bash 7 lines · 1 tab

Linux privilege escalation checks for suspicious local state

Kai Nakamura Apr 2026
1 tab
#!/usr/bin/env bash
set -euo pipefail

find / -perm -4000 -type f 2>/dev/null | sort
sudo -l
find /etc/systemd/system -type f -writable 2>/dev/null
getcap -r / 2>/dev/null
1 file · bash Explain with highlit

Privilege escalation detection is rarely one command. I look for unexpected SUID binaries, writable service units, dangerous sudo rules, and kernel or package drift. These checks are not glamorous, but they catch a lot of real misconfigurations that attackers abuse quickly.

Share this code

Here's the card — post it anywhere.

Linux privilege escalation checks for suspicious local state — share card
Link copied