Date: Fri, 1 Nov 2002 09:04:49 -0600 From: "DaleCo Help Desk" <daleco@daleco.biz> To: "Duncan Anker" <d.anker@au.darkbluesea.com>, "Andrew Boring" <andrew.boring@millerzell.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: After make world, periodic sends me suid diffs Message-ID: <01e801c281b8$0733dc40$fa00a8c0@DaleCoportable> References: <Pine.WNT.4.44.0210301601190.1024-100000@netgod> <1036129788.21009.2.camel@duncan>
next in thread | previous in thread | raw e-mail | index | archive | help
I'd save the mail for next time :-) I route everything Charlie sends me to a local folder....... Kevin Kinsey ----- Original Message ----- From: "Duncan Anker" <d.anker@au.darkbluesea.com> To: "Andrew Boring" <andrew.boring@millerzell.com> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Thursday, October 31, 2002 11:49 PM Subject: Re: After make world, periodic sends me suid diffs > On Thu, 2002-10-31 at 07:02, Andrew Boring wrote: > > I upgraded a box from 4.6 to 4.7 that is not in production yet. This was > > my first time upgrading via CVS and make world and everything appeared to > > go smoothly with no issues. > > > > However, the following day I received mail from the daily periodic scripts > > Security Run Output: > > > > Checking setuid files and devices: > > setuid diffs: > > 1,50c1,50 > > < 11 -r-sr-xr-x 1 root wheel 321100 Oct 8 11:12:48 2002 /bin/rcp > > < 2761 -r-xr-sr-x 1 root kmem 65944 Oct 9 12:45:20 2002 > > /sbin/ccdconfig > > < 153 -r-sr-xr-x 1 root wheel 201836 Oct 9 12:45:27 2002 > > /sbin/ping > > < 154 -r-sr-xr-x 1 root wheel 202816 Oct 9 12:45:27 2002 > > /sbin/ping6 > > [...] > > > > Looking through the 100.chksetuid script, I am guessing that the security > > script is warning me that the binaries have changed (as a result of the > > source upgrade) and NOT that the permissions have changed or that more > > have been added. Am I correct? I don't have a record or snapshot of the > > permissions on all the binaries listed in the email to verify. > > permissions, owner, group, filesize, date, filename ... anything that's > different between the directory snapshot from the previous run and the > current one. > > It's just a diff between two ls commands, but it's pretty effective for > catching unusual goings on > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01e801c281b8$0733dc40$fa00a8c0>