Date: Sun, 23 Sep 2001 09:49:36 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: Kory Hamzeh <kory@avatar.com> Cc: freebsd-questions@freebsd.org Subject: Re: daily security ceck - setuid diffs Message-ID: <20010923094936.H10641@k7.mavetju.org> In-Reply-To: <002101c143bd$24564cc0$14ce21c7@avatar.com>; from kory@avatar.com on Sat, Sep 22, 2001 at 04:20:18PM -0700 References: <002101c143bd$24564cc0$14ce21c7@avatar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 22, 2001 at 04:20:18PM -0700, Kory Hamzeh wrote: > However, the next day in the daily security check e-mail, I receive a bunch > of these warning: > > ns2.avatar.com setuid diffs: > 1,86c1,86 > < 95239 -r-xr-sr-x 1 root operator 56892 Apr 21 02:05:46 2001 /bin/df > < 95252 -r-sr-xr-x 1 root wheel 317400 Apr 21 02:13:35 2001 /bin/rcp > < 269831 -r-xr-sr-x 1 root kmem 62792 Apr 21 02:08:02 2001 > /sbin/ccdconfig If these are the only ones, then you have lost the s-bit on the permissions of these files. If there are however also items like: > 95239 -r-xr-sr-x 1 root operator 56892 Xxx XX xx:xx:xx 2001 /bin/df > 95252 -r-sr-xr-x 1 root wheel 317400 Xxx XX xx:xx:xx 2001 /bin/rcp where Xxx XX xx:xx:xx is the new time, then it's because of the restore which changed the times on the files. Maybe you should compare the md5 checksums of the old file and the new files, but honestly I don't think its something to worry about (based on your story). Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923094936.H10641>