find_orphan_files

This check reports all files that are un-owned on the system.

By default, the search is done recursively under the “/” directory. This can make this check extremely slow to execute depending on the number of files present on the remote system. However, if needed, the default base directory to search for can be changed by using the optional keyword basedir. It is also possible to skip certain files within a base directory from being searched using another optional keyword ignore.

This check can be modified to report files that have no user or group found specifically. This is used with the find_option tag. Valid values are nouser, nogroup, and both. The both setting is default if no find_option tag is specified.

Due to the nature of the check, it is normal for it to keep running for a couple of hours, depending on the type of system being scanned. A default timeout value, which is the time after which Nessus will stop processing results for this check, has been set at five hours and this value cannot be changed.

Usage

<item>

name: "find_orphan_files"

description: "This check finds all the files which are 'orphaned' (ie: whose owner is an invalid UID or GID)."

# Globs allowed (? and *)

(optional) basedir: "<directory>"

(optional) ignore: "<directory>"

(optional) find_option: ["nouser", "nogroup", "both"]

</item>

Examples

<item>

name: "find_orphan_files"

description: "This check finds all the files which are 'orphaned' (ie: whose owner is an invalid UID or GID)."

# Globs allowed (? and *)

basedir: "/tmp"

ignore: "/tmp/foo"

ignore: "/tmp/b*"

</item>

<item>

name: "find_orphan_files"

description: "Only find files that have no group"

basedir: "/tmp"

find_option: "nogroup"

</item>

<item>

name: "find_orphan_files"

description: "Only find files that have no user"

basedir: "/tmp"

find_option: "nouser"

</item>