Nixes Auditing
Introduction
You will always need to perform regular audits of your systems.
Filesystem
These commands will assist you in auditting linux filesystems.
Note: sudo is used in these commands instead of running as root. If you are not using sudo, remove it from the command string and run as root.
User ownership
The following command string will parse through
/etc/passwd and prints a list of all files owned by each user into it's own file. One file will be created for each user and the filenames will be the same as the usernames. Try making a new directory and running it from there. This will take a while on systems with lots of files.
cat /etc/passwd |gawk 'BEGIN { FS = ":" } { print $1}' | sudo xargs -i find / -user {} -fprint {}
A different command is used to find files that do not belong to a user on the system.
sudo find / -nouser -fprint NOUSER
Group ownership
The following command string will parse through
/etc/group and prints a list of all files owned by each group into it's own file. One file will be created for each group and the filenames will be the same as the group names. Try making a new directory and running it from there. This will take a while on systems with lots of files.
cat /etc/group |gawk 'BEGIN { FS = ":" } { print $1 }' | sudo xargs -i find / -group {} -fprint {}
What about files with a group ID that is not in /etc/group? Try this command.
sudo find / -nogroup -fprint NOGROUP
Links