In a Unix / Linux system, files that are not owned by any user or group are known as orphaned files. Having such files in the system is not a good idea. Although these files themselves are not a risk, they could be used by an attacker in case of a breach.
Here is a command to list files that are not owned by any user or group.
# find / -path /proc -prune -nouser -o -nogroup -exec ls -l {} \; 2>/dev/null
For the files in this list, you could determine and implement appropriate actions, for the purpose of hardening the system. Appropriate action could be to assign a user or group owner to the file, which was missing. Or to remove the file if it is not required for the functionality of the system. Or may be some other action. Making these informed choices is better than not being aware of the situation.
If you are not familiar with the find command, do check the manual page of find command. And about the options I have used in the above command, here is what the manual says about them :
-path pattern
File name matches shell pattern pattern.
-prune True; if the file is a directory, do not descend into it.
-nouser
No user corresponds to file's numeric user ID.
-nogroup
No group corresponds to file's numeric group ID.
-exec command ;
Execute command; true if 0 status is returned. All following arguments to find are taken to be arguments to the command until an argument consisting of ; is encountered. The string {} is replaced by the current file name being processed everywhere it occurs in the arguments to the command, not just in arguments where it is alone, as in some versions of find. Both of these constructions might need to be escaped (with a \) or quoted to protect them from expansion by the shell.
Here is a command to list files that are not owned by any user or group.
# find / -path /proc -prune -nouser -o -nogroup -exec ls -l {} \; 2>/dev/null
For the files in this list, you could determine and implement appropriate actions, for the purpose of hardening the system. Appropriate action could be to assign a user or group owner to the file, which was missing. Or to remove the file if it is not required for the functionality of the system. Or may be some other action. Making these informed choices is better than not being aware of the situation.
If you are not familiar with the find command, do check the manual page of find command. And about the options I have used in the above command, here is what the manual says about them :
-path pattern
File name matches shell pattern pattern.
-prune True; if the file is a directory, do not descend into it.
-nouser
No user corresponds to file's numeric user ID.
-nogroup
No group corresponds to file's numeric group ID.
-exec command ;
Execute command; true if 0 status is returned. All following arguments to find are taken to be arguments to the command until an argument consisting of ; is encountered. The string {} is replaced by the current file name being processed everywhere it occurs in the arguments to the command, not just in arguments where it is alone, as in some versions of find. Both of these constructions might need to be escaped (with a \) or quoted to protect them from expansion by the shell.
No comments:
Post a Comment