I was wondering if there was a way to check factory original file permissions of important system config files in linux, solaris, and freebsd systems etc. I'm creating a hardening software tool in python that edits configuration files autonomously and then sets the permissions to the desired owner, group, and mode which, in this case, would ideally be the settings that are set initially. Does anyone know how to see what the original factory owner, group, and mode of certain files are?
Asked
Active
Viewed 462 times
-1
-
Just check your backup. – William Pursell Feb 28 '13 at 23:30
-
You can get a copy of the original package that the file belongs to and look at what the permissions are in the archive inside the package... – Celada Mar 01 '13 at 00:47
2 Answers
1
On Solaris 10 and older, you can use pkgchk :
# pkgchk -ap /etc/vfstab
ERROR: /etc/vfstab
permissions <0644> expected <0660> actual
group name <sys> expected <jlliagre> actual
On Solaris 11, you need to get the package name a file belongs to (eg: pkg search -l /etc/vfstab) then run pkg verify package-name
jlliagre
- 29,783
- 6
- 61
- 72
1
On BSD systems, mtree is the tool that typically performs this task. The challenge with mtree is that different BSD releases provide differing degrees of completes for their mtree specifications. FreeBSD, for example, doesn't have mtree rules for /etc/* by default. OpenBSD however does provide this (and there it's used by the /etc/security script to alert you of changes in the nightly run). This makes mtree not entirely portable in the BSD world, but it's a start.
Furthermore, mtree already provides the functionality to fix things up that you describe in your python tool, so you may be able to offload so of the work provided you can find/build a suitable mtree definition file.
Dave S.
- 6,349
- 31
- 33