|
|
abukta
super admin
profile |
|
Join Date: 29 Mar 2005 21:03
Posts: |
|
|
find / -noleaf -path \\\\\\'/proc\\\\\\' -prune \\\\\\\\
-o -path \\\\\\'/sys\\\\\\' -prune \\\\\\\\
-o -path \\\\\\'/dev\\\\\\' -prune \\\\\\\\
-o -path \\\\\\'/windows-C-Drive\\\\\\' - prune \\\\\\\\
-o -perm -2 ! -type l ! -type s \\\\\\\\
! \\\\\\\\( -type d -perm -1000 \\\\\\\\) -print
This says to seach the whole system, skipping the directories /proc, /sys, /dev, and /windows-C-Drive (presumably a Windows partition on a dual-booted computer). The -noleaf option tells find to not assume all remaining mounted filesystems are Unix file systems (you might have a mounted CD for instance). The \\\\\\"-o\\\\\\" is the Boolean OR operator, and \\\\\\"!\\\\\\" is the Boolean NOT operator (applies to the following criteria). So this criteria says to locate files that are world writable (\\\\\\"-perm -2\\\\\\") and NOT symlinks (\\\\\\"! -type l\\\\\\") and NOT sockets (\\\\\\"! -type s\\\\\\") and NOT directories with the sticky (or text) bit set (\\\\\\"! \\\\\\\\( -type d -perm -1000 \\\\\\\\)\\\\\\"). (Symlinks, sockets and directories with the sticky bit set are often world-writable and generally not suspicious.)
|
Home 
Forum
