too many SUID/SGID programs

looking at an interesting article on detecting hacking:
http://www.redhat.com/support/resour...tect_checklist

I did 'find / -user root -perm -4000 -print'
and got the list below. My version of common sense tells me that many of those don't need to be SUID, but before I go changing them back willy-nilly, I wonder which ones should really be SUID. I don't have a 2nd box to examine.

/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/quota
/usr/bin/crontab
/usr/bin/lppasswd
/usr/bin/ssh
/usr/sbin/exim
/usr/sbin/suexec
/usr/local/apache/bin/suexec
/usr/local/cpanel/bin/cpwrap
/usr/local/cpanel/bin/jailshell
/usr/local/cpanel/cgi-sys/cgiecho
/usr/local/cpanel/cgi-sys/cgiemail
/usr/local/cpanel/cgi-sys/helpdesk.cgi
/usr/local/cpanel/cgi-sys/scgiwrap
/bin/su
/home/virtfs/vortiz/usr/sbin/exim
/home/virtfs/vortiz/usr/sbin/suexec
/home/virtfs/xpaso/usr/sbin/exim
/home/virtfs/xpaso/usr/sbin/suexec

 

 

 

 

Top