#!/bin/bash

# findsuid--Checks all SUID files or programs to see if they're writeable,
#   and outputs the matches in a friendly and useful format.

setglobal mtime = '"7'"       # How far back (in days) to check for modified cmds
setglobal verbose = '0'       # By default, let's be quiet about things.

if test $1 = "-v"  {
  setglobal verbose = '1'          # User-specified findsuid –v, so let's be verbose.
}

# "find –perm" looks at the permissions of the file: 4000 and above 
#   are setuid/setgid.

find / -type f -perm +4000 -print0 | while read -d '' -r match
{
  if test -x $match  {

    # Let's split out file owner and permissions from the "ls –ld" output.

    setglobal owner = $[ls -ld $match | awk '{print $3}]
    setglobal perms = $[ls -ld $match | cut -c5-10 | grep 'w] 

    if test ! -z $perms  {
      echo "**** $match (writeable and setuid $owner)"
    } elif test ! -z $[find $match -mtime -$mtime -print]  {
      echo "**** $match (modified within $mtime days and setuid $owner)"
    } elif test $verbose -eq 1  {
      # By default, only dangerous scripts are listed. If verbose, show all.
      setglobal lastmod = $[ls -ld $match | awk '{print $6, $7, $8}]
      echo "     $match (setuid $owner, last modified $lastmod)"
    }
  }
}

exit 0