[svlug] a way to remove executables from the /tmp directory

[Karsten M. Self]

on Fri, Jul 15, 2005 at 06:50:25PM -0500, Jerry M. Howell II (jmhowell at jmhowell.com) wrote:
> Hello all,
> 
>       I ran into a problem not all that long ago where someone uploaded
> executable files into our /tmp directory. I have it setup not to run
> executables and no suid and /tmp is on it's own partition. What I still
> need to do is create a script that will locate executables, e-mail me
> to inform me of them then deleate the executable, or at least move them
> somewere where I can check them out. No one on our server needs the /tmp
> directory for executables. The only ones that have tried to use it so far
> are atempted crackers, DDoS'ers, etc. I'd like to see some scripts you all
> might have out there that might be used for this purpose or similar.

    man find:

       -perm mode
              File's permission bits are exactly  mode  (octal  or  symbolic).
              Symbolic modes use mode 0 as a point of departure.

       -perm -mode
              All of the permission bits mode are set for the file.

       -perm +mode
              Any of the permission bits mode are set for the file.

Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Obviously it's not going to be trivial to run GNOME apps outside
    of GNOME.
    - Adam Hooper, clarifying the topic of GNOME interoperability
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20050715/b2b00697/attachment.bin