As a system administrator you use the
to locate suspicious files.
These are files whose presence indicates something is wrong.
Some attributes that make a file suspicious include:
Additionally after an update of system software you may
locate files with
These need to be examined so that the associated service
configuration can be updated correctly.
Not all suspicious files indicate a problem!
For example it is common for some files to be
word-writable, including symlinks and
certain directories (such as
that have the sticky (or text) bit set.
Directories and database files often have the
setGID set, and so on.
What is needed is that the System Administrator examine these
to make sure they don't indicate problems.
find command (or pipeline) that searches
mounted disks looking for suspicious files and reporting
Be sure not to include non-Unix/Linux filesystems
in your search; that is, skip
/proc and other
fake filesystems, any removable media, any Windows
partitions, and any remotely mounted filesystems (such as
NFS or Samba shares).
Correctly skipping non-suspicious files is worth 50%. Each of the suspicious file indicators listed above that you actually test for correctly are worth 5% each.
Please review the find command tutorial resource from our class web page.
You should also review the filesystem Hierarchy Standard to determine the likely contents of standard directories.
A while-list of previously found suspicious files that turned out to be all right, and having the script skip them would make the reports better. Of course you than need to manage (add new entries to the list, delete entries from the list when the file is changed or deleted) and secure the white-list itself from modification (say by a digital signature). This is not easy to get right and is not a requirement for this project.
A copy of your command/pipeline/script.
You can send as email to . Please see your syllabus for more information about submitting projects.