We have a certain application that requires the setuid bit to be set on a certain executable in order for a certain process to work. Yes, I’m being intentionally vague here and, yes, I realize the dangers of setuid executables. That said…

I received an e-mail today telling me that the “certain process” didn’t seem to be working properly. The last “good run” was on March 7th, a bit over two weeks ago. I got looking into the matter and discovered entries in logfiles warning that the intended operation couldn’t be completed because the “certain executable” wasn’t setuid root. (These log files are massive, too large for me to visually read through everyday or I would be — duh). Anyways, I determined that, on March 7th, a vendor supplied update was installed (by me, even!) that updated the “certain executable”, restoring it’s non-setuid state. Restored the setuid bit and was ready to call it done when I decided that it’d be nice to prevent this from happening again. What I ended up with is the following bit of Perl that checks $filename to see if the setuid bit is set and emails $administrator if it’s not. I set this up to run from cron on a frequent basis, then called it “done”. Note: I’ve intentionally obfuscated a few things here, but maybe this snippet can be of benefit to someone else.

#!/usr/bin/perl #

$Id: monitor_setuid.pl, v 1.0 2006/03/23 20:23:17 jlgaddis Exp $

#

This script checks $filename for the existance of the setuid

bit. If $filename is not setuid, an e-mail is generated to

$administrator warning them of the fact.

#

use Net::SMTP;

$filename = “/path/to/setuid/executable”; $administrator = “you\@example.com”;

stat($filename); if (-u $filename != 1) { $smtp = Net::SMTP->new(’localhost’) or die(”Can’t connect to localhost:25/TCP”); $smtp->mail(’from@your-domain.com’); $smtp->to($administrator); $smtp->data(); $smtp->datasend(”Subject: SETUID CHECK FOR $filename FAILED\n”); $smtp->datasend(”\n”); $smtp->datasend(”An automated check for the existance of the setuid\n”); $smtp->datasend(”bit on $filename failed.\n\n”); $smtp->datasend(”THIS FILE IS NOT SETUID!\n”); $smtp->datasend(”\n”); $smtp->dataend(); $smtp->quit; }

exit 0;

Well, it lost my indentation when I pasted it, but you get the picture…

Just found out that, in addition to the Bloomington Linux User Group, there’s also the South Central Indiana .NET Users Group in the area. Apparently, there having a meeting Thursday night (tomorrow) in room 1B at the Monroe County Public Library (where the BLUG meeting was last night). No details other than that, though — can’t find a time listed for the meeting on their web site.

Well, the IU Hoosiers beat the Purdue Boilermakers in a game that went into double OT Saturday. We didn’t beat ‘em by much — only two points — but it was enough.

The Indianapolis Colts, on the other hand, weren’t so lucky. We got blown away by the New England Patriots, 20-3 (shut up, Ashley). That brought our season to a screeching halt. Oh well, maybe next year, right?

In other news, I got a lotta shit to do today. Today is Martin Luther King, Jr. Day if you’ve been living under a rock. $work calls it “A day on, not a day off”, which means that while I don’t have to go to work (yet still get paid), I’m supposed to find something to volunteer to do in my community. I’ll get right on that. Yeah, right after I patch some servers, write the code for any of the 50 things I need to do, work on some database projects, and do homework and study for the two classes I’m taking this semester. Oh, and I need to shave my head again (face, too) and go to Bedford to get fitted for a tux (all Ashley’s fault) then run to Oolitic.

Yeah, I’ll find something to volunteer for today. Maybe I’ll help an old lady across the street or something.

Oh, and I spent about 15 hours this weekend giving myself an introduction to the Microsoft .NET Platform and attempting to learn how to interact with SQL database from Win32 apps that I write myself. I bet you feel sorry for me now, huh?