Linux sXID
In Linux, normally a file has permissions to read, write, and execute. Apart from these permissions, it can also have special permissions such as SUID (Set owner User ID) and SGID. Due to these permissions, it is possible for a user to log in from their account and still run a particular file/program with the permissions of the actual file owner (which can be root also). sXid is the tool for monitoring SUID/SGID on a regular basis. Using this tool, we can track changes in the SUID/SGID of files and folders.
Getting ready
To use this tool, we need to install the sXid package on our Linux system. We can either use the apt-get
command to install the package, or we can download the package and manually configure and install it.To install the sXid package, we run the following command:
apt-get install sxid
How to do it...
To start monitoring the suid/sgid
of files and folders, we configure the tool as follows:
- Once the installation completes, we start editing the
/etc/sxid.conf
file to use...