/media/chris/Mageia7Beta-WD/usr/bin/lbp660
/media/chris/Mageia7Beta-WD/usr/bin/newgrp
/media/chris/Mageia7Beta-WD/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Mageia7Beta-WD/usr/libexec/Xorg.wrap
/media/chris/Mageia7Beta-WD/usr/libexec/openssh/ssh-keysign
/media/chris/Mageia7Beta-WD/usr/libexec/dbus-1/dbus-daemon-launch-helper
/media/chris/Mageia7Beta-WD/usr/lib64/kde4/libexec/fileshareset
/media/chris/Mageia7Beta-WD/usr/sbin/userhelper
/media/chris/Mageia7Beta-WD/usr/sbin/pppd
/media/chris/Mageia7Beta-WD/usr/sbin/mount.nfs
/media/chris/Mageia7Beta-WD/usr/sbin/unix_update
/media/chris/Mageia7Beta-WD/usr/sbin/fileshareset
/media/chris/Mageia7Beta-WD/usr/sbin/unix_chkpwd
/media/chris/Mageia7Beta-WD/usr/sbin/usernetctl
/media/chris/Mageia7Beta-WD/usr/sbin/pam_timestamp_check
/media/chris/Mageia7Beta-WD/usr/sbin/mount.davfs
/media/chris/Mageia7Beta-WD/usr/sbin/traceroute
/media/chris/Condres-Cinn-WD/usr/bin/newgidmap
/media/chris/Condres-Cinn-WD/usr/bin/newuidmap
/media/chris/Condres-Cinn-WD/usr/bin/chage
/media/chris/Condres-Cinn-WD/usr/bin/newgrp
/media/chris/Condres-Cinn-WD/usr/bin/mount.cifs
/media/chris/Condres-Cinn-WD/usr/bin/chsh
/media/chris/Condres-Cinn-WD/usr/bin/su
/media/chris/Condres-Cinn-WD/usr/bin/passwd
/media/chris/Condres-Cinn-WD/usr/bin/unix_chkpwd
/media/chris/Condres-Cinn-WD/usr/bin/sudo
/media/chris/Condres-Cinn-WD/usr/bin/gpasswd
/media/chris/Condres-Cinn-WD/usr/bin/umount
/media/chris/Condres-Cinn-WD/usr/bin/chfn
/media/chris/Condres-Cinn-WD/usr/bin/mount
/media/chris/Condres-Cinn-WD/usr/bin/ksu
/media/chris/Condres-Cinn-WD/usr/bin/pkexec
/media/chris/Condres-Cinn-WD/usr/bin/bwrap
/media/chris/Condres-Cinn-WD/usr/bin/sg
/media/chris/Condres-Cinn-WD/usr/bin/expiry
/media/chris/Condres-Cinn-WD/usr/bin/crontab
/media/chris/Condres-Cinn-WD/usr/bin/fusermount
/media/chris/Condres-Cinn-WD/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/media/chris/Condres-Cinn-WD/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Condres-Cinn-WD/usr/lib/xf86-video-intel-backlight-helper
/media/chris/Condres-Cinn-WD/usr/lib/chromium/chrome-sandbox
/media/chris/Condres-Cinn-WD/usr/lib/mail-dotlock
/media/chris/Condres-Cinn-WD/usr/lib/ssh/ssh-keysign


and Spoiler 2 shows some of the Timeshift

/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/sudo
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/crontab
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/ksu
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/newgrp
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.cifs
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/umount
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.ecryptfs_private
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/unix_chkpwd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/ndisc6
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/passwd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/expiry
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/sg
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/newgidmap
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/mount.nfs
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/fusermount
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/su
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/bwrap
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/rdisc6
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/gpasswd
/media/chris/Timeshift/timeshift/snapshots/2019-03-16_15-24-18/localhost/usr/bin/fusermount3
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/Xorg.wrap
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/xf86-video-intel-backlight-helper
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/mail-dotlock
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/ssh/ssh-keysign
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/chromium/chrome-sandbox
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/lib/polkit-1/polkit-agent-helper-1
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chage
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chsh
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/mount
/media/chris/Timeshift/timeshift/snapshots/2019-04-16_18-51-44/localhost/usr/bin/chfn


... so depending on the OP's needs, more information might help narrow down the best option.

I'm out for my evening, and the process is still running, lol.

Cheers all and

avagudEaster

and be safe on the roads.

Wiz
 


Top