U s e r ' s G u i d e
parent shell script, and thus can copy any files that the parent shell
s c r i p t ' s p r o f i l e c a n r e a d a n d w r i t e .
Immunizing SetUID Programs
To find setuid programs, you can inspect your file system. For
instance, this command will find files that are setuid root:
find / -user root -perm -4000 -print
Immunizing Cron Jobs
To find programs that will be run by cron, you need to inspect your
local cron configuration. Unfortunately, cron configuration is rather
complex, and so there are numerous files to inspect. Periodic cron jobs
are run from these files:
/etc/crontab
/etc/cron.d/*
/etc/cron.daily/*
/etc/cron.hourly/*
/etc/cron.monthly/*
/etc/cron.weekly/*
F o r r o o t ' s c r o n j o b s , y o u c a n e d i t t h e t a s k s w i t h " crontab -e" , a n d l i s t
r o o t ' s c r o n t a s k s w i t h " crontab -l" . Y o u mu s t b e r o o t f o r t h e s e t o
work.
Immunizing Web Applications
To find web applications, you should investigate your web server con-
figuration. The Apache web server is highly configurable, and web
applications can be stored in many directories, depending on your local
configuration. SuSE Linux, by default, stores web applications in
/srv/www/cgi-bin/. To the maximum extent possible, each web
application should have an Novell AppArmor profile.
Because CGI programs are to be executed by the Apache web server,
the profile for Apache itself usr.sbin.httpd2-prefork (for Apache
2 on SuSE Linux) must be modified to add execute permissions to
12