1
00:00:06,600 --> 00:00:09,227
- All right, well this
looks like a long one.

2
00:00:09,227 --> 00:00:11,820
Let's read it, so that we understand,

3
00:00:11,820 --> 00:00:13,320
and we can make a plan.

4
00:00:13,320 --> 00:00:16,680
So, we need to create a file
that contains list of all files

5
00:00:16,680 --> 00:00:20,760
on your system that have
the SUID permission set.

6
00:00:20,760 --> 00:00:24,450
And, that is SUID files based on txt.

7
00:00:24,450 --> 00:00:26,340
Okay, that sounds doable.

8
00:00:26,340 --> 00:00:29,943
Find minus perm, slash 4,000.

9
00:00:30,870 --> 00:00:32,580
Then we add the file /tmp/runme,

10
00:00:32,580 --> 00:00:36,120
and ensure that it has
SUID as well as execute.

11
00:00:36,120 --> 00:00:38,670
That's pretty straightforward as well.

12
00:00:38,670 --> 00:00:40,530
Then we need to run
the appropriate command

13
00:00:40,530 --> 00:00:42,870
to create a file that
contains the list of all files

14
00:00:42,870 --> 00:00:45,240
on your system that have SUID set.

15
00:00:45,240 --> 00:00:49,203
And we need to call it /root/suid date.

16
00:00:50,580 --> 00:00:52,830
So we need date, the date command.

17
00:00:52,830 --> 00:00:54,870
Some command substitution here.

18
00:00:54,870 --> 00:00:57,660
And then the highlight,
is to generate a list

19
00:00:57,660 --> 00:00:59,790
of differences between these two files.

20
00:00:59,790 --> 00:01:01,110
Sounds like diff.

21
00:01:01,110 --> 00:01:05,310
And write differences found
to /tmp/suid-differences.

22
00:01:05,310 --> 00:01:06,453
There's date.

23
00:01:07,860 --> 00:01:10,530
Okay, and generate a scheduled job

24
00:01:10,530 --> 00:01:13,050
that will automatically
do this once a day.

25
00:01:13,050 --> 00:01:14,550
Well, sounds like a lot.

26
00:01:14,550 --> 00:01:17,640
But really what we want to
do, we want to do some find,

27
00:01:17,640 --> 00:01:21,030
we want to do some diff,
and we want to do some cron.

28
00:01:21,030 --> 00:01:22,593
Sounds doable.

29
00:01:23,850 --> 00:01:25,353
Let's go there step by step.

30
00:01:27,600 --> 00:01:30,390
The first part, is where we create a file

31
00:01:30,390 --> 00:01:33,780
that contains a list of all
files that have set user ID.

32
00:01:33,780 --> 00:01:34,743
Find slash.

33
00:01:37,410 --> 00:01:39,000
Minus perm.

34
00:01:39,000 --> 00:01:40,852
Slash 4,000.

35
00:01:40,852 --> 00:01:41,852
That's what we need.

36
00:01:44,520 --> 00:01:45,353
And there we go.

37
00:01:45,353 --> 00:01:47,973
These are all the files
that have set user ID set.

38
00:01:49,230 --> 00:01:53,020
Okay, and we need to
redirect the output to

39
00:01:54,120 --> 00:01:55,440
slash root,

40
00:01:55,440 --> 00:01:57,240
slash suid,

41
00:01:57,240 --> 00:01:59,313
files dot txt.

42
00:02:00,390 --> 00:02:02,700
So this is kind of the baseline,

43
00:02:02,700 --> 00:02:05,823
the starting point that
we want to compare.

44
00:02:06,750 --> 00:02:10,143
Next, I need to create a file /tmp/runme.

45
00:02:12,060 --> 00:02:15,210
And we need to ensure
that it has set user ID,

46
00:02:15,210 --> 00:02:16,860
as well as execute.

47
00:02:16,860 --> 00:02:18,240
So,

48
00:02:18,240 --> 00:02:20,640
that means chmod,

49
00:02:20,640 --> 00:02:22,230
u plus s,

50
00:02:22,230 --> 00:02:24,030
on /tmp/runme.

51
00:02:24,030 --> 00:02:26,343
I'm going for the
relative mode, by the way.

52
00:02:27,750 --> 00:02:29,310
Because the exercise,

53
00:02:29,310 --> 00:02:32,280
is only talking about
set user ID and execute,

54
00:02:32,280 --> 00:02:33,810
and not about the other permissions.

55
00:02:33,810 --> 00:02:36,690
So, I don't want to change
the other permissions.

56
00:02:36,690 --> 00:02:38,490
And that's why I'm using the relative mode

57
00:02:38,490 --> 00:02:40,080
and not the absolute mode.

58
00:02:40,080 --> 00:02:43,650
So, chmod plus x on /tmp/runme.

59
00:02:43,650 --> 00:02:47,820
And then, ls minus l on
/tmp/runme is showing,

60
00:02:47,820 --> 00:02:51,600
that it has the little s on
the position of the first x.

61
00:02:51,600 --> 00:02:53,853
It's marked in red, so this is all good.

62
00:02:55,380 --> 00:02:57,300
Next, we need to run
the appropriate command

63
00:02:57,300 --> 00:02:59,670
to create a file that
contains a list of all files

64
00:02:59,670 --> 00:03:02,010
that have set user ID set.

65
00:03:02,010 --> 00:03:05,700
That's the same command
as what we've done before.

66
00:03:05,700 --> 00:03:10,230
But, we need to have the date in there.

67
00:03:10,230 --> 00:03:12,930
And this date should automatically be set,

68
00:03:12,930 --> 00:03:14,730
based on the date of the day.

69
00:03:14,730 --> 00:03:16,440
I need to try this before.

70
00:03:16,440 --> 00:03:19,323
I think it is date plus percent,

71
00:03:20,400 --> 00:03:21,900
d,

72
00:03:21,900 --> 00:03:23,580
dash percent m,

73
00:03:23,580 --> 00:03:26,610
dash percent uppercase Y.

74
00:03:26,610 --> 00:03:28,470
Yes, that is the one that we need.

75
00:03:28,470 --> 00:03:30,720
I just wanted to make sure.

76
00:03:30,720 --> 00:03:35,720
So, we create this file,
which is date extension.

77
00:03:35,910 --> 00:03:39,690
And we get a date extension,
by using command substitution.

78
00:03:39,690 --> 00:03:42,030
So, dollar parenthesis,

79
00:03:42,030 --> 00:03:44,550
date plus percent d,

80
00:03:44,550 --> 00:03:46,680
dash percent m,

81
00:03:46,680 --> 00:03:49,800
dash percent uppercase Y.

82
00:03:49,800 --> 00:03:50,633
There we go.

83
00:03:51,630 --> 00:03:52,463
And let's run it,

84
00:03:52,463 --> 00:03:56,670
so that we can check that
it worked out all right.

85
00:03:56,670 --> 00:03:59,010
Now, we need to generate
a list of difference

86
00:03:59,010 --> 00:04:00,360
between the two files,

87
00:04:00,360 --> 00:04:04,170
and write the differences found to,

88
00:04:04,170 --> 00:04:07,380
suid differences dot txt.

89
00:04:07,380 --> 00:04:08,553
So, I'm using diff,

90
00:04:09,733 --> 00:04:11,610
on suid-files,

91
00:04:11,610 --> 00:04:12,603
dot txt.

92
00:04:13,710 --> 00:04:16,050
And suid-files,

93
00:04:16,050 --> 00:04:17,280
dash,

94
00:04:17,280 --> 00:04:18,660
date dot txt.

95
00:04:18,660 --> 00:04:20,430
First I want to know what is going on.

96
00:04:20,430 --> 00:04:22,320
And there we can see, yeah /tmp/runme

97
00:04:22,320 --> 00:04:25,110
was added in the second file.

98
00:04:25,110 --> 00:04:26,970
That's exactly what we needed to do.

99
00:04:26,970 --> 00:04:29,973
And we need to write the output to,

100
00:04:30,990 --> 00:04:32,253
slash tmp,

101
00:04:33,720 --> 00:04:35,223
slash suid,

102
00:04:36,270 --> 00:04:37,413
differences,

103
00:04:38,670 --> 00:04:40,290
dash,

104
00:04:40,290 --> 00:04:42,210
with command substitution,

105
00:04:42,210 --> 00:04:43,043
date,

106
00:04:48,060 --> 00:04:49,920
plus percent d,

107
00:04:49,920 --> 00:04:52,230
dash percent m,

108
00:04:52,230 --> 00:04:55,020
dash percent Y,

109
00:04:55,020 --> 00:04:56,523
dot txt.

110
00:05:00,420 --> 00:05:05,130
Just an ls minus l on /tmp/suid,

111
00:05:05,130 --> 00:05:06,480
to figure out that it worked.

112
00:05:06,480 --> 00:05:08,663
Well, the tab completion
is showing a long list,

113
00:05:08,663 --> 00:05:11,790
but the first one is what we needed.

114
00:05:11,790 --> 00:05:14,130
Now, we need to create a scheduled job

115
00:05:14,130 --> 00:05:17,790
that will automatically
do this once a day.

116
00:05:17,790 --> 00:05:20,220
So, how are we going to do that?

117
00:05:20,220 --> 00:05:22,983
Well, we put it in cron.

118
00:05:25,560 --> 00:05:27,300
Right now, you can make a choice

119
00:05:27,300 --> 00:05:30,090
between cron and a systemd timer.

120
00:05:30,090 --> 00:05:33,120
Crontab minus e, is definitely easier.

121
00:05:33,120 --> 00:05:35,400
And that's my big advice for the exam.

122
00:05:35,400 --> 00:05:36,663
Make it easy.

123
00:05:37,800 --> 00:05:40,320
So, this is going to do it.

124
00:05:40,320 --> 00:05:42,150
Diff suid files, oh.

125
00:05:42,150 --> 00:05:44,520
This is almost going to do it.

126
00:05:44,520 --> 00:05:46,680
We do need to build in the flexibility,

127
00:05:46,680 --> 00:05:48,810
that it is taking the file of the day.

128
00:05:48,810 --> 00:05:53,280
So, we also need to command
substitution right here.

129
00:05:53,280 --> 00:05:57,750
So, date plus percent d, dash percent m,

130
00:05:57,750 --> 00:05:59,583
dash percent Y.

131
00:06:01,255 --> 00:06:02,580
Is that looking okay?

132
00:06:02,580 --> 00:06:03,663
That's looking okay.

133
00:06:04,860 --> 00:06:07,620
Now, this is a cron job.

134
00:06:07,620 --> 00:06:12,150
So, this being a cron job, we
need the cron specification.

135
00:06:12,150 --> 00:06:14,340
I need to run it once a day.

136
00:06:14,340 --> 00:06:15,753
Let's run it at,

137
00:06:17,179 --> 00:06:18,933
a minute 0, hour 1,

138
00:06:20,100 --> 00:06:21,423
on every day.

139
00:06:24,060 --> 00:06:26,610
And there we go, it's
installing the new crontab.

140
00:06:26,610 --> 00:06:27,693
And, that's all.