-
Learn about the useful options to your version of the ls command.
-
If your system has access control lists (ACLs), learn how to use them. Remember: do not depend on ACLs to protect files on NFS partitions.
-
Set your umask to an appropriate value (e.g., 027 or 077).
-
Never write SUID/SGID shell scripts.
-
Periodically scan your system for SUID/SGID files.
-
Disable SUID on disk partition mounts (local and remote) unless it is necessary.
-
Determine if write , chmod , chown , and chgrp operations on files clear the SUID/SGID bits on your system. Get in the habit of checking files based on this information.
-
Scan for device files on your system. Check their ownerships and permissions to ensure that they are reasonable.
-
Consider using a cryptographic filesystem for sensitive data.