have i been hacked?
Dan Strick
strick at covad.net
Wed Apr 14 02:33:46 PDT 2004
>>
> ...
> When i got the daily run
> output i noticed the setuid files have changed. Wondering if this box got
> hacked and if so where to look to confirm this?
> ...
>
> Checking setuid files and devices:
> ls: Terminated
> : No such file or directory
>
> guardian.davemehler.net setuid diffs:
> 1,52d0
> < 94240 -r-sr-xr-x 1 root wheel 448384 Jun 4 21:54:47 2003 /bin/rcp
> ...
>>
The "ls" command the security script uses to discover all of the setuid
files on your system failed for some unspecified reason and this caused the
script to think that all the setuid files discovered during the previous
run of this security script had gone away. The next time this script
runs it may well report that these files have reappeared.
This is probably not evidence that your system was hacked.
Dan Strick
strick at covad.net
More information about the freebsd-questions
mailing list