TOC & Recently Viewed

Recently Viewed Topics

find_world_readable_files

This check reports all the files that are world readable. Checking for readable files, for example in user home directories, ensures that no sensitive files are accessible by other users (e.g., private SSH keys).

By default, the search is done recursively under the “/” directory. This can make this check extremely slow to execute depending on the number of files present on the remote system. However, if needed, the default base directory to search for can be changed by using the optional keyword basedir. It is also possible to skip certain files within a base directory from being searched using another optional keyword ignore. When searching file systems, it will, by default, ignore any directories mounted over NFS unless they have been specified with the optional keyword dir.

Due to the nature of the check, it is normal for it to keep running for a couple of hours, depending on the type of system being scanned. A default timeout value, which is the time after which Nessus will stop processing results for this check, has been set at five hours and this value cannot be changed.

Usage

<item>

name: "find_world_readable_files"

description: "This check finds all the files in a directory with world readable permissions."

# Globs allowed (? and *)

(optional) basedir: "<directory>"

(optional) ignore: "<directory>"

(optional) dir: "<directory>"

</item>

Example

<item>

name: "find_world_readable_files"

description: "This check finds all the files in a directory with world readable permissions."

basedir: "/home"

ignore: "/home/tmp"

dir: "/home/extended"

</item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.