New setuid files (UNIX)

Module: File Find

This check reports files that have had setuid attribute changes. The first time File Find runs, it creates a snapshot file that lists all setuid files. On subsequent runs, File Find reports any executable files that are newly assigned the setuid attribute and setuid files that are no longer found in the system. Messages reported by this check can be used to update the snapshot file from the Report dialog box.

The following table lists the error messages for the check.

Table: Error messages for New setuid files

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_SETIDNEW Category: System Information	UNIX (5632)	Title: New setuid/setgid file Description:The listed files have been assigned setuid or setgid attributes since the last time the ESM snapshot was updated. With these attributes, anyone running these files is temporarily assigned the UID or GID of the file. While many system files depend on these attributes for proper operation, security problems can result if they are assigned to programs that allow reading and writing of files or escapes to shell. If the new attributes were assigned by the system administrator, you should update the snapshot. If changes were not authorized, you should use the chmod command to restore the previous file attributes.	Severity: red-4 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [%s]
String ID: STKU_SETIDNOT Category: System Information	UNIX (5633)	Title: File is no longer setuid/setgid Description:Setuid or setgid attributes have been removed for the listed files since the last time the ESM snapshot was updated. Anyone running files with setuid or setgid attributes is temporarily assigned the UID or GID of the file. Many system files depend on these attributes for proper operation. If these attributes were changed by the system administrator, you should update the snapshot. If changes were not authorized, you should use the chmod command to restore the previous file attributes.	Severity: green-0 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [%s]
String ID: STKU_SETIDDEL Category: System Information	UNIX (5634)	Title: Setuid/setgid file not found Description:The listed files previously had the setuid or setgid attribute but now cannot be found on your system. Anyone running a file with the setuid or setgid attribute is temporarily assigned the UID or GID of the file. Many system files depend on these attributes for proper operation. If the files were deleted by the system administrator, you should update the ESM snapshot. If the deletions were not authorized, you should restore the files to your system.	Severity: green-0 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_SETIDNEW

Category: System Information

UNIX (5632)

Title: New setuid/setgid file

Description:The listed files have been assigned setuid or setgid attributes since the last time the ESM snapshot was updated. With these attributes, anyone running these files is temporarily assigned the UID or GID of the file. While many system files depend on these attributes for proper operation, security problems can result if they are assigned to programs that allow reading and writing of files or escapes to shell. If the new attributes were assigned by the system administrator, you should update the snapshot. If changes were not authorized, you should use the chmod command to restore the previous file attributes.

Severity: red-4

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SETIDNOT

Category: System Information

UNIX (5633)

Title: File is no longer setuid/setgid

Description:Setuid or setgid attributes have been removed for the listed files since the last time the ESM snapshot was updated. Anyone running files with setuid or setgid attributes is temporarily assigned the UID or GID of the file. Many system files depend on these attributes for proper operation. If these attributes were changed by the system administrator, you should update the snapshot. If changes were not authorized, you should use the chmod command to restore the previous file attributes.

Severity: green-0

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SETIDDEL

Category: System Information

UNIX (5634)

Title: Setuid/setgid file not found

Description:The listed files previously had the setuid or setgid attribute but now cannot be found on your system. Anyone running a file with the setuid or setgid attribute is temporarily assigned the UID or GID of the file. Many system files depend on these attributes for proper operation. If the files were deleted by the system administrator, you should update the ESM snapshot. If the deletions were not authorized, you should restore the files to your system.

Severity: green-0

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]