[Gllug] Tab-complete and cursor keys in SSH sessions?
Bruce Richardson
itsbruce at workshy.org
Tue Sep 29 14:51:30 UTC 2009
On Tue, Sep 29, 2009 at 02:38:43PM +0100, Robert wrote:
>
> I think you may actually be missing it.. or more likely misunderstanding
> me..
Could be...
>
> If all the files exist on the filesystem (stdin - ) and in the suid.orig
> file then they won't be unique and won't trigger a cron email (regardless of
> whether you cat suid.orig once or twice).
>
> The effect of repeating suid.orig then is to ensure they you are never
> emailed about files that are in the suid.orig file, but are not on the disk
> (since if they were on the disk and once in the file you won't be mailed
> about them anyway and either way you will still be mailed about files which
> exist on the disk that are not in the file).
Yes, and it's the latter that I care about. The example was
constructed.. well, it was constructed to show a range of things and
make the students think, but the explicit aim was to monitor filesystems
for new SUID binaries. /root/suid.orig will have been created from a
previous 'find' run and presumably contains a list of approved SUID
binaries.
>
> That means by cating suid.orig twice, you can safely delete suid files from
> the disk without bothering to update the suid.orig file and won't receive
> any emails about that.
Yes, quite right. I won't be alerted about approved SUID file that are
removed, but I will be alerted about new, unapproved SUID files.
You jumped right to the end without mentioning the middle bit, probably
because you assumed it was obvious. In fact, you're one of a very small
number of people who have worked it out for themselves.
--
Bruce
It is impolite to tell a man who is carrying you on his shoulders that
his head smells.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090929/853f52bc/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list