From owner-freebsd-questions Fri Nov 1 7: 5:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0E7237B401 for ; Fri, 1 Nov 2002 07:05:55 -0800 (PST) Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EF5B43E91 for ; Fri, 1 Nov 2002 07:05:55 -0800 (PST) (envelope-from daleco@daleco.biz) Received: from DaleCoportable [12.145.236.137] by mail.gbronline.com (SMTPD32-7.13) id A7EA79FD0096; Fri, 01 Nov 2002 09:04:10 -0600 Message-ID: <01e801c281b8$0733dc40$fa00a8c0@DaleCoportable> From: "DaleCo Help Desk" To: "Duncan Anker" , "Andrew Boring" Cc: References: <1036129788.21009.2.camel@duncan> Subject: Re: After make world, periodic sends me suid diffs Date: Fri, 1 Nov 2002 09:04:49 -0600 Organization: DaleCo, S.P.---"the solutions people" MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'd save the mail for next time :-) I route everything Charlie sends me to a local folder....... Kevin Kinsey ----- Original Message ----- From: "Duncan Anker" To: "Andrew Boring" Cc: Sent: Thursday, October 31, 2002 11:49 PM Subject: Re: After make world, periodic sends me suid diffs > On Thu, 2002-10-31 at 07:02, Andrew Boring wrote: > > I upgraded a box from 4.6 to 4.7 that is not in production yet. This was > > my first time upgrading via CVS and make world and everything appeared to > > go smoothly with no issues. > > > > However, the following day I received mail from the daily periodic scripts > > Security Run Output: > > > > Checking setuid files and devices: > > setuid diffs: > > 1,50c1,50 > > < 11 -r-sr-xr-x 1 root wheel 321100 Oct 8 11:12:48 2002 /bin/rcp > > < 2761 -r-xr-sr-x 1 root kmem 65944 Oct 9 12:45:20 2002 > > /sbin/ccdconfig > > < 153 -r-sr-xr-x 1 root wheel 201836 Oct 9 12:45:27 2002 > > /sbin/ping > > < 154 -r-sr-xr-x 1 root wheel 202816 Oct 9 12:45:27 2002 > > /sbin/ping6 > > [...] > > > > Looking through the 100.chksetuid script, I am guessing that the security > > script is warning me that the binaries have changed (as a result of the > > source upgrade) and NOT that the permissions have changed or that more > > have been added. Am I correct? I don't have a record or snapshot of the > > permissions on all the binaries listed in the email to verify. > > permissions, owner, group, filesize, date, filename ... anything that's > different between the directory snapshot from the previous run and the > current one. > > It's just a diff between two ls commands, but it's pretty effective for > catching unusual goings on > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message