Tuesday, September 30, 2008

REMOVING UNWANTED FILES

Removing Obsolete Files

Occasionally, you need to remove unwanted and unneeded files from your system. AIX provides you with the skulker command, which allows you to automatically track and remove obsolete files. This facilityworks on candidate files located in the /tmp directory, executable a.out files, core files, and ed.hup files.

To run the skulker command, type
# skulker -p

You can automate the skulker command by setting up the cron facility to perform this task regularly.






Removing Unowned Files

When a user ID is removed, that user’s files then have no owner assigned to them. To identify files that have no owner, you can use the find command as follows:
# find / -nouser -ls

After identifying files that have no owners, determine whether the files are needed. If they are needed, assign them to a different user. Otherwise, you can remove those files from the system.





Managing Unauthorized Remote Host Access

Some programs use the .rhosts file to gain access to a system. In some cases, access can be granted to unauthenticated users. To avoid this situation, remove the .rhosts file from your system.
For HACMP clusters, .rhosts files are required. Instead of removing them from these configurations, set the permissions to 600 and assign ownership of the files to root.system.

To find .rhosts files, run the following command:
# find / -name .rhosts -ls






Monitoring Executable Files

To monitor the activity of critical executable files, you need a good understanding of how these files are being used. The executable files that you need to monitor are those that are owned by root and have either their SUID or SGID bits set.
After carefully monitoring these files during normal system activity, you can generate a report that includes a list of files that are normally executed. You can then contrast that report with subsequent reports that show new files with these attributes that were set without your knowledge. To create the baseline report, run the following commands:
# find / -perm -4000 -user 0 -ls
# find / -perm -2000 -user 0 -ls
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)