Files owned by root with SUID or SGID permissions could have led to privilege escalation.if misconfigured. This template detected such files for further review.
reference:
- https://isms.kisa.or.kr
tags:linux,local,audit,compliance,privesc,kisas
self-contained:true
code:
- engine:
- sh
- bash
source:|
find / -user root -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lg {} \; 2>/dev/null | head -n 10
