Forensics 16. Elementary diagnostics using 'find'

find will search for files or directories with a particular name or permissions, e.g. to find setuid/setgid programs:

  find / -xdev \( -perm -002000 -o
    -perm -004000 \) -print

and to find directories called ...:

  find / -name "..." -type d -print

It's a good idea to keep a list of setuid/setgid programs on your machine, and their cryptographic hashes (MD5, SHA-1, ...) for checking if you think something is amiss.