Checking file privileges

Another possible avenue of attack on your system is through the placing of privileges on a program. You should check the privileges on your system periodically. If you create a reference file the first time you run this procedure, it will help you quickly discover any future changes.

To obtain a list of privileges on files on your system, perform the following:

1. Execute
   
   find / -type f -perm -111 -print -exec filepriv {} \; > filename

   The filename is the name of a temporary file. This can be archived for later use as a reference file.

2. Check the filename file for any suspicious programs; for example, programs that have more privileges than they should. Take corrective action to remove the privileges using the filepriv command. See ``Administering privilege'' for more information.